cct355h5 f presentation: phishing november 22. 2012 jennifer li

15
CCT355H5 F Presentation: Phishing November 22. 2012 Jennifer Li

Upload: kelley-oconnor

Post on 20-Jan-2016

216 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: CCT355H5 F Presentation: Phishing November 22. 2012 Jennifer Li

CCT355H5 FPresentation: Phishing

November 22. 2012

Jennifer Li

Page 2: CCT355H5 F Presentation: Phishing November 22. 2012 Jennifer Li

What is phishing?

Page 3: CCT355H5 F Presentation: Phishing November 22. 2012 Jennifer Li

A fraudulent attempt, usually made through email, to steal people’s personal information.

Appear to come from a well-known organization and ask for your personal information

credit card number, social security number, account number or password

Page 4: CCT355H5 F Presentation: Phishing November 22. 2012 Jennifer Li

E-mails direct the user to visit a Web site by asking them to click a link

Users are then asked to update personal information that the legitimate organization already has

Bogus and set up only to steal the user’s information.

Page 5: CCT355H5 F Presentation: Phishing November 22. 2012 Jennifer Li

Example

Page 6: CCT355H5 F Presentation: Phishing November 22. 2012 Jennifer Li
Page 7: CCT355H5 F Presentation: Phishing November 22. 2012 Jennifer Li

Other types of phishing

Web based delivery

Instant messaging

Trojan hosts

Content Injection

Search Engines

Phone Phishing

Page 8: CCT355H5 F Presentation: Phishing November 22. 2012 Jennifer Li

How significant?

64 brands hijacked by phishing in 2008

"eBay is often spoofed, for obvious reasons. Google is increasingly being targeted because of its expansion into different business application models. The big banking names are used too--HSBC, Citigroup, Lloyds--all the major brands".

Page 9: CCT355H5 F Presentation: Phishing November 22. 2012 Jennifer Li

Implications

Lost revenue

Brand erosion

Regulatory issues

Page 10: CCT355H5 F Presentation: Phishing November 22. 2012 Jennifer Li

Statistics

Phishing costs companies more than $98billion a year

More than 500 million phishing e-mails appear in user inboxes every day

Almost 80% of phishing targets consist of financial organizations, online stores, social networking sites and search engines

Phishing links are clicked from received emails in about 65% of cases

Page 11: CCT355H5 F Presentation: Phishing November 22. 2012 Jennifer Li
Page 12: CCT355H5 F Presentation: Phishing November 22. 2012 Jennifer Li
Page 13: CCT355H5 F Presentation: Phishing November 22. 2012 Jennifer Li

Beware

Spelling & bad grammar

Beware of links in email

Threats

Spoofing popular websites or companies

Page 14: CCT355H5 F Presentation: Phishing November 22. 2012 Jennifer Li

Protect yourself from phishing

Never share your email account password to anyone

Only enter your email username and password after verifying that you are on the website of your email provider. Check the URL.

Only change email information after initiating a session with your email provider.

Page 15: CCT355H5 F Presentation: Phishing November 22. 2012 Jennifer Li