Phishing at the User Interface

alapati
Phishing.pptx
Home>Computer Science homework help>Phishing at the User Interface

Phishing Computer Security Foundations

Objectives

Phishing and various types of phishing

Tactics used in phishing scams

Finding out real phishing messages

Understand phishing

How to protect yourself from phishing

Phishing

Phishing is a fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information.

Phishing may also include infecting computers and other devices with malware and viruses

Phishing emails may contain links to websites are infected with malware.

Types of Phishing

Clone phishing - clone phishing attack is to take advantage of legitimate messages that the victim may have already received and create a malicious version of it.

Mass Phishing – Mass, large-volume attack intended to reach as many people as possible

Spear Phishing – Targeted attack directed at specific individuals or companies using gathered information to personalize the message and make the scam more difficult to detect

Advance-Fee Scam: Requests the target to send money or bank account information to the cybercriminal

Smishing - SMS phishing, or “smishing,” is a form of phishing that capitalizes on the world’s addiction to text messaging and instant communications

Tactics used for phishing

Content Encryption – The content of the email is encrypted along with the attachments, preventing them from being seen by security solutions.

Content Injection – Phishing threat actors include links to legitimate but vulnerable webpages or apps which redirect users to phishing sites.

Fake account on a social media site Mimics a legitimate person, business or organization. May also appear in the form of an online game, quiz or survey designed to collect information from your account.

Phishing URLs in Attachments – By hiding the phishing URLs in attachments instead of the email itself, detection becomes more difficult. Weaponized documents have also become the phishing scheme of choice for nation states that target rival embassies, governmental offices, and agencies.

Phishing example – Email phishing

This email is all about a recent login in Thailand.

The entire message is not relevant to the subject.

The "Click Here" short URL link is highly suspicious - never trust a short link that obfuscates the true link destination.

Phishing Example

This email shows as from the NDSU Human Resources

Saying action required for recently reviewed activity

Email address shows NDSU, but not .edu address (@ndsu.com)

Includes hyperlink that points to fraudulent site

Phishing Example

Claims to come from PayPal

Includes PayPal logo, but from address is not legitimate (@ecomm360.net)

Calls for immediate action using threatening language

Includes hyperlink that points to fraudulent site

Detecting Phishing

The email asks you to confirm personal information

The web and email addresses do not look genuine

Threatening language that calls for immediate action

Announcement indicating you won a prize or lottery

Hyperlinked URL differs from the one displayed, or it is hidden

Protecting Yourself From Phishing

Do not click on

Do not click on any links listed in the email message, and do not open any attachments contained in a suspicious email.

Do not enter

Do not enter personal information in a pop-up screen. Legitimate companies, agencies, and organizations don't ask for personal information via pop-up screens.

Install

Install a phishing filter on your email application and also on your web browser. These filters will not keep out all phishing messages, but they will reduce the number of phishing attempts.

Browse

Browse securely with HTTPs

Be

Be wary of threats and urgent deadlines

Protecting yourself from phishing

Be wary of emails asking for confidential information – especially if it asks for personal details or banking information.

Legitimate organizations, including and especially your bank, will never request sensitive information via email.

They may also have an impersonal greeting. Think of those ‘Dear Customer’ or ‘Dear Sir/Madam’ salutations or feature implausible and generally surprising content

You should always, where possible, use a secure website (indicated by https:// and a security “lock” icon in the browser’s address bar) to browse, and especially when submitting sensitive information online, such as credit card details