Freud and phishing the psychology behind internet scams
This presentation is the property of its rightful owner.
Sponsored Links
1 / 38

Freud and Phishing: The Psychology Behind Internet Scams PowerPoint PPT Presentation


  • 85 Views
  • Uploaded on
  • Presentation posted in: General

Freud and Phishing: The Psychology Behind Internet Scams. JC Lamkin, CNA, PMP Gypsy Lane Technologies Philadelphia, PA 19144 (215) 843-1039 [email protected] http://www.gltMYpc.com Twitter.com/TechCrusader. What is Phishing?. Making Money with Phish. 2,000,000 emails are sent

Download Presentation

Freud and Phishing: The Psychology Behind Internet Scams

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Freud and phishing the psychology behind internet scams

Freud and Phishing:The Psychology Behind Internet Scams

JC Lamkin, CNA, PMP

Gypsy Lane Technologies

Philadelphia, PA 19144

(215) 843-1039

[email protected]

http://www.gltMYpc.com

Twitter.com/TechCrusader


What is phishing

What is Phishing?


Making money with phish

Making Money with Phish

  • 2,000,000 emails are sent

  • 5% get to the end user – 100,000(APWG)

  • 5% click on the phishing link – 5,000(APWG)

  • 2% enter data into the phishing site – 100(Gartner)

  • $1,200 from each person who enters data (FTC)

  • Our potential reward: $120,000


How much information

How Much Information?

  • 4.1 million –The number of credit card numbers discovered in ONE phishing blind drop a 4 month period

  • A typical day

    • Information for 13,677 accounts

    • 3,356 credit cards

    • 255 PayPal account logins

    • 1,038 eBay account logins

    • 93 Bank of America online banking account logins

    • 2,609 Hotmail email account logins

Source: Washingtonpost.com (Security Fix: Brian Krebs)


Phish and spam are different

Phish and Spam are Different


Psychology phish spam

Psychology: Phish ≠ Spam

People treat spam and phish differently

  • Take a Phishing Email and place it in an end users “spam” folder.

    • 10% of the time the user removes the phishing email from the spam folder and places it in their inbox.

  • Take a Phishing Email and place it in an end-users “phish” folder

    • The user removes the phishing email from the phish folder less than 0.5% of the time.


The tricks of the trade

The Tricks of the Trade


Fear you re being naughty

Fear – You’re Being Naughty

“…payments or donations for obscene or certain sexually oriented goods or services.”

“…your account…limited for: xxxcambabes.com cam shows.”


Fear account takeover

Fear – Account Takeover

“…someone had used your account to make fake bids…”

“You must verify …”

“…no choice but to suspend your account.”


Fear service deactivation 1

Fear – Service Deactivation # 1

“…service(s)…will be deactivated…”


Fear service deactivation 2

Fear – Service Deactivation # 2

“…service(s)…will be deactivated…”


Fear service deactivation 3

Fear – Service Deactivation # 3

“…service(s)…will be deactivated…”


Fun ebay lottery

Fun – eBay Lottery


Fun ebay conference

Fun – eBay Conference


Fun ebay anniversary

Fun – eBay Anniversary

LEGIT


Fun take a survey

Fun – Take a Survey


Fun take a survey1

Fun – Take a Survey

LEGIT


Confusion account change

Confusion – Account Change


Confusion did i buy this

Confusion – Did I Buy This?


Assistance my refund

Assistance – My Refund?


Assistance we re here to help

Assistance – We’re Here to Help


Assistance fraud detection

Assistance –Fraud Detection


Assistance buy safely

Assistance – Buy Safely

LEGIT


Poll time possibilities

Poll-time Possibilities

LEGIT??

...Only for Poll Workers


Compassion no scruples

Compassion – No Scruples


Other email tricks

Other Email Tricks

  • Multi-Stage Attacks

    • Email 1 – “We’ll be updating all our accounts this weekend”

    • Email 2 – “We discovered a problem with your account”

  • Multi-channel Attacks

    • Email contains both

      • Phishing URL

      • Phishing phone number (typically VOIP based)


The domain name game

citibank-validate.info

earthlink-reactivation.net

services-bankofamerica.com

sales-aol.net

secure-ebay.com

msn-reactivation.net

secure-usbank.info

service-visa.net

verification-e-gold.com

customer-verification.com

banking-account-renewal.com

Phishers SSL Certificate

>> citibanhk.de <<

Duplicated Registrar Info

>> credltlyonaisse.com <<

Registering a Cyrillic “a”

>> paypal.com <<

The Domain Name Game

Hall of Fame


Web site tricks

Web Site Tricks

We arrive at the website. Is something phishy?


Web site tricks1

Web Site Tricks

There is no address bar!


Web site tricks2

Web Site Tricks

Now there’s two!


More web site tricks

More Web Site Tricks

  • Search Engine Listings

  • Common URL misspellings

    www.mailfrontier.com

    www.mailfronteir.com

    www.malefrontier.com


Tips on protecting yourself from phishing

Tips on Protecting Yourself from Phishing


Protect yourself

Protect Yourself

  • Know your senders

    • Is this someone I do business with?

    • Is this something I was told I’d receive?

    • Look for other ways to respond


Protect yourself1

Protect Yourself

  • Stay on guard

    • Look for clues – improve your PhishingIQ

    • Don’t be afraid to ask

    • Know how your system is updated

    • Protect your system

    • Check your records

    • Check your sources, snopes.com


Not just a consumer issue

Not Just a Consumer Issue

  • Operations

    • Microsoft Updates, RSA SecurID

  • Corporate credit cards

    • American Express, Visa, MasterCard

  • Purchasing and Payments

    • Ebay, PayPal

  • Network Services

    • Verizon, Earthlink

  • Web Services

    • DNS Name Registration, Hosting Companies


Protect your brand

Protect Your Brand

  • Cut-and-Paste links, minimize links

  • Use personal information where possible

  • Provide non-email ways to verify

  • Use standard company domain names

  • Identify your partners

  • Set and follow standard communication practices


Phishing don t take the bait

Phishing - Don’t Take the Bait

  • Preemptive

    • Phishing is different than spam – think Virus

  • Technology

    • Its more than a consumer issue

    • Multi-faceted solution – No silver bullet

  • Psychology

    • Educate your customers/employees/yourself

    • Improve their PhishingIQ

    • Email is still Good! Really it is!


Freud and phishing the psychology behind internet scams1

Freud and Phishing:The Psychology Behind Internet Scams

JC Lamkin, CNA, PMP

Gypsy Lane Technologies

Philadelphia, PA 19144

(215) 843-1039

[email protected]

http://www.gltMYpc.com

Twitter.com/TechCrusader

Special thanks to infosecurity.com


  • Login