phishing
TRANSCRIPT
PhishingBy:Esraa Yaseen Israa El-JamalTo:Eng. Abdel Nasser Abdelhadi
Islamic University-GazaFaculty of EngineeringComputer Department
OutlineDefinitionComparison to SpamFacts about PhishingPhishing step by stepWhat phishers want ?Effects of phishingReal storiesHow to phish??Marks of phishing emailsHow to Avoid?I’ve been already phished
” phishing” Name and definition …
It is the act of tricking someone into giving confidential information (like
passwords and credit card information) on a fake web page or email form
pretending to come from a legitimate company (like their bank).
COMPARISON TO SPAM
The purpose of a phishing message is to acquire sensitive information about a user. For doing so the message needs to deceive the intended recipient.
So it doesn’t contains any useful information and hence falls under the category of spam.
A spam message tries to sell a product or service, whereas phishing message needs to look like it is from a legitimate organization.
Techniques applied to spam message cant be applied naively to phishing messages.
Facts about Phishing !6.1 Billion – Number of phishing e-mails sent world-wide each month.
$1,200 – Average loss to successfully phished person.
A new phishing scam is launched every two minutes.
What kinds of personal information do the thieves want?
◦Your name, address and date of birth◦Social Security number◦Driver’s License number◦Credit Card numbers◦ATM cards◦Telephone calling cards
Industries affected
Major industries affected are:
Financial Services ISPs Online retailers
The most websites
frequently attacked by phishers !
eBay Phishing Scam example
PayPal Phishing Scam example
Phishing step by step …
Effects of Phishing
Internet fraud Identity theft Financial loss to the original
institutions Erosion of Public Trust in the Internet.
Real stories
How to phish some web
site??
Be clever !
Be clever !
Be clever !
Be clever !
How to avoid phishing?
Think before you open, Never open suspicious emails.
Ensure that the web browser has the latest security patch applied.
Install latest anti-virus packages.
Verify the accounts and transactions regularlyNever submit credentials on forms embedded in emails.
Inspect the address bar and SSL certificate.
Good or Bad Site?
Good or Bad Site?
If I’ve been already phished ??
Take immediate action to protect your identity and
all of your online accounts.
Treat the situation like you lost your wallet or purse. Immediately contact all of your financial institutions, preferably by phone, and inform them of the situation. Go to every web site where you may have stored credit card and/or bank numbers and change the password at each web site
Choose a strong password that is significantly different from your old passwords.
Forward spam that is phishing for information to [email protected] and visit FTC’s
References
http://www.phishing.org/phishing-techniques/
http://en.wikipedia.org/wiki/Phishinghttp://www.youtube.comhttp://sarasota.ifas.ufl.edu/FCS/
phish_stories.pdf
Questions
Thanks for
attention