1 / 38

Freud and Phishing: The Psychology Behind Internet Scams

Freud and Phishing: The Psychology Behind Internet Scams. JC Lamkin, CNA, PMP Gypsy Lane Technologies Philadelphia, PA 19144 (215) 843-1039 Jc.lamkin@gltMYpc.com http://www.gltMYpc.com Twitter.com/TechCrusader. What is Phishing?. Making Money with Phish. 2,000,000 emails are sent

latif
Download Presentation

Freud and Phishing: The Psychology Behind Internet Scams

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Freud and Phishing:The Psychology Behind Internet Scams JC Lamkin, CNA, PMP Gypsy Lane Technologies Philadelphia, PA 19144 (215) 843-1039 Jc.lamkin@gltMYpc.com http://www.gltMYpc.com Twitter.com/TechCrusader

  2. What is Phishing?

  3. Making Money with Phish • 2,000,000 emails are sent • 5% get to the end user – 100,000(APWG) • 5% click on the phishing link – 5,000(APWG) • 2% enter data into the phishing site – 100(Gartner) • $1,200 from each person who enters data (FTC) • Our potential reward: $120,000

  4. How Much Information? • 4.1 million –The number of credit card numbers discovered in ONE phishing blind drop a 4 month period • A typical day • Information for 13,677 accounts • 3,356 credit cards • 255 PayPal account logins • 1,038 eBay account logins • 93 Bank of America online banking account logins • 2,609 Hotmail email account logins Source: Washingtonpost.com (Security Fix: Brian Krebs)

  5. Phish and Spam are Different

  6. Psychology: Phish ≠ Spam People treat spam and phish differently • Take a Phishing Email and place it in an end users “spam” folder. • 10% of the time the user removes the phishing email from the spam folder and places it in their inbox. • Take a Phishing Email and place it in an end-users “phish” folder • The user removes the phishing email from the phish folder less than 0.5% of the time.

  7. The Tricks of the Trade

  8. Fear – You’re Being Naughty “…payments or donations for obscene or certain sexually oriented goods or services.” “…your account…limited for: xxxcambabes.com cam shows.”

  9. Fear – Account Takeover “…someone had used your account to make fake bids…” “You must verify …” “…no choice but to suspend your account.”

  10. Fear – Service Deactivation # 1 “…service(s)…will be deactivated…”

  11. Fear – Service Deactivation # 2 “…service(s)…will be deactivated…”

  12. Fear – Service Deactivation # 3 “…service(s)…will be deactivated…”

  13. Fun – eBay Lottery

  14. Fun – eBay Conference

  15. Fun – eBay Anniversary LEGIT

  16. Fun – Take a Survey

  17. Fun – Take a Survey LEGIT

  18. Confusion – Account Change

  19. Confusion – Did I Buy This?

  20. Assistance – My Refund?

  21. Assistance – We’re Here to Help

  22. Assistance –Fraud Detection

  23. Assistance – Buy Safely LEGIT

  24. Poll-time Possibilities LEGIT?? ...Only for Poll Workers

  25. Compassion – No Scruples

  26. Other Email Tricks • Multi-Stage Attacks • Email 1 – “We’ll be updating all our accounts this weekend” • Email 2 – “We discovered a problem with your account” • Multi-channel Attacks • Email contains both • Phishing URL • Phishing phone number (typically VOIP based)

  27. citibank-validate.info earthlink-reactivation.net services-bankofamerica.com sales-aol.net secure-ebay.com msn-reactivation.net secure-usbank.info service-visa.net verification-e-gold.com customer-verification.com banking-account-renewal.com Phishers SSL Certificate >> citibanhk.de << Duplicated Registrar Info >> credltlyonaisse.com << Registering a Cyrillic “a” >> paypal.com << The Domain Name Game Hall of Fame

  28. Web Site Tricks We arrive at the website. Is something phishy?

  29. Web Site Tricks There is no address bar!

  30. Web Site Tricks Now there’s two!

  31. More Web Site Tricks • Search Engine Listings • Common URL misspellings www.mailfrontier.com www.mailfronteir.com www.malefrontier.com

  32. Tips on Protecting Yourself from Phishing

  33. Protect Yourself • Know your senders • Is this someone I do business with? • Is this something I was told I’d receive? • Look for other ways to respond

  34. Protect Yourself • Stay on guard • Look for clues – improve your PhishingIQ • Don’t be afraid to ask • Know how your system is updated • Protect your system • Check your records • Check your sources, snopes.com

  35. Not Just a Consumer Issue • Operations • Microsoft Updates, RSA SecurID • Corporate credit cards • American Express, Visa, MasterCard • Purchasing and Payments • Ebay, PayPal • Network Services • Verizon, Earthlink • Web Services • DNS Name Registration, Hosting Companies

  36. Protect Your Brand • Cut-and-Paste links, minimize links • Use personal information where possible • Provide non-email ways to verify • Use standard company domain names • Identify your partners • Set and follow standard communication practices

  37. Phishing - Don’t Take the Bait • Preemptive • Phishing is different than spam – think Virus • Technology • Its more than a consumer issue • Multi-faceted solution – No silver bullet • Psychology • Educate your customers/employees/yourself • Improve their PhishingIQ • Email is still Good! Really it is!

  38. Freud and Phishing:The Psychology Behind Internet Scams JC Lamkin, CNA, PMP Gypsy Lane Technologies Philadelphia, PA 19144 (215) 843-1039 Jc.lamkin@gltMYpc.com http://www.gltMYpc.com Twitter.com/TechCrusader Special thanks to infosecurity.com

More Related