-The project "Strengthening European Network Centres of Excellence in Cybercrime" (SENTER
project, Reference No HOME/2014/ISFP/AG/7170) is funded by the European Commission under
Internal Security Fund-Police 2014-2020 (ISFP). The main goal of the project is to create a single
point of Reference for EU national Cybercrime Centres of Excellence (CoE) and develop further the
Network of national CoE into well-defined and well-functioning community. More details here: http://www.senter-project.eu/
Learn about the different types of Phishing Attacks; like Content-Injection, and MiTM attack, that can target you and your organization.
To know more about phishing prevention, read our in-depth article "How to Prevent a Phishing Attack? 17 Easy Hacks for Administrators"
https://blog.syscloud.com/phishing-attack/
Content:
What is phishing, history, how it works, statistics, types of phishing, how to identify it, how to take countermeasures, phishing kit, example of phishing attack.
Phishing is one of the oldest tricks in the book of hackers. But as old as it might be, phishing still remains the most lucrative tool for cybercriminals. In this presentation, we will help you understand about phishing and tell you how you can avoid phishing attacks.
Learn about the different types of Phishing Attacks; like Content-Injection, and MiTM attack, that can target you and your organization.
To know more about phishing prevention, read our in-depth article "How to Prevent a Phishing Attack? 17 Easy Hacks for Administrators"
https://blog.syscloud.com/phishing-attack/
Content:
What is phishing, history, how it works, statistics, types of phishing, how to identify it, how to take countermeasures, phishing kit, example of phishing attack.
Phishing is one of the oldest tricks in the book of hackers. But as old as it might be, phishing still remains the most lucrative tool for cybercriminals. In this presentation, we will help you understand about phishing and tell you how you can avoid phishing attacks.
Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanControlScan, Inc.
Phishing is a top organizational security vulnerability because it involves the exploitation of human weakness. This ControlScan National Cyber Security Awareness Month presentation teaches employees how to spot and combat a phishing attack.
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
This presentation contains Introduction of Phishing attack, its types and Various techniques, their impact with real live example, after that its Avoidance, Prevention and Solution. Also it contains brief introduction of SSL and HTTPS with their working.
Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanControlScan, Inc.
Phishing is a top organizational security vulnerability because it involves the exploitation of human weakness. This ControlScan National Cyber Security Awareness Month presentation teaches employees how to spot and combat a phishing attack.
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
This presentation contains Introduction of Phishing attack, its types and Various techniques, their impact with real live example, after that its Avoidance, Prevention and Solution. Also it contains brief introduction of SSL and HTTPS with their working.
Discussing how to deal with frauds occurred in e-banking channels by implementing end-to-end controls (deterrent, preventive, detective, responsive, corrective and recovery), the line of defences as well as deploying numerous anti-fraud strategies.
Phishing is an attack that deals with social engineering system to illegally get and utilize another person's information for the benefit of authentic site for possess advantage (e.g. Take of client's secret word and Visa precise elements during online correspondence). It is influencing all the significant areas of industry step by step with a considerable measure of abuse of client qualifications. To secure clients against phishing, different hostile to phishing procedures have been suggested that takes after various methodologies like customer side and server side insurance. In this paper we have considered phishing in detail (counting assault process and grouping of phishing assault) and investigated a portion of the current sites to phishing strategies alongside their points of interest and disadvantages.
It is contain knowledge about Phishing and how it happen. It also contain knowledge about how we can prevent that. So this slide contain all the basic knowledge about phishing and anti-phishing.
Email phishing: Text classification using natural language processingCSITiaesprime
Phishing is networked theft in which the main motive of phishers is to steal any person’s private information, its financial details like account number, credit card details, login information, payment mode information by creating and developing a fake page or a fake web site, which look completely authentic and genuine. Nowadays email phishing has become a big threat to all, and is increasing day by day. Moreover, detection of phishing emails has been considered an important research issue as phishing emails have been increasing day by day. Various techniques have been introduced and applied to deal with such a big issue. The major objective of this research paper is giving a detailed description on the classification of phishing emails using the natural language processing concepts. Natural language processing (NLP) concepts have been applied for the classification of emails; along with that accuracy rate of various classifiers have been calculated. The paper is presented in four sections. An introduction about phishing its types, its history, statistics, life cycle, motivation for phishers and working of email phishing have been discussed in the first section. The second section covers various technologies of phishing- email phishing and also description of evaluation metrics. An overview of the various proposed solutions and work done by researchers in this field in form of literature review has been presented in the third section. The solution approach and the obtained results have been defined in the fourth section giving a detailed description about NLP concepts and working procedure.
Running head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docxwlynn1
Running head: HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1
How to avoid internet scams at the workplace
Christophe Bassono
CIST3000: Advanced Composition IS&T
Amanda L. Gutierrez, M.S. & M.A.
UNO-Fall 2018
HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 2
Online Fraud: How to Avoid Internet Scams in the Workplace
This section outlines how the researcher envisions presenting the report. The outline
demonstrates the different sections in which the report will be broken into and the
information that will be contained in each section
Introduction
Definition
Online fraud refers to deceitful schemes that are done using the internet. Online fraud may
come in the form of financial theft, identity theft or a combination of both.
History of Online Fraud
An influx of online fraud began to be experienced in the 1990s with the increased technology
use and e-commerce. In the beginning, online fraud was done by using the names of famous
celebrities of the time to commit internet crimes. Over time, more technical and sophisticated
plans were developed such as creating card-generator applications with real credit card
numbers, setting up dummy merchant websites and mass identity theft. Today, despite
attempts by various governments to regulate and mitigate online fraud, more sophisticated
online fraud schemes have been established ranging from credit card fraud to phishing,
hacking, and identity theft (Saeger & Probert, 2015).
In the recent past, computer fraud has evolved through a series of advancements outplaying
the traditional security defenses such as the two-factor authentication, antivirus, and SSL
encryption in the process. Zeus and SpyEye are the most common attack tools used by
hackers since they support the gathering of vast volumes of extremely sensitive
authentication data. It has been established that no single application is immune to attacks
and the malicious attackers are focusing more on online banking accounts because they offer
HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 3
most direct payoff. Online fraud is based on three core technologies: the botnet controllers
capable of handling hundreds of thousands of bots, highly effective data collection, and
sophisticated Trojans that are updateable.
Form grabbing for PCs running IE/Windows has been a simplified approach for fraud. The
technique helps attackers to extract data within browsers. The deployment of form grabbing
on compromised PCs allowed hackers to obtain numerous numbers of online bank account
IDs and passwords. The password-based authentication was termed no longer safe for online
banking prompting the introduction of two-factor authentication (Mellinger, 2011).
Nevertheless, criminals still found the loophole that helps them to challenge the security of
two-factor authentication through web injects. Malicious attackers that promote online fraud
have created various techniques.
Ένα από τα σημαντικότερα ζητήματα της Πληροφόρησης τον 21ο αιώνα είναι η σχέση της με τη Δημοκρατία και την Ηθική. Σκοπός της διάλεξης είναι να εξετάσει ενδελεχώς τη σχέση της Δημοκρατίας και της Ηθικής, από τη μία πλευρά, και της Πληροφόρησης και της Ασφάλειας, από την άλλη, αναλύοντας (μεταξύ άλλων) δύο περιπτωσιολογικές μελέτες, αυτή των WikiLeaks και εκείνη του Edward Snowden. Θα προσπαθήσουμε να απαντήσουμε τα ακόλουθα ερωτήματα: Πρώτον, είναι η Πληροφόρηση συμβατή με τη Δημοκρατία και την Ηθική; Δεύτερον, εάν υπάρχει ένα χάσμα μεταξύ τους, πώς μπορεί αυτό να γεφυρωθεί; Τρίτον, ποια είναι η σχέση των μέσων μαζικής ενημέρωσης και της Πληροφόρησης;
Police body worn cameras-6th Security Project Conference-16 March 2018, AthensNikolaos Georgitsopoulos
Την Παρασκευή 16/03/2018 είχα την τιμή και την χαρά να συμμετέχω στο 6ο Συνέδριο Security Project με θέμα: "Φορητές Κάμερες για τις Αρχές και τις Υπηρεσίες Ασφάλειας (Police Body Worn Cameras): Λογοδοσία, Ευκαιρίες & Κίνδυνοι". Το 6ο Συνέδριο Security Project – που πραγματοποιηθηκε στις 16 & 17 Μαρτίου 2018 στην Αθήνα, στο Wyndham Grand Hotel, από την Smart Press και το περιοδικό Security Manager – αποτελεί την ετήσια κορυφαία συνάντηση των ειδικών και επαγγελματιών στον τομέα της ασφάλειας και ταυτόχρονα το μεγαλύτερο και σημαντικότερο συνεδριακό event για το management, τις υπηρεσίες και τις τεχνολογίες security στην Ελλάδα.
http://www.securityproject.gr/
Summer School “Financial crime, corruption and money laundering: European and international perspectives”
The Research Institute for Transparency, Corruption and Financial Crime of the Faculty of Law - Aristotle University of Thessaloniki held its first summer school, “Financial crime, corruption and money laundering: European and international perspectives”, in Thessaloniki from 5 to 13 July 2017. Seventy nine (79) participants (students, researchers, lawyers and other professionals) from thirteen (13) countries (: Austria, Belgium, Brazil, Czech Republic, Cyprus, Germany, Greece, Italy, Lichtenstein, Netherlands, Poland, Slovenia, United Kingdom) attended the summer school’s courses, which were hosted at the Centre for International and European Economic Law and were taught in English.
The summer school’s sessions opened on Wednesday 5 July 2017. The participants were welcomed by the Institute’s Director M. Kaiafa-Gbandi, as well as the Deputy Rector of the Aristotle University of Thessaloniki, D. Klavanidou, and the Dean of the Law Faculty of the Aristotle University of Thessaloniki, G. Dellios. Distinguished Professors from different European Universities and post-doctoral researchers from the Faculty of Law of the Aristotle University of Thessaloniki taught at the summer school’s courses until 12 July 2017.
http://www.law.auth.gr/en/anti-corruption/5372
Summer School “Financial crime, corruption and money laundering: European and international perspectives”
The Research Institute for Transparency, Corruption and Financial Crime of the Faculty of Law - Aristotle University of Thessaloniki held its first summer school, “Financial crime, corruption and money laundering: European and international perspectives”, in Thessaloniki from 5 to 13 July 2017. Seventy nine (79) participants (students, researchers, lawyers and other professionals) from thirteen (13) countries (: Austria, Belgium, Brazil, Czech Republic, Cyprus, Germany, Greece, Italy, Lichtenstein, Netherlands, Poland, Slovenia, United Kingdom) attended the summer school’s courses, which were hosted at the Centre for International and European Economic Law and were taught in English.
The summer school’s sessions opened on Wednesday 5 July 2017. The participants were welcomed by the Institute’s Director M. Kaiafa-Gbandi, as well as the Deputy Rector of the Aristotle University of Thessaloniki, D. Klavanidou, and the Dean of the Law Faculty of the Aristotle University of Thessaloniki, G. Dellios. Distinguished Professors from different European Universities and post-doctoral researchers from the Faculty of Law of the Aristotle University of Thessaloniki taught at the summer school’s courses until 12 July 2017.
http://www.law.auth.gr/en/anti-corruption/5372
Summer School “Financial crime, corruption and money laundering: European and international perspectives”
The Research Institute for Transparency, Corruption and Financial Crime of the Faculty of Law - Aristotle University of Thessaloniki held its first summer school, “Financial crime, corruption and money laundering: European and international perspectives”, in Thessaloniki from 5 to 13 July 2017. Seventy nine (79) participants (students, researchers, lawyers and other professionals) from thirteen (13) countries (: Austria, Belgium, Brazil, Czech Republic, Cyprus, Germany, Greece, Italy, Lichtenstein, Netherlands, Poland, Slovenia, United Kingdom) attended the summer school’s courses, which were hosted at the Centre for International and European Economic Law and were taught in English.
The summer school’s sessions opened on Wednesday 5 July 2017. The participants were welcomed by the Institute’s Director M. Kaiafa-Gbandi, as well as the Deputy Rector of the Aristotle University of Thessaloniki, D. Klavanidou, and the Dean of the Law Faculty of the Aristotle University of Thessaloniki, G. Dellios. Distinguished Professors from different European Universities and post-doctoral researchers from the Faculty of Law of the Aristotle University of Thessaloniki taught at the summer school’s courses until 12 July 2017.
http://www.law.auth.gr/en/anti-corruption/5372
Summer School “The EU area of freedom, security and justice”, July 1-3, 2017
Jean Monnet Centre of Excellence, University of Macedonia, Thessaloniki, Greece
The Jean Monnet Centre of Excellence, in collaboration with the Jean Monnet Chair of the Democritus University of Thrace organize a summer school entitled “The EU area of freedom, security and justice”, that will take place in July 1-3, at the Conference Room of the University of Macedonia.
Summer School “The EU area of freedom, security and justice”, July 1-3, 2017
Jean Monnet Centre of Excellence, University of Macedonia, Thessaloniki, Greece
The Jean Monnet Centre of Excellence, in collaboration with the Jean Monnet Chair of the Democritus University of Thrace organize a summer school entitled “The EU area of freedom, security and justice”, that will take place in July 1-3, at the Conference Room of the University of Macedonia.
Summer School “The EU area of freedom, security and justice”, July 1-3, 2017
Jean Monnet Centre of Excellence, University of Macedonia, Thessaloniki, Greece
The Jean Monnet Centre of Excellence, in collaboration with the Jean Monnet Chair of the Democritus University of Thrace organize a summer school entitled “The EU area of freedom, security and justice”, that will take place in July 1-3, at the Conference Room of the University of Macedonia.
Summer School “The EU area of freedom, security and justice”, July 1-3, 2017
Jean Monnet Centre of Excellence, University of Macedonia, Thessaloniki, Greece
The Jean Monnet Centre of Excellence, in collaboration with the Jean Monnet Chair of the Democritus University of Thrace organize a summer school entitled “The EU area of freedom, security and justice”, that will take place in July 1-3, at the Conference Room of the University of Macedonia.
Summer School “The EU area of freedom, security and justice”, July 1-3, 2017
Jean Monnet Centre of Excellence, University of Macedonia, Thessaloniki, Greece
The Jean Monnet Centre of Excellence, in collaboration with the Jean Monnet Chair of the Democritus University of Thrace organize a summer school entitled “The EU area of freedom, security and justice”, that will take place in July 1-3, at the Conference Room of the University of Macedonia.
Summer School “The EU area of freedom, security and justice”, July 1-3, 2017
Jean Monnet Centre of Excellence, University of Macedonia, Thessaloniki, Greece
The Jean Monnet Centre of Excellence, in collaboration with the Jean Monnet Chair of the Democritus University of Thrace organize a summer school entitled “The EU area of freedom, security and justice”, that will take place in July 1-3, at the Conference Room of the University of Macedonia.
Summer School “The EU area of freedom, security and justice”, July 1-3, 2017
Jean Monnet Centre of Excellence, University of Macedonia, Thessaloniki, Greece
The Jean Monnet Centre of Excellence, in collaboration with the Jean Monnet Chair of the Democritus University of Thrace organize a summer school entitled “The EU area of freedom, security and justice”, that will take place in July 1-3, at the Conference Room of the University of Macedonia.
Summer School “The EU area of freedom, security, and justice”, July 1-3, 2017
Jean Monnet Centre of Excellence, University of Macedonia, Thessaloniki, Greece
The Jean Monnet Centre of Excellence, in collaboration with the Jean Monnet Chair of the Democritus University of Thrace organize a summer school entitled “The EU area of freedom, security and justice”, that will take place in July 1-3, at the Conference Room of the University of Macedonia.
Παρουσιάζοντας την βιβλιογραφική εργασία μου με θέμα "Αστυνομικές φορητές κάμερες: Λογοδοσία, Ευκαιρίες & Κίνδυνοι" στο πλαίσιο του World Academic Expo (#WAVE) στις 26 Νοεμβρίου 2017 στο Μέγαρο Μουσικής Θεσσαλονίκης!
----
Presenting my research on "Police Body Worn Cameras: Accountability, Opportunities and risks" at the World Academic Expo (#WAVE) at the Thessaloniki Concert Hall!
This presentation is part of my scientific work (written in the Greek language) and presented at the WAVE scientific conference in Thessaloniki on November 26, 2017. More about the conference can be found here:http://wave.afixis.org
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
# Internet Security: Safeguarding Your Digital World
In the contemporary digital age, the internet is a cornerstone of our daily lives. It connects us to vast amounts of information, provides platforms for communication, enables commerce, and offers endless entertainment. However, with these conveniences come significant security challenges. Internet security is essential to protect our digital identities, sensitive data, and overall online experience. This comprehensive guide explores the multifaceted world of internet security, providing insights into its importance, common threats, and effective strategies to safeguard your digital world.
## Understanding Internet Security
Internet security encompasses the measures and protocols used to protect information, devices, and networks from unauthorized access, attacks, and damage. It involves a wide range of practices designed to safeguard data confidentiality, integrity, and availability. Effective internet security is crucial for individuals, businesses, and governments alike, as cyber threats continue to evolve in complexity and scale.
### Key Components of Internet Security
1. **Confidentiality**: Ensuring that information is accessible only to those authorized to access it.
2. **Integrity**: Protecting information from being altered or tampered with by unauthorized parties.
3. **Availability**: Ensuring that authorized users have reliable access to information and resources when needed.
## Common Internet Security Threats
Cyber threats are numerous and constantly evolving. Understanding these threats is the first step in protecting against them. Some of the most common internet security threats include:
### Malware
Malware, or malicious software, is designed to harm, exploit, or otherwise compromise a device, network, or service. Common types of malware include:
- **Viruses**: Programs that attach themselves to legitimate software and replicate, spreading to other programs and files.
- **Worms**: Standalone malware that replicates itself to spread to other computers.
- **Trojan Horses**: Malicious software disguised as legitimate software.
- **Ransomware**: Malware that encrypts a user's files and demands a ransom for the decryption key.
- **Spyware**: Software that secretly monitors and collects user information.
### Phishing
Phishing is a social engineering attack that aims to steal sensitive information such as usernames, passwords, and credit card details. Attackers often masquerade as trusted entities in email or other communication channels, tricking victims into providing their information.
### Man-in-the-Middle (MitM) Attacks
MitM attacks occur when an attacker intercepts and potentially alters communication between two parties without their knowledge. This can lead to the unauthorized acquisition of sensitive information.
### Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
1. SENTER Project
HELLENIC POLICE LIEUTENANT’S SCHOOL
Presentation of Phishing
Police Lieutenant Trainee
Nikolaos Georgitsopoulos
Hellenic Police Lieutenant’s School
Greece
Athens, 03 November 2017
Seminar Work for the Module “Internet Technologies”
2. 2
Presentation of Phishing: Athens, 03 November 2017
Contents
1. Theoretical Part
a) Cybercrime
b) What is Phishing?
c) Phishing Types
d) Phishing and Online Banking Fraud
e) Spear Phishing
f) Technical measures (browser technologies, security software, etc.)
available to detect phishing attempts
2. Practical Part
a) Phishing simulation program
b) The Phishing Campaign
c) General guidelines for employees in order to avoid phishing
3. 3
Cybercrime
1. Cybercrime consists of criminal acts that are committed
online by using electronic communications networks
and information systems.
2. It is a borderless problem that can be classified in three
broad definitions:
Crimes specific to the Internet, such as attacks
against information systems (like phishing etc).
Online fraud and forgery.
Illegal online content.
Presentation of Phishing: Athens, 03 November 2017
4. 4
Types of cybercrime (a)
• Illegal computer hacking and cracking;
• Developing and/or spreading malicious code;
• Spamming;
• Ddos attacks;
• Network intrusion;
• Software piracy;
Presentation of Phishing: Athens, 03 November 2017
5. 5
Types of cybercrime (b)
• Network-based or network-enabled crimes (such as
phishing);
• Intellectual property rights (IPR) crimes;
• Distribution of child sexual abuse imagery;
• Grooming of children for sexual purposes
• Phreaking;
• Conditional access piracy.
Presentation of Phishing: Athens, 03 November 2017
6. 6
What is Phishing? (a)
• Phishing is a form of Cybercrime.
• Phishing is the attempt to obtain sensitive information
such as usernames, passwords, and credit card details
(and, indirectly, money), often for malicious reasons, by
disguising as a trustworthy entity in an electronic
communication.
• Phishing is the process of enticing people into visiting
fraudulent websites and persuading them to enter
identity information such as usernames, passwords etc.
Presentation of Phishing: Athens, 03 November 2017
7. 7
What is Phishing? (b)
• Phishing, the act of stealing personal information via the
internet for the purpose of committing financial fraud.
• Rely on unsolicited communications by email, SMS or
telephone.
• The attacker purports to represent a third reliable party.
• An attempt to convince the victim to divulge sensitive
information, such as login credentials or payment details.
Presentation of Phishing: Athens, 03 November 2017
8. 8
Short History of Phishing (a)
• Originated sometime around the year 1995.
• Phreaks and hackers have always been closely linked.
The “ph” spelling was used to link phishing scams with
these underground communities.
• Through the America Online (AOL) in 1996, instant
messenger and email systems, they would send
messages to users while posing as AOL employees.
Presentation of Phishing: Athens, 03 November 2017
9. 9
Short History of Phishing (b)
• In late 2003, phishers registered dozens of domains that
looked like legitimate sites like eBay and PayPal if you
weren't paying attention.
• They used email worm programs to send out spoofed
emails to PayPal customers.
• By the beginning of 2004, phishers were riding a huge
wave of success that included attacks on banking sites
and their customers.
• Popup windows were used to acquire sensitive
information from victims.
Presentation of Phishing: Athens, 03 November 2017
11. 11
Phishing and Online Banking Fraud (a)
• Bank customers are popular targets of those who
engage in phishing attacks.
• Sending out thousands of spoof emails.
• Criminals impersonate bank websites in order to get
unsuspecting users to provide their login credentials.
• At the first glance the fraudulent email looks reliable
regarding its sender, form, and content and is thus
almost indistinguishable from a real one.
Presentation of Phishing: Athens, 03 November 2017
12. 12
Phishing and Online Banking Fraud (b)
• After that the faked website asks for personal data or
access information from the user that is then used for
fraudulent transactions.
• The cybercriminal now has all the necessary information
to steal the victim’s identity and have access to the bank
account.
• The phishers use the information they've gathered to
make illegal purchases or otherwise commit fraud.
Presentation of Phishing: Athens, 03 November 2017
13. 13
The flow of information in a phishing attack
Presentation of Phishing: Athens, 03 November 2017
14. 14
Examples of malware used to conduct bank
phishing scams
1. Bancos (2003) also identified as banker by some anti-
virus companies.
2. Targeted Brazilian banks.
3. Bancos monitored internet explorer for specific bank
urls and attempts to capture account information.
4. Overlay certain banking web pages with a fake one that
captures the information directly from a user.
Presentation of Phishing: Athens, 03 November 2017
15. 15
Spear Phishing (a)
• Spear phishing is a much more targeted attack.
• The hacker knows which specific individual or
organization they are after.
• Research on the target in order to make the attack more
personalized.
• Spear-phishing attacks are much more targeted and
involve duping particular individuals within a specific
organization.
Presentation of Phishing: Athens, 03 November 2017
16. 16
Spear Phishing (b)
• They send customized, credible emails that appear to
come from a trusted source.
• Enhancing their authenticity and legitimacy.
• Increasing the probability of the individual complying with
their request.
• The recipient of the e-mail needs to be convinced.
• The hacker will gain remote access or log their
keystrokes and ultimately gain access to their PCs.
Presentation of Phishing: Athens, 03 November 2017
17. 17
An example of Spear Phishing: The CEO Fraud (a)
• Target business companies and their employees trying to
gain financial profit or intelligence profit by compromising
business secrets or other information.
• CEO fraud involves tricking someone into making a large
wire transfer into what turns out to be a bogus account.
• On a few occasions, however, checks are used instead
of wire transfers.
Presentation of Phishing: Athens, 03 November 2017
19. 19
1. A fraudster calls posing as a high ranking figure of the company (e.g.
CEO or CFO). He appears to be the CEO or the CFO (Chief Financial
Office).
2. That executive then requires from the employee an urgent transfer of
funds confidential.
3. The fraudster invokes that this is a sensitive situation.
4. The fraudster pressures the employee not to follow the regular
authorization procedures and bypass the security checks.
5. The fraudster gives the proper instructions to the employee on how to
proceed.
6. The final step is the employee to transfer the funds to an account
controlled by the fraudster.
7. The money is re-transferred to accounts in multiple jurisdictions.
Presentation of Phishing: Athens, 03 November 2017
An example of Spear Phishing: The CEO Fraud (c)
20. 20
Technical measures (browser technologies,
security software, etc.) available to detect phishing
attempts (a)
• Anti-phishing software consists of computer programs that
attempt to identify phishing content contained in websites and
e-mail or block users from being tricked.
• Web browsers comes with built-in anti-phishing and anti-
malware protection services.
• Password managers can also be used to help defend against
phishing and protect sensitive data.
• Filtering: anti-spam filters may be configured to identify specific
known phishing messages and prevent them from reaching a
user.
Presentation of Phishing: Athens, 03 November 2017
21. 21
Technical measures (browser technologies,
security software, etc.) available to detect phishing
attempts (b)
• Authentication: determine whether the IP address of a
transmitting mail transfer agent is authorized to send a
message from the sender’s domain.
• Signing: Cryptographic signing of email
• Outgoing data monitoring: A browser plug-in such as a
toolbar can store hashes of confidential information, and
monitor outgoing information to detect confidential information
being transmitted.
• Data destination blacklisting: block data transmissions to
specific IP addresses known to be associated with phishers.
Presentation of Phishing: Athens, 03 November 2017
22. 22
LUCY: A Phishing Simulation Program (a)
• A customizable awareness program used by information
security professionals in higher education and private
industry.
• An effective training program.
• Allows organizations to simulate phishing e-mails.
• Help identify which end users are more susceptible to
such targeted e-mail attacks.
• Engage in more focused training opportunities to help
users recognize phishing attempts.
Presentation of Phishing: Athens, 03 November 2017
23. 23
LUCY: A Phishing Simulation Program (b)
Presentation of Phishing: Athens, 03 November 2017
• Installed LUCY server through the virtual box
• The server provides you with an IP address
and a username and also a password.
24. 24
LUCY: A Phishing Simulation Program (c)
• The user needs to enter to Lucy login environment with
the previous credentials.
Presentation of Phishing: Athens, 03 November 2017
25. 25
LUCY: A Phishing Simulation Program (d)
Presentation of Phishing: Athens, 03 November 2017
Created a new phishing campaign. Two templates:
1. The first one was about a phishing e-mail coming
from MasterCard.
2. The second one was informing the user that he had
an encrypted message and he had to use his
Microsoft account credentials.
26. 26
LUCY: A Phishing Simulation Program (e)
Add the recipients of the e-mails. I used all my functional e-
mail accounts.
Presentation of Phishing: Athens, 03 November 2017
27. 27
LUCY: A Phishing Simulation Program (f)
Launch my phishing attack
Presentation of Phishing: Athens, 03 November 2017
28. 28
LUCY: A Phishing Simulation Program (g)
Checked my e-mails. Only in one of my four mail accounts I
received the e-mail messages.
Presentation of Phishing: Athens, 03 November 2017
29. 29
LUCY: A Phishing Simulation Program (h)
Presentation of Phishing: Athens, 03 November 2017
30. 30
LUCY: A Phishing Simulation Program (j)
The second mail was about a MasterCard service and
asked from the user to change his password because there
was a previous suspicious attempt.
Presentation of Phishing: Athens, 03 November 2017
31. 31
LUCY: A Phishing Simulation Program (k)
Presentation of Phishing: Athens, 03 November 2017
32. 32
LUCY: A Phishing Simulation Program (j)
In conclusion the simulated phishing attack was partially
successful because only two of the eight mails were
delivered to the final recipients. The license doesn’t allow to
see the collected data from this phishing attack.
Presentation of Phishing: Athens, 03 November 2017
33. 33
General guidelines for employees in order to avoid
phishing, fraud scam and social engineering
1. Be AWARE of the risks and spread the information
2. Be careful when using social media
3. Avoid sharing sensitive information
4. Never open suspicious links or attachments received by e-mail
5. If you receive a call/email alerting you of a security breach, do not provide
information right away or proceed with a transfer
6. Consult a colleague even if you were asked to use discretion.
7. Assigning responsibility
8. If a supplier informs you of a change in payment details, always contact him
to confirm the new information
9. Strictly apply the security procedures in place for payments and
procurement
10. Always contact the police in case of fraud attempts
Presentation of Phishing: Athens, 03 November 2017
34. 34
Conclusion
1. Phishing is a highly profitable activity for cybercriminals.
2. Phishing and its specific forms such as the spear
phishing reveal that internet users may be vulnerable if
they are not properly trained and do not know the
immense dangers.
3. No single technology will completely stop phishing.
4. Good organization and practices, awareness training,
proper application of current technologies, and
improvements in security technology has the potential to
drastically reduce the prevalence of phishing.
Presentation of Phishing: Athens, 03 November 2017
35. Thank you for your attention!
Hellenic Police Lieutenants’ School
Address: Thrakomakedonon Av. 101, PO 13679 – Acharnes, Attiki - Greece
Tel: +30 210-2424296, Fax : +30 210-2460964,
E-mail: saea.policeacademy@hellenicpolice.gr, Website: www.hellenicpolice.gr
Editor's Notes
Good Moring. My name is Nikolaos Georgitsopoulos. For today the topic of my presentation will be Phishing.
First we gonna see:
This working paper presents phishing and its various forms. The work is divided into two parts. A theoretical one and second a practical one. The theoretical part presents all theoretical elements such as what phishing is, a brief history of it, how phishing works and some examples. After that it explained is a more specific form of phishing (spear) and analyzing it. The reader can then find information on technical measures in how to address this phenomenon.
The practical part introduces the creation of a simulated phishing campaign through a dedicated software. The recipients of this simulated attack were identified and then designed for how to perform. Through a LUCY platform, we have been able to create such a campaign so that its users can assess the risks and threats that may be of interest to them in each branch of activity.
In the bibliography there is not an agreed definition of cybercrime, the terms "cybercrime", "computer crime", "computer-related crime" or "high-tech crime" are often used interchangeably. In general, “cybercrime” is understood as "criminal acts committed using electronic communications networks and information systems or against such networks and systems", (Council of Europe, 2001).
Cybercrime consists of criminal acts that are committed online by using electronic communications networks and information systems. It is a borderless problem that can be classified in three broad definitions, (European Commission, 2017):
Crimes specific to the Internet, such as attacks against information systems or phishing (e.g. fake bank websites to solicit passwords enabling access to victims' bank accounts).
Online fraud and forgery. Large-scale fraud can be committed online through instruments such as identity theft, phishing, spam and malicious code.
Illegal online content, including child sexual abuse material, incitement to racial hatred, incitement to terrorist acts and glorification of violence, terrorism, racism and xenophobia.
illegal computer hacking and cracking (the unauthorised access of computers, sometimes exploiting flaws in the system itself);
developing and/or spreading malicious code (such as viruses and Trojans which do damage to computer operating systems or are used in other ways to commit cybercrimes or conventional crimes);
spamming (sending out multiple emails, usually through a set of infected computers called a 'Botnet');
DDoS attacks ('Distributed Denial of Service’, a way of flooding a server with multiple requests that might then bring the website down);
network intrusion (breaking into computer networks, often using hacking techniques and usually to steal information, sow viruses or attempt blackmail);
software piracy (stealing commercial software);
network-based or network-enabled crimes (such as phishing – an attempt to 'con' people through unsolicited emails – and identity theft),
Intellectual Property Rights (IPR) crimes (for example illegal file-sharing of copyright-protected music and video, stealing confidential commercial information);
distribution of child sexual abuse imagery;
grooming of children for sexual purposes, e.g. through social network sites;
phreaking (unauthorised use of telephone systems either to make free calls or increasingly as a form of anonymity for organised crime);
conditional access piracy (for example the illegal decryption of satellite TV signals).
In this chapter we are going to focus on definitions about phishing.
According to a definition…
Although the practice originated sometime around the year 1995, these types of scams were not commonly known by everyday people until nearly ten years later.
There is also a good reason for the use of “ph” in place of the “f” in the spelling of the term. Some of the earliest hackers were known as phreaks. Phreaking refers to the exploration, experimenting and study of telecommunication systems. Phreaks and hackers have always been closely linked. The “ph” spelling was used to link phishing scams with these underground communities.
Back when America Online (AOL) in 1996 was the number-one provider of Internet access, millions of people logged on to the service each day. Its popularity made it a natural choice for those who had less than pure motives. From the beginning, hackers and those who traded pirated software used the service to communicate with one another. This community was referred to as the warez community. It was this community that eventually made the first moves to conduct phishing attacks,
Spear phishing Is an email-spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information.
Clone phishing is a type of phishing attack whereby a legitimate, and previously delivered, email containing an attachment or link has had its content and recipient address(es) taken and used to create an almost identical or cloned email.
Most methods of phishing use some form of technical deception designed to make a link in an email (and the spoofed website it leads to) appear to belong to the spoofed organization.
Phishers have even started using images instead of text to make it harder for anti-phishing filters to detect text commonly used in phishing emails.
Website forgery: the link to the website is crafted to carry out the attack, making it very difficult to spot without specialist knowledge.
Malvertising is malicious advertising that contains active scripts designed to download malware or force unwanted content onto your computer.
Covert redirect is a subtle method to perform phishing attacks that makes links appear legitimate, but actually redirect a victim to an attacker's website.
According to Emigh, (2005) the simplified flow of information in a phishing attack is:
A deceptive message is sent from the phisher to the user.
A user provides confidential information to a phishing server (normally after some interaction with the server).
The phisher obtains the confidential information from the server.
The confidential information is used to impersonate the user.
The phisher obtains illicit monetary gain.
Cybercriminals make their research and they target business companies and their employees trying to gain financial profit or intelligence profit by compromising business secrets or other information.
CEO fraud is another name for this scam and it usually involves tricking someone into making a large wire transfer into what turns out to be a bogus account
On a few occasions, however, checks are used instead of wire transfers
Two main modi operandi dominated on European law enforcement cases was, (Europol, 2017):
1. CEO (Chief Executive Office) fraud and
2. Mandate fraud
Step 1: A fraudster calls posing as a high ranking figure of the company (e.g. CEO or CFO). He appears to be the CEO or the CFO (Chief Financial Office). This is a typical example of vishing.
Step 2: That executive then requires from the employee an urgent transfer of funds. Additionally this transfer must be absolute confidential.
Step 3: The fraudster invokes that this is a sensitive situation (e.g. tax control; merger; acquisition etc).
Step 4: The fraudster pressures the employee not to follow the regular authorization procedures and bypass the security checks.
Step 5: The fraudster gives the proper instructions to the employee on how to proceed. Instructions might also be given later by a third-person or via e-mail.
Step 6: The final step is the employee to transfer the funds to an account controlled by the fraudster. The money is re-transferred to accounts in multiple jurisdictions.
Step 1: A fraudster calls posing as a high ranking figure of the company (e.g. CEO or CFO). He appears to be the CEO or the CFO (Chief Financial Office). This is a typical example of vishing.
Step 2: That executive then requires from the employee an urgent transfer of funds. Additionally this transfer must be absolute confidentiality.
Step 3: The fraudster invokes that this is a sensitive situation (e.g. tax control; merger; acquisition etc).
Step 4: The fraudster pressures the employee not to follow the regular authorization procedures and bypass the security checks.
Step 5: The fraudster gives the proper instructions to the employee on how to proceed. Instructions might also be given later by a third-person or via e-mail.
Step 6: The final step is the employee to transfer the funds to an account controlled by the fraudster. The money is re-transferred to accounts in multiple jurisdictions.
Vishing: Phishing through VOIP and Telephone.
Be AWARE of the risks and spread the information within your company.
Be careful when using social media: by sharing information on your workplace and responsibilities you increase the risks of becoming a target.
Avoid sharing sensitive information on the company’s hierarchy, security or procedures.
Never open suspicious links or attachments received by e-mail. Be particularly careful when checking your personal mail boxes on the company’s computers.
Always carefully check e-mail addresses when dealing with sensitive information/money transfers. Fraudsters often use copycat e-mails where only one character differs from the original.
If you receive a suspicious e-mail or call, always inform your IT department; they are the ones in charge of such issues. They can check the content of suspicious mail and block the sender if necessary.
In case of doubt on a transfer order, always consult a colleague even if you were asked to use discretion.
If you receive a call/email alerting you of a security breach, do not provide information right away or proceed with a transfer. Always start by calling the person back using a phone number found in your own records or on the official website of the company; do not use the number provided to you in the mail or by the caller. If you were contacted by phone, call back using another phone (fraudsters use technology to remain online after you hang up).
In case of doubt on a transfer order, always consult a colleague even if you were asked to use discretion.
Consider assigning responsibility to an employee whom others can consult in case of doubt.
If a supplier informs you of a change in payment details, always contact him to confirm the new information. Keep in mind that the e-mail/phone number provided on the invoice might have been modified.
Strictly apply the security procedures in place for payments and procurement. Do not skip any steps and do not give in to pressure.
Always contact the police in case of fraud attempts, even if you did not fall victim to the scam.
Phishing is a highly profitable activity for cybercriminals.
Phishing and its specific forms such as the spear phishing reveal that internet users may be vulnerable if they are not properly trained and do not know the immense dangers.
No single technology will completely stop phishing.
Good organization and practices, awareness training, proper application of current technologies, and improvements in security technology has the potential to drastically reduce the prevalence of phishing.