detecting phishing attacks theory cues and practice n.
Skip this Video
Loading SlideShow in 5 Seconds..
Detecting Phishing Attacks: Theory, Cues, and Practice PowerPoint Presentation
Download Presentation
Detecting Phishing Attacks: Theory, Cues, and Practice

Loading in 2 Seconds...

play fullscreen
1 / 15

Detecting Phishing Attacks: Theory, Cues, and Practice - PowerPoint PPT Presentation

Download Presentation
Detecting Phishing Attacks: Theory, Cues, and Practice
An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Detecting Phishing Attacks:Theory, Cues, and Practice CSU PDI Steve Lovaas January 8, 2010

  2. Overview • What is phishing • Overview of the problem • Evolution of the attacks • How to tackle the problem • Awareness & Attitude • Clues • Practice

  3. What is “Phishing”? From: Directeur de la recherche technique, Université de la Sorbonne ( To: Steve Lovas ( Subject: Pressant! Veuillez taper votre mot de passe:

  4. Official Definitions • Social engineering: the act of manipulating people into performing actions or divulging confidential information. • Phishing: social engineering in the form of fraudulent/deceptive email, typically requesting personal/financial information or access credentials

  5. Practical Definitions • Trying to trick you into doing something • Exploiting established trust or trusting nature • Hoping you won’t pay adequate attention • “Please send me your username, password, bank account number, credit card number, and SSN…”

  6. Phishing Factors • Deceptive email, usually broadly distributed • Addresses, subject, attachments, and message text can all utilized to deceive… • “Spoof” of a familiar source • “Reply-to” that is different than “From” • Emotional appeals • Current social issues, breaking news • Appeal to entertainment, profit, etc. • Money for nothing (too good to be true) • DIRE CONSEQUENCES IN ALL CAPS • Spelling errors • Bad grammar Technical cues Contextual cues Linguistic (syntactical) cues

  7. Recent Evolution of Tactics • Spearphishing • From a carefully chosen source you should know • Targeted specifically at members of an organization • Graphics, style, tone carefully chosen to look right • Becoming more common • More, better graphics • More visual content = more likely to trust • Media-rich content plays to our habits, tendencies • Eventual inclusion of audio, video?

  8. So What’s Going On? Smells like phish Decoding by many different receivers Encoding Tendency to trust Sender Message Channel Culture Social norms Empathy Technical understanding Previous experience with sender

  9. How to Tackle the Problem? • Technical defenses • Technical/social environment • Social norms • User education/awareness • User attitude

  10. Protection Points Smells like phish Decoding by many different receivers Highlighting Current Attacks Anti-virus, Anti-spam Encoding Tendency to trust Sender Message Channel Building organizational norms Culture Social norms Empathy Digital signatures Technical understanding Previous experience with sender Individual education

  11. Focus on Awareness & Attitude • Awareness (our focus here today) • Knowledge of the problem • Knowledge of the tactics • Ability to recognize attacks (cues) • Attitude (WHY you’re here today) • Inclination to act • Tendencies to trust or be suspicious • Default behaviors Of course our ultimate goal is behavior (don’t fall victim)… but we can hope to achieve that by working on:

  12. Clues/Cues in the Message • What are some features of messages that can clue you in to a phishing attack? • Things that make you go “hmm…”

  13. Some Practice “mailbox capacity Account” (?) Impersonal greeting Grammar! NEVER do this! Bates?? We don’t have anything called “Webmail Helpdesk” Expires in 4 days?

  14. More Practice From: [] Sent: Thursday, December 11, 2008 10:00 AM To: Samaniego,Rosalie Subject: Electronic Tax Document Signup For Colorado State University This email has been sent by Colorado State University / ECSI asking for your consent to receive notification of your 1098-T tax form electronically. If you would like to receive notification electronically please give your consent by following the link below, logging in, and following the instructions. If you would like to receive a paper copy of your 1098-T form, do nothing. The benefits to receiving electronic notification are: * Online delivery provides access to the form 1098-T earlier than the traditional mailing process. * Online delivery eliminates the chance that the 1098-T will get lost, misdirected or delayed during delivery, or misplaced once the student receivesit. * Signing up for online delivery is easy and secure. * Students can receive their 1098-T form even while traveling or on assignment away from their home address. To give consent to receive your notification electronically, log in to the SECURE website below using the given information: Step 1: Website: School Code: JW Account : (your Social Security Number or Student ID) Password : 76954 Step 2: Under Account Tools: Click "Signup for Electronic Tax Documents" Step 3: Read information, check the consent box, verify your email address, and click the submit button. Thank you for your response. ECSI's 1098-T Project Manager, Mike Trombetta ECSI: Service Never Rests 181 Montour Run Road | Coraopolis, PA 15108 v 866.428.1098 | f 866.291.5384 | Who is Request for financial transaction Sent to a real user, but no personalized greeting, generic message Apparently wants my SSN?? Use a password in the email? No mention of anyone from CSU

  15. Summary • NEVER send your username/password in email – or your CC#, SSN, etc. • Avoid clicking URLs directly from an email • If it claims to be from ACNS, look for a digital signature • If an email looks suspicious, ask your IT person • Listen to the little voice in your head!