1 What is Phishing? …listening to music by the band called Phish or perhaps …a hobby, sport or recreation involving the ocean, rivers or streams…nope.

1

What is Phishing? 

…listening to music by the band called Phish 

or perhaps

…a hobby, sport or recreation involving the ocean, rivers or streams…nope 

2

PhishingA computer scam on the rise!

3

Did you know… • One in four people have

never heard of the term “Phishing”.

• Half of the people surveyed could not accurately define phishing.

4

Phishing Facts•6.1 Billion – Number of phishing e-mails sent world-wide each month.

•$1,200 – Average loss to successfully phished person.

•7,484 Number of phishing Web sites in January 06.

•A new phishing scam is launched every two minutes.

5

Be Alert, Be Wary, and Be Informed.

6

“Phishing” Scam Occur when

• You get an email that looks like it comes from your bank, credit card company, etc.

• Asking you to “update their records”– May be due to potential fraud, other reasons

• Provides a hyperlink to a web page where you enter your personal information

• The link takes you to a thief’s website that is disguised to look like the company’s.

7

Why Phishing Scams?

A phishing expedition, like the fishing expedition it's named for, is a speculative venture: the phisher puts the lure hoping to fool at least a few of the prey that encounter the bait.

The thief is hoping to hook you with a very slick but very fake website to fish for your personal information.

8

What kinds of personal information do the thieves want?

– Your name, address and date of birth– Social Security number– Driver’s License number– Credit Card numbers– ATM cards– Telephone calling cards

9

Why people fall for phishing scams.

Typically, the messages appear to come from well known and trustworthy Web sites. Web sites that are frequently spoofed by phishers include PayPal, eBay, MSN, Yahoo, BestBuy, and America Online.

10

Current Phishing TargetsThis chart highlights which institutions were

targeted in phishing attacks recently.

11

How a Phishing  E-mail might read

Dear valued [CompanyName] member, Due to concerns, for the safety and integrity of the online [vendor service] community we have issued the following warning message.

It has come to our attention that your account information needs to be confirmed due to inactive customers, fraud and spoof reports. If you could please take 5-10 minutes out of your online experience and renew your records you will not run into any future problems with the online service. However, failure to confirm your records may result in your account suspension.

Once you have confirmed your account records your internet [vendor service] service will not be interrupted and will continue as normal.

Please click here {fake web site address} to confirm your [vendor service] account records.

Thank you for your time,

[CompanyName] Billing Department.

12

Phishing E-mails Examples

13

More Phishing E-mails

14

More Phishing Examples

15

“Actual Phishing” Email

16

How can you tell if the message is real ?

There are many other clues to look for: • See if the email contains obvious grammatical or spelling errors

("Due to concerns, for")

• The message opening very – general, or incorrectly identifies you, or only your email account name

• The email asks you to renew or update your account information.

• The message asks you to link to a web site which seems to be legitimate, but has extra information or characters at the end (http://www.amazon.com/myhacksite?brth=2y3bn45&uid=Kan13245).

• The web site prompts you for your userid and password, and then opens a page asking for credit card numbers, bank account numbers and so forth.

17

What should I do if I suspect the email is a fake?

• Report it. Most legitimate companies encourage you to forward suspicious emails to their security department, if you are unsure of the email's authenticity, and will respond within 24 hours with an answer.

• Then, delete it. Drag it to the trash, then empty the trash. And forget about it. You've defeated the spammers by not falling for their tricks.

18

How to Protect Yourself.

• Never click on hyperlinks in emails. never cut and paste the link into your web browser. - INSTEAD, type in the url to go to the website in your search engine.

• Call the company directly to confirm whether the website is valid.

• Don’t reply to email or pop-up messages that ask for personal or financial information.

• Don’t email personal information.• Be cautious opening attachments• Forward spam that is phishing for information to [email protected] and

visit FTC’s

19

What if I was tricked and entered my information on the web site?

Take immediate action to protect your identity and all of your online accounts.

•Treat the situation like you lost your wallet or purse. Immediately contact all of your financial institutions, preferably by phone, and inform them of the situation.

•Choose a strong password that is significantly different from your old passwords.

•Go to every web site where you may have stored credit card and/or bank numbers and change the password at each web site

20

What happens once phishing is reported to authorities…

• Once the thieves have “fished out the pond" so to speak, they move on. Normally, the link will shows a "cannot be displayed" page.

21

How do you avoid a Phishing Scam

• DO NOT respond to the e-mail.

• DO NOT provide personal information.

22

Work Cited

http://www.uab.edu/it/email/spoofs.html

http://phishinginfo.org/

http://keepitsafe.auburn.edu/index3.html

http://www.sonicwall.com/phishing/index.html

http://www.marshal.com/trace/phishing_statistics.asp