1 / 9

Phishing Rising to the challenge

Phishing Rising to the challenge. Amy Marasco Microsoft. How Phishing attacks work. Branded email message that looks like it comes from a familiar business Request you to login in to your account to validate account details URL that points to fake site, even though the text may look real.

jermaine-douglas
Download Presentation

Phishing Rising to the challenge

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PhishingRising to the challenge Amy Marasco Microsoft

  2. How Phishing attacks work • Branded email message that looks like it comes from a familiar business • Request you to login in to your account to validate account details • URL that points to fake site, even though the text may look real. • Fake site, branded to look just like the real one. • Phishing site takes your username and password and then uses them to defraud you.

  3. Threats to Online Safety • The Internet was built without a way to know who and what you are connecting to • Internet services have one-off “workarounds” • Inadvertently taught people to be phished • Greater use and greater value attract professional international criminal fringe • Exploit weaknesses in patchwork • Phishing and pharming at 1000% CAGR • Missing an “Identity layer” • No simplistic solution is realistic • Most people re-use username and passwords on multiple sites

  4. Phishing & Phraud New Phishing Sites by Month December 2004 – December 2005 7,197 5,259 5,242 4,564 4,630 4,367 4,280 3,326 2,854 2,870 2,625 2,560 1,707 May Jun Jul Apr Aug Mar Sep Feb Oct Jan Nov Dec04 Dec05 Source: http://www.antiphishing.org

  5. Need Layered Defense • Stop users clicking on URL’s in phishing email • Detect phishing sites and when possible prevent users clicking on them • Work with the industry to move away from username and passwords as authentication mechanism

  6. Improvements to Outlook 12 • Improved junk email filters • No longer click on URL’s on emails in the junk email folder

  7. Improvements in IE7 Phishing Filter: comprehensive anti-phishing service • Warns if site exhibits suspicious behavior • Blocks known phishing sites • Instant protection via page scan and online service High Assurance Certs: accountability for secure sites • Much higher bar for granting certificates • Clear identification that site has stronger certificate • Industry-wide initiative

  8. InfoCard • Simple user abstraction for digital identity • For managing collections of claims • For managing keys for sign-in and other uses • Grounded in real-world metaphor of physical cards • Government ID card, driver’s license, credit card, membership card, etc… • Self-issued cards signed by user • Managed cards signed by external authority • Based on series of WS* specifications • Shipping in WinFX • Runs on Windows Vista, XP, and Server 2003 • Implemented as protected subsystem

  9. Summary • This is an industry wide problem which we can only solve together. • We need co-operation of all major sites to implement High Assurance Certificates and InfoCard

More Related