Hey check out this cool PHISHING presentation!

Benjamin Ross Lyerly

PHISHING: A BRIEF HISTORYWORD ORIGIN (1996) from the hacking community to describe the act of fishing for account info with emails as lure.

•Can be done on paper or phone, but much more successful on the net•AOL in the mid 90s experienced the most phishing issues since it was a pay to use •Phishers would lure AOL users to give username and password information which was termed “phish”•Phishers could then trade these as currency for warez, serials, or phish they wanted

WHAT’S AOL?

• After AOL phishing continued but grew out of just USERNAME and PASSWORD

• Now any personal information is valuable• Current phishers are looking for credit card numbers, social

security numbers, date of births, and they even want to know your mother’s maiden name

NOT JUST E-MAIL AND IM

• A better target than ignorant surfers is desperate surfers

• The same trick in a new way, phishers now fill the job sites, credit scores, prize giveaways, and many other get rich schemes

•

THE PRESENT

• False apps are being put on DROID and IPHONE online stores

• Most common are banking applications that send your information to its creator

• Others pose as bookstores, pizza ordering, anything that you place your card number in

• Some have malicious code that will trawl your phone for contacts’ information

PHAMOUS PHISHING ATTACKS

• had to reset passwords to thousands of accounts after emails were sent out to users with a link to change their passwords at http://twitter.access-logins.com/login

• These kinds of attacks are bulk e-mails in which the phisher sends out at random hoping to pick up people who just don’t know better

•User database was hacked and e-mail addresses were stolen for 6.3 million customers at TD AMERITRADE•These specific addresses were the victims of SPEAR PHISHING attacks

• Many CEOs were sent phishing e-mails to disguised as subpoenas that directed them to a site that appears to be on a government site. They were then told to update their adobe acrobat, and upon doing so they were given a malicious trojan that spied on everything they did

SOME EXAMPLES

HOW TO PROTECT YOURSELF

• Financial sites will never ask you to confirm your identity through an email

• Never click hyperlinks through an email or im• Keep your browsers and antivirus updated• If you suspect you’ve been scammed alert your

credit companies immediately and change all of your passwords

• Smart phones have begun installing malware as of this year

• http://www.allspammedup.com/2010/01/phishing-and-malware-in-the-smart-phone-era/

• http://www.cnn.com/2010/TECH/02/02/twitter.phishing/?hpt=T2

• http://isc.sans.org/diary.html?storyid=4289• http://

blogs.pcmag.com/securitywatch/2008/04/whale_phishing.php

• http://www.sophos.com/pressoffice/news/articles/2007/09/ameritrade.html

• http://www.articlesbase.com/home-and-family-articles/what-you-should-know-about-internet-phishing-1039201.html

• http://www.fraud.org/tips/internet/phishing.htm