cct355h5 f presentation: phishing november 22. 2012 jennifer li
TRANSCRIPT
CCT355H5 FPresentation: Phishing
November 22. 2012
Jennifer Li
What is phishing?
A fraudulent attempt, usually made through email, to steal people’s personal information.
Appear to come from a well-known organization and ask for your personal information
credit card number, social security number, account number or password
E-mails direct the user to visit a Web site by asking them to click a link
Users are then asked to update personal information that the legitimate organization already has
Bogus and set up only to steal the user’s information.
Example
Other types of phishing
Web based delivery
Instant messaging
Trojan hosts
Content Injection
Search Engines
Phone Phishing
How significant?
64 brands hijacked by phishing in 2008
"eBay is often spoofed, for obvious reasons. Google is increasingly being targeted because of its expansion into different business application models. The big banking names are used too--HSBC, Citigroup, Lloyds--all the major brands".
Implications
Lost revenue
Brand erosion
Regulatory issues
Statistics
Phishing costs companies more than $98billion a year
More than 500 million phishing e-mails appear in user inboxes every day
Almost 80% of phishing targets consist of financial organizations, online stores, social networking sites and search engines
Phishing links are clicked from received emails in about 65% of cases
Beware
Spelling & bad grammar
Beware of links in email
Threats
Spoofing popular websites or companies
Protect yourself from phishing
Never share your email account password to anyone
Only enter your email username and password after verifying that you are on the website of your email provider. Check the URL.
Only change email information after initiating a session with your email provider.