1 / 17

Phishing

Phishing. By The Blank Mind Group. Darrell Fraser Kuo-Luen Chang. Dana Fellows Jason Kohut Rick Barton Darrell Fraser Kuo-Luen Chang. Phishing . Definition History Problematic Behaviors Laws Compliance Guidelines Penalties Current Management Application

gilon
Download Presentation

Phishing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Phishing By The Blank Mind Group Darrell Fraser Kuo-Luen Chang Dana Fellows Jason Kohut Rick Barton Darrell Fraser Kuo-Luen Chang

  2. Phishing • Definition • History • Problematic Behaviors • Laws • Compliance Guidelines • Penalties • Current Management Application • Client Based Anti-Phishing Programs

  3. Phishing – A definition • According to Merriam-Webster, “phishing” is “a scam by which an email user is duped into revealing personal or confidential information which the scammer can use illicitly.” • Wikipedia states “in the field of computer security phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in electronic communication.”

  4. Two Variations of Phishing When phishers personalize their attacks to their intended targets to increase the probability of success. A sneaky attempt by scammers to hijack the personal computers of top-ranking business executives.

  5. History of Phishing • Phishing has existed in different forms for years

  6. Problematic Enablers

  7. Laws: Federal • Federal Level • CAN-SPAM (Controlling the Assault of Non-Solicited Pornography And Marketing) Act of 2003 • Signed into law by George W. Bush • Sets standards for sending commercial email • It is a misdemeanor to send spam with falsified header information!

  8. Laws: Federal, Con’t • Anti-Phishing Act of 2004(never got past committee) • Introduced by Senator Patrick Leahy • Anti-Phishing Act of 2005(never enacted) • This law, had it passed, would have placed large fines and lengthy prison sentences for “fake websites and bogus websites” developed for the purpose of defrauding individuals • First law to differentiate and target “phishing” specifically

  9. Laws: State and Local • No State/Local Laws in Missouri • Other states have enacted laws within their borders. • Federal Laws Control Phishing because it’s Interstate Fraud • Phishing has not yet been addressed by the lawmakers of Missouri

  10. Laws: Commercial Compliance • Commercial email allowed as long as it conforms to three types of compliances:

  11. Recent Phishing Attempts • Social Networking Websites • Due to their popularity, social networking websites have become popular phishing holes. • Criminals pretending to be the IRS to attain sensitive information from U.S. taxpayers. • IRS Video Warning About Phishing

  12. Sample Phishing Emails After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of $63.80. Please submit the tax refund request and allow us 6-9 days in order to process it. A refund can be delayed for a variety of reasons. For example submitting invalid records or applying after the deadline. To access the form for your tax refund, please click here Regards, Internal Revenue Service

  13. Laws: Commercial Compliance, Con’t • Compliance #3 – Sending Behavior

  14. Penalties • Jeffrey Brett Goodin • First person prosecuted under CAN-SPAM Act • Conned AOL customers by sending emails that appeared to be from AOL’s billing department, which required users to reveal their personal and credit card information • Sentenced in 2007 to 70 months • Ordered to pay over 1 million dollars to his victims.

  15. Management Applications • Management needs to inform employees about the potential threats of phishing and the signs to look for. • Don’t give out company login information to suspicious emails. • Never login through an email from a business partner if asked. Go to their corporate website and login how you normally would.

  16. Client Based Anti-Phishing Programs • Update internet browsers to the latest versions. • Make sure your browser has the SSL (Secure Socket Layer) certificate selected. • Computer Security Programs • Avira Premium Security Suite • McAfee SiteAdvisor • ESET Smart Security • Phishtank (SiteChecker) • Windows Mail • eBay Toolbar

  17. Conclusion • Definition • History • Problematic Behaviors • Laws • Compliance Guidelines • Penalties • Current Management Application • Client Based Anti-Phishing Programs

More Related