1 / 11

Phishing

Phishing. ISYM 540 Current Topics in Information System Management. Hackers want to…. Use you to spread their worms and viruses. Install spyware programs on your computer so they can monitor everything you do on the Internet.

zytka
Download Presentation

Phishing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Phishing ISYM 540 Current Topics in Information System Management

  2. Hackers want to… • Use you to spread their worms and viruses. • Install spyware programs on your computer so they can monitor everything you do on the Internet. • Alter your browser, forcing it to visit websites you don't want to visit. • Get your personal information • Goal 1 is usually about “FUN” • Goals 2, 3 and 4 are usually about MONEY!

  3. Phishing • Means to a fraud • Spam/ forged emails • Fake sites • Trojans/ malware • Web 2.0 (JavaScript, Ajax, xss, etc) • Personal data are the object of interest: credit card numbers, bank accounts details , PINs, etc.

  4. Phishing technique • Unsolicited message („spam“) as the initiator Bogus website random URL; or confusingly similar domain name • Variety of other techniques - Cross-site scripting, Man-in-the-middle attack, HTML form in the spam email.

  5. WHY PHISHING ATTACK! Lack of Knowledge • computer system • security and security indicators • web fraud Visual Deception • Visually deceptive text • Images masking underlying text

  6. Phishing – random URL

  7. Phishing – confusingly similardomain name fake websites • usually not hosted in the US. • usually not up for more than a few days.

  8. Phishing – HTML form in email eBay phishing email A fake link

  9. Phishing and domain name registries • November 2007: Over 23.000 phishing websites detected just in this month • Removing domain names is not the ultimate solution • website still accessible through the IP address

  10. TO protect your personal and financial information • Be suspicious of email messages that contain urgent requests for personal financial information, even if they appear to be from a trusted source (PayPal, eBay, your bank, etc.). • Do not click links in email messages that you suspect are not legitimate. Instead, open a new browser window and type in the URL directly. • Do not disclose personal or financial data in email. • Verify the security of the websites you visit by making sure that the web address begins with https: rather than http: before submitting credit card or other sensitive information online. • Review your bank, credit, and debit card statements regularly to ensure that all transactions are legitimate. • Keep your browser up to date and make sure to apply all released security patches.

More Related