1 / 18

Phishing: Trends and Countermeasures

Phishing: Trends and Countermeasures. Blaine Wilson. Phishing. What is Phishing History of Phishing Types of Phishing Examples What can we do. What is Phishing.

giulio
Download Presentation

Phishing: Trends and Countermeasures

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Phishing: Trends and Countermeasures Blaine Wilson

  2. Phishing • What is Phishing • History of Phishing • Types of Phishing • Examples • What can we do

  3. What is Phishing • Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as user names, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication

  4. History of Phishing • First documented in 1987 • First called Phishing in 1996 • Switched to financial institutions in 2001 • 2005, 1.2 million impacted, $929 million • 2006, half done by Russian Business Network • 2007, 3.6 million impacted, $3.2 billion

  5. Targets of Phishing • Phishing • Spear Phishing • Whaling

  6. Types of Phishing • Link manipulation • Phone phishing

  7. Link manipulation • Tampering with the link to fool users • www.greatamercianinsurance.com • www.google.com@badsite.com • Text not matching the link • Using images for links

  8. Phone phishing • Leaving a phone number instead of a website

  9. Examples

  10. What can we do • Law enforcement • Industry • Consumers • us

  11. Law enforcement • Law • CAN-SPAM Act of 2003 • Anti-Phishing Act of 2005 • Enforcement • 2004 Federal Trade Commission files charges • 2005 files 117 federal lawsuits • 2007 – first defendant of CAN-SPAM

  12. Industry • Eliminating phishing emails • Monitoring and takedown of phishing sites • Browsers alerting users to fraudulent websites

  13. Users and Consumers • Training like Anti Phishing Phil • Trains users to look at the URL • TCP/IP addresses • Misspelling

  14. us • Take training ourselves and pay attention • Don’t condition users to click on TCP/IP addresses • Get a consistent domain and suffix • Don’t reduce the security settings of the browser • Personalize the login process • Protect against cross site forgery requests

  15. Questions?

More Related