300 likes | 526 Views
Welcome to. Presented By ITS. Phishing (Identify Theft). House Rules. Please turn off all cell phone and pagers Please feel free to ask questions If you need to potty, please raise your hand . Phishing. Pronounced ‘fishing’ AKA – Brand Spoofing. What is Phishing?. Phishing.
E N D
Welcome to Presented By ITS
House Rules • Please turn off all cell phone and pagers • Please feel free to ask questions • If you need to potty, please raise your hand
Phishing • Pronounced ‘fishing’ • AKA – Brand Spoofing
Phishing The act of attempting to fraudulently acquire through deception, sensitive personal information such as passwords and credit card details, by masquerading in an official-looking email, IM, etc. as someone trustworthy with a real need for such information.
Or in layman terms: A fake valid WEB site that asks for financial or personal information.
Statistics for Marchfrom www.antiphishing.org • Number of active phishing sites reported in March: 2870 • Average monthly growth rate in phishing sites: 28 % • Number of brands hijacked by phishing campaigns: 78 • Number of brands comprising the top 80%: 8 • Country hosting the most phishing websites: US • Contain some form of target name in URL: 31 % • No hostname just IP address: 48 % • Percentage of sites not using port 80: 3.89 % • Average time online for site: 5.8 days • Longest time online for site: 31 days MasterCard Shuts Down 1,400 Phishing Sites - May 10, 2005
Recent Examplesfrom www.antiphishing.org • 03-05-05 - eBay - 'UpdateYour Account' • 29-04-05 - Paypal- 'Update Account.' • 27-04-05 - Marshall & Ilsley Bank- 'Security Update!' • 25-04-05 - Citizens Bank - 'Citizens Bank Instant 5 USD reward survey' • 22-04-05 - Ameritrade - 'Ameritrade Online Application' • 21-04-05 - Regions Bank- 'Notification about your Regions online account' • 20-04-05 - Barclays - 'Barclays Verification Service'
Tips to Recognize Phishing • "Verify your account." • " update your credit card information " • "If you don't respond within 48 hours “ • "Dear Valued Customer." • "Click the link below to gain access to your account."
Avoiding Phishing Scams • email or pop-up message that asks for personal or financial information • Don’t email personal or financial information • Review credit card and bank account statements • Use anti-virus software and keep it up to date
Avoiding Phishing Scams • Use a ‘firewall’ on your PC • Don’t open attachments or files from unknown people • Contact the company through a known address or phone number • Suspicious e-mail can be forwarded to spam@uce.gov
Phishing or Not • Dear TFU Student:We attempted to charge your credit card for the monthly tuition and the credit card company was unable to accept the charge. Usually, this is because the student changed their card, address or something else that their computer did not like.Would you be kind enough to call us at 800-222-3366 and give us updated information so we can process the tuition accordingly?Thank you very much!Nancy
“HOOKED” Step 1: Report the incident • Credit card company • Company that was spoofed • Internet Fraud Complaint Center (IFCC) www.ifccfbi.gov • Federal Trade Commission (FTC) www.consumer.gov/idtheft
‘HOOKED” continued… • Attach email and send to: • Anti-Phishing Working Group at reportphishing@antiphishing.org • Federal Trade Commission at spam@uce.gov
“HOOKED” continued… Step 2: Change the passwords on all your accounts • Change as soon as possible • Use different passwords • Don’t use easy to guess passwords • Combination of letters, numbers, and special characters
“HOOKED” continued… Step 3: Routinely review your credit card and bank statements • As soon as they arrive • On-line is even better • Possibly can stop them before they cause significant damage
“HOOKED” continued… Step Four: Report the theft to the three major credit reporting agencies • Experian - 888-397-3742 • Equifax - 800-685-1111 • TransUnion Corp. - 800-888-4213
Victim of Identify Theft • Contact your local police department to file a criminal report • Contact the Social Security Administration’s Fraud Hotline • Notify the Department of Motor Vehicles • Notify the passport office
For Further Information • http://www.consumer.gov/idtheft/ • http://www.identity-theft-help.us/ • http://www.identitytheft.org/ • http://www.usdoj.gov/criminal/fraud/idtheft.html • http://www.ifccfbi.gov/index.asp • http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm
Thank You for Coming Survey and Requests for training Please go to: http://its.truman.edu/techbreak/