IntroPhishing.ppt.dengab menggunakan bahasa Inggris
tuyah2889
12 views
14 slides
Jul 23, 2024
Slide 1 of 14
1
2
3
4
5
6
7
8
9
10
11
12
13
14
About This Presentation
Ppt tentang phishing dengn bahasa inggris
Slide Content
Phishing, Spoofing,
Spamming and Security
How To Protect Yourself
Additional Credits: Educause/SonicWall, Hendra Harianto Tuty, Microsoft Corporation, some images from Anti-
Phishing Workgroup’s Phishing Archive,Carnegie Mellon CyLab
Dr. Harold L. “Bud” Cothern
Spamming and Security
How To Protect Yourself
Additional Credits: Educause/SonicWall, Hendra Harianto Tuty, Microsoft Corporation, some images from Anti-
Phishing Workgroup’s Phishing Archive,Carnegie Mellon CyLab
Dr. Harold L. “Bud” Cothern
Recognize Phishing Scams and Fraudulent E-mails
•Phishingis a type of deception designed to steal
your valuable personal data, such as credit card
numbers, passwords, account data, or other
information.
•Con artists might send millions of fraudulent e-mail
messages that appear to come from Web sites you
trust, like your bank or credit card company, and
request that you provide personal information.
•Phishingis a type of deception designed to steal
your valuable personal data, such as credit card
numbers, passwords, account data, or other
information.
•Con artists might send millions of fraudulent e-mail
messages that appear to come from Web sites you
trust, like your bank or credit card company, and
request that you provide personal information.
Phreaking+ Fishing= Phishing
-Phreaking= making phone calls for free back in 70’s
-Fishing= Use bait to lure the target
Phishingin 1995
Target: AOL users
Purpose: getting account passwords for free time
Threat level: low
Techniques: Similar names ( www.ao1.comfor www.aol.com), social
engineering
Phishingin 2001
Target: Ebayers and major banks
Purpose: getting credit card numbers, accounts
Threat level: medium
Techniques: Same in 1995, keylogger
Phishingin 2007
Target: Paypal, banks, ebay
Purpose: bank accounts
Threat level: high
Techniques: browser vulnerabilities, link obfuscation
History of Phishing
-Phreaking= making phone calls for free back in 70’s
-Fishing= Use bait to lure the target
Phishingin 1995
Target: AOL users
Purpose: getting account passwords for free time
Threat level: low
Techniques: Similar names ( www.ao1.comfor www.aol.com), social
engineering
Phishingin 2001
Target: Ebayers and major banks
Purpose: getting credit card numbers, accounts
Threat level: medium
Techniques: Same in 1995, keylogger
Phishingin 2007
Target: Paypal, banks, ebay
Purpose: bank accounts
Threat level: high
Techniques: browser vulnerabilities, link obfuscation
History of Phishing
•2,000,000 emails are sent
•5% get to the end user –100,000 (APWG)
•5% click on the phishing link –5,000 (APWG)
•2% enter data into the phishing site –100 (Gartner)
•$1,200 from each person who enters data (FTC)
•Potential reward: $120,000
A bad day phishin’, beats a good day workin’
In 2005 David Levi made over $360,000 from 160
people using an eBay Phishing scam
•5% get to the end user –100,000 (APWG)
•5% click on the phishing link –5,000 (APWG)
•2% enter data into the phishing site –100 (Gartner)
•$1,200 from each person who enters data (FTC)
•Potential reward: $120,000
A bad day phishin’, beats a good day workin’
In 2005 David Levi made over $360,000 from 160
people using an eBay Phishing scam
•Over 28,000 unique phishing attacks reported in Dec.
2006, about double the number from 2005
•Estimates suggest phishing affected 2 million US
citizens and cost businesses billions of dollars in
2005
•Additional losses due to consumer fears
Phishing: A Growing Problem
2006, about double the number from 2005
•Estimates suggest phishing affected 2 million US
citizens and cost businesses billions of dollars in
2005
•Additional losses due to consumer fears
Phishing: A Growing Problem
What Does a Phishing Scam Look Like?
•As scam artists become more sophisticated, so
do their phishinge-mail messages and pop-up
windows.
•They often include official-looking logos from real
organizations and other identifying information
taken directly from legitimate Web sites.
•As scam artists become more sophisticated, so
do their phishinge-mail messages and pop-up
windows.
•They often include official-looking logos from real
organizations and other identifying information
taken directly from legitimate Web sites.
•Employ visual elements from target site
•DNS Tricks:
–www.ebay.com.kr
–[email protected]
–www.gooogle.com
–Unicode attacks
•JavaScript Attacks
–Spoofed SSL lock
•Certificates
–Phishers can acquire certificates for domains
they own
–Certificate authorities make mistakes
Current Phishing Techniques
•DNS Tricks:
–www.ebay.com.kr
–[email protected]
–www.gooogle.com
–Unicode attacks
•JavaScript Attacks
–Spoofed SSL lock
•Certificates
–Phishers can acquire certificates for domains
they own
–Certificate authorities make mistakes
Current Phishing Techniques
•Socially aware attacks
Mine social relationships from public data
Phishingemail appears to arrive from someone known to the victim
Use spoofed identity of trusted organization to gain trust
Urge victims to update or validate their account
Threaten to terminate the account if the victims not reply
Use gift or bonus as a bait
Security promises
•Context-aware attacks
“Your bid on eBay has won!”
“The books on your Amazon wish list are on sale!”
Spear-Phishing: Improved Target Selection
Mine social relationships from public data
Phishingemail appears to arrive from someone known to the victim
Use spoofed identity of trusted organization to gain trust
Urge victims to update or validate their account
Threaten to terminate the account if the victims not reply
Use gift or bonus as a bait
Security promises
•Context-aware attacks
“Your bid on eBay has won!”
“The books on your Amazon wish list are on sale!”
Spear-Phishing: Improved Target Selection
Another Example:
But wait…
WHOIS 210.104.211.21:
Location: Korea, Republic Of
Even bigger problem:
I don’t have an account with US Bank!
Images from Anti-Phishing Working Group’s Phishing Archive
WHOIS 210.104.211.21:
Location: Korea, Republic Of
Even bigger problem:
I don’t have an account with US Bank!
Images from Anti-Phishing Working Group’s Phishing Archive
Here are a few phrases to look for if you think an e-mail message is a
phishingscam.
•"Verify your account." Businesses should not ask you to send
passwords, login names, Social Security numbers, or other personal
information through e-mail. If you receive an e-mail from anyone asking
you to update your credit card information, do not respond: this is a
phishingscam.
•"If you don't respond within 48 hours, your account will be
closed." These messages convey a sense of urgency so that you'll
respond immediately without thinking.
How To Tell If An E-mail Message is Fraudulent
phishingscam.
•"Verify your account." Businesses should not ask you to send
passwords, login names, Social Security numbers, or other personal
information through e-mail. If you receive an e-mail from anyone asking
you to update your credit card information, do not respond: this is a
phishingscam.
•"If you don't respond within 48 hours, your account will be
closed." These messages convey a sense of urgency so that you'll
respond immediately without thinking.
How To Tell If An E-mail Message is Fraudulent
How To Tell If An E-mail Message is Fraudulent (cont’d)
•"Dear Valued Customer." Phishinge-mail messages are
usually sent out in bulk and often do not contain your first or
last name.
•"Click the link below to gain access to your
account." HTML-formatted messages can contain links or
forms that you can fill out just as you'd fill out a form on a Web
site. The links that you are urged to click may contain all or
part of a real company's name and are usually "masked,"
meaning that the link you see does not take you to that address
but somewhere different, usually a phony Web site.
•Resting the mouse pointer on the link reveals the real Web
address. The string of cryptic numbers looks nothing like the
company's Web address, which is a suspicious sign.
•"Dear Valued Customer." Phishinge-mail messages are
usually sent out in bulk and often do not contain your first or
last name.
•"Click the link below to gain access to your
account." HTML-formatted messages can contain links or
forms that you can fill out just as you'd fill out a form on a Web
site. The links that you are urged to click may contain all or
part of a real company's name and are usually "masked,"
meaning that the link you see does not take you to that address
but somewhere different, usually a phony Web site.
•Resting the mouse pointer on the link reveals the real Web
address. The string of cryptic numbers looks nothing like the
company's Web address, which is a suspicious sign.
Con artistsalso use Uniform Resource Locators (URLs)
that resemble the name of a well-known company but are
slightly altered by adding, omitting, or transposing letters.
For example, the URL "www.microsoft.com" could appear
instead as:
www.micosoft.com
www.mircosoft.com
www.verify-microsoft.com
How To Tell If An E-mail Message is Fraudulent (cont’d)
that resemble the name of a well-known company but are
slightly altered by adding, omitting, or transposing letters.
For example, the URL "www.microsoft.com" could appear
instead as:
www.micosoft.com
www.mircosoft.com
www.verify-microsoft.com
How To Tell If An E-mail Message is Fraudulent (cont’d)
•Never respond to an email asking for personal information
•Always check the site to see if it is secure. Call the phone
number if necessary
•Never click on the link on the email. Retype the address in a
new window
•Keep your browser updated
•Keep antivirus definitions updated
•Use a firewall
P.S: Always shred your home documents before discarding them.
•Always check the site to see if it is secure. Call the phone
number if necessary
•Never click on the link on the email. Retype the address in a
new window
•Keep your browser updated
•Keep antivirus definitions updated
•Use a firewall
P.S: Always shred your home documents before discarding them.
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 12
- Slides 14
- Age 511 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
41 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
45 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
40 views
14
Fertility awareness methods for women in the society
Isaiah47
38 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
37 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
39 views