1 / 13

Don’t Be “Phooled” By Phishing

Don’t Be “Phooled” By Phishing. Federal Trade Commission National Consumers League Microsoft Corporation March 31, 2005. Susan Grant Director, National Consumer League’s National Fraud Information Center and Internet Fraud Watch Program. Phishing Statistics. #4 Internet Fraud

jillian-horne
Download Presentation

Don’t Be “Phooled” By Phishing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Don’t Be “Phooled”By Phishing Federal Trade Commission National Consumers League Microsoft Corporation March 31, 2005

  2. Susan GrantDirector, National Consumer League’sNational Fraud Information Center and Internet Fraud Watch Program

  3. Phishing Statistics • #4 Internet Fraud • #10 Telemarketing Fraud • National Fraud Information Center / Internet Fraud Watch, National Consumers League, 2004 • 43% or 91 million U.S. adults have received a phishing contact • Of those 5% or 4.5 million U.S. adults have provided personal information to phishers • STAR/First Data, November 2004

  4. www.phishinginfo.org

  5. Can You Spot a Phish? Jacqueline Beauchere Business Strategy Manager Microsoft Corporation

  6. Deceptive AddressSource code reveals actual mail from address as “href=mailto:accmanager@msn-network.com” Alarmist Message Criminals try their best to create a sense of urgency so you'll respond without thinking. Also, look for misspellings, grammatical errors, and typos--such as “…an access to MSN services for your account…” Deceptive LinkSource code reveals that the actual address linked to is href=http://www.online-msnupdate.com/?sess=qCKWmHUBPPZwT8n4GEMNh7owHDEGt40IHKG5tAGiqGOjNeovRc&cid=betteyost@msn.com The difference between these two URLs could be a sign that the message is fake. (However, even if the URLs are the same, don't let down your guard, because the pop-up could be a trick, too.) Unpersonalized Messages Be wary if a company you regularly do business with fails to address you by name.

  7. Know the CompanyeBay generally does not send out emails to customers containing login links. Look carefully at the status bar for all links and URLs—the URL in the status bar for the login link is not eBay.com. Differences between links or URLs in an email and the status bar should make you suspicious.If you receive an e-mail like this one, open a new browser window, type in the URL yourself and login into your account to see if there are any real account problems. PHISH

  8. Look carefully at the link. See the @ sign? This is a common phishing trick. In some browser applications, when a URL uses an @ sign, everything to the left of the @ sign is disregarded and the browser only reads to the right of the @ sign. When you see or suspect an @ trick, be suspicious. If you think that the sender of the email has no legitimate association with the domain you see there, suspect a phish. PHISH

  9. Aaron KornblumInternet SafetyEnforcement AttorneyMicrosoft Corporation

  10. MSN Billing Phishing Case 1 MS filed John Doe lawsuit in WA 4 Austrian ISP identified IP address registered to Qwest in the US 2Issued subpoenas to web hosts in CA 5 Subpoena to Qwest and investigations identified Jayson Harris in Iowa, US 3 Subpoenas identified ISP in Austria 6 Referred to FBI and obtained $3 million Default Judgment

  11. Lydia ParnesActing Director, Bureau of Consumer Protection Federal Trade Commission

  12. Tip Number 1: • If you get an email or pop up message that asks for personal or financial information, don’t reply, and don’t click on the link in the message. Legitimate companies don’t ask for this information by email • Tip Number 2: • Don’t email personal or financial information. • Tip Number 3: • Read your credit card and bank account statements as soon as you receive them to spot any unauthorized charges • Tip Number 4: • Use anti virus software and a firewall, and keep them up-to-date. • Tip Number 5: • Report suspicious activity to the FTC.

More Related