1

1. 2. 3. 4. 5. 6.

What is phising ? Type of phising How to avoid Phishing ? Web Safety Email Safety Report Phishing and Spam

1. 2. 3. 4. 5. 6.

What is phising ? Type of phising How to avoid Phishing ? Web Safety Email Safety Report Phishing and Spam

Phishing is a way of fraudulently acquiring sensitive information using social engineering and technical subterfuge.

1. 2. 3. 4. 5. 6.

What is phising ? Type of phising How to avoid Phishing ? Web Safety Email Safety Report Phishing and Spam

Email Phishing e-mails can appear to come from legitimate institutions such as your bank, e-commerce site, credit card company, etc., but they really come from a criminal trying to steal information

Web Site If you follow a link from an email or from an untrustworthy web site, it may take you to a site clone that records your information before logging you into the real site

IM With IM phishing, you will get an IM from someone claiming to be support for your IM provider, asking you for account information

1. 2. 3. 4. 5. 6.

What is phising ? Type of phising How to avoid Phishing ? Web Safety Email Safety Report Phishing and Spam

10

Dont click the link Never send sensitive account information by e-mail Never give any password out to anyone Verify any person who contacts you (phone or email).

11

Dear Valued Member, According to our terms of services, you will have to confirm your e-mail by the following link, or your account will be suspended for security reasons. http://www.uc.edu/confirm.php?account=d.mich.mal@uc.e du After following the instructions in the sheet, your account will not be interrupted and will continue as normal. Thanks for your attention to this request. We apologize for any inconvenience. Sincerely, Uc Abuse Department
http://www.nbmd.cn/Confirmation_Sheet.pif

12

When I am heard, and what I say is solely I draw near to one of them, the lowest, Oh you builders, At these masses the snow hides from me. at balls hit again and again toward her offspring. Appendices As it sits there like an eventual Of a far barn, just where the road curves sharply Pierced by the mist that fades away, And trumpet at his lips; nor does he cast The surge of swirling wind defines Merely a mockery of spring In search of brighter green to come. No way!

13

Fifth Third Bank: 0fficial Information.

http://pacesettermarketing.ca/www.bankofamerica.com/index.html

14

1. 2. 3. 4. 5. 6.

What is phising ? Type of phising How to avoid Phishing ? Web Safety Email Safety Report Phishing and Spam

15

Use the latest products and services to help warn and protect you from online scams

16

 Microsoft Phishing Filter

Included in Internet Explorer 7 (or higher) or Windows Live Toolbar Phishing Filter helps protect you from Web fraud and the risks of personal data theft by warning or blocking you from reported phishing Web sites.

17

 Windows Live OneCare

New antivirus and comprehensive computer health services

Windows Defender
Helps prevent spyware or other unwanted software

18

Basic Checklist
Install a reputable Anti-Virus package
McAfee is free to UC personnel: www.uc.edu/infosec Look for Free Anti-Virus (upper righthand corner)

19

 Set up your system to automatically download and install critical updates

Go to Start > Programs > Accessories > System Tools > Windows Security Center Click on Automatic Updates Select Automatic, choose the appropriate time and Click OK.

20

If you are using a non-windows system, check this link for patches: http://www.uc.edu/infosec/software/ KNOW the site you are on before you provide any personal information

21

Good Site or Bad?

24

Good Site or Bad?

25

Closer look

26

1. 2. 3. 4. 5. 6.

What is phising ? Type of phising How to avoid Phishing ? Web Safety Email Safety Report Phishing and Spam

27

 73% of all e-mail sent in 2004 was SPAM, including phishing attempts. America Online currently blocks over 3 billion SPAM e-mails per day. With this many e-mails floating around, everyone needs to be aware of what to look for in e-mail.

28

 Learn to identify suspicious email If you think something seems wrong report it then delete it immediately
FTC: spam@uce.gov www.antiphishing.org

29

 If you get a window asking you to install something when you open an e-mail, click No or exit, and then delete the e-mail If an e-mail contains a link, DONT CLICK on it. In fact, dont click the email anywhere

30

 Never open e-mail attachments from someone you do not know. Make sure your computer has an anti-virus package installed.

31

 Never buy anything from a Spam e-mail; Spam continues to exist because it works Do not respond to any Spam, even if there is a Stop bugging me link.
This only confirms for the spammer that they have a working email address.

Do not use your e-mail address to sign up for things on the Internet without reading the companys privacy policy (make sure they wont sell your e-mail address to other companies).

32

Outlook

33

VERY URGENT
Dear Sir, I am Mr. charles taylor (Jnr.) son of former Liberian President Charles Taylor of liberia. My family have $35m to invest. the funds are deposited in a Security Company here in (South Africa) and we need a trusted foreigner that will assist us invest the funds. Please reply me on this email address: jnrctaylor@hotmail.com and also include your phone number for further discussion. Mr. Charles Taylor (Jnr.)

35

Job
Hello, I am representing Company SPB Stream, which is looking for full-time/part-time financial contractors. SPB Stream is an international trading company and we are looking for employees that are eligible to work with financial correspondence. Requirements: - basic computer knowledge, - approximately 2 hours per day, - good communication skills, - bank account to withdraw/receive funds. Money turnover of our company has already reached certain amounts and we are looking for regional managers, who are able to manage customers database. Salary is based on the contract and depends on amount of work. Usually it is about $35000 per year, except for taxes. This is a part-time job and you will need to prove correspondence in order to qualify for higher rates and full-time job status.

As regional employee you will have good perspective to increasing workload and salary in accordance with your efforts.
Please visit www.spbstream.com for more details.

36

Be safe in this new year

Good day, I want you to read this message very carefully. You dont know me and have no need of knowing who I am for now. What you do need to know is that I have being paid $50,000 to terminate you. Do not contact the police or FBI or try to send a copy of this message to them. Do not show this message to anyone else. I am watching you very closely. I will know. If you contact anyone, I will be forced to cover my tracks. I will do what I have been paid to do. My employers is someone that I believe you call a friend. This person gave me the a list of reasons for the hit. I have followed you closely for 9 days now and have learned that you are innocent of the accusations. As I believe you are innocent and I am a business man, I will make you an offer. This offer will be made only once. If you meet my price, I will agree to cancel the contract. More than this, I will provide to you a recording of my employer discussing the termination. It should be more than enough evidence for you to have him arrested (if you wish to). I was paid $50,000 to kill you. You must pay me $50,000 to cancel that contract. I will give you 5 days in order to gather the money. As I see you are complying, I will contact you with instructions as to how it is to be delivered. Remember, I am watching you. Closely. I will know if you are not complying or if you attempt to run. In either case, you will not hear from me again. I will simply take action. However, if you do as I ask, you have nothing to fear from me. Lucky You.

37

1. 2. 3. 4. 5. 6.

What is phising ? Type of phising How to avoid Phishing ? Web Safety Email Safety Report Phishing and Spam

38

 Send suspicious emails to the FTC and www.antiphishing.org

Create a new mail to reportphishing@antiphishing.org and spam@uce.gov Drag and drop the phishing email from your inbox onto this new email message
In Netscape drop it on the 'attachment' area

Do not use "forward" if you can help it, as this approach loses information and requires more manual processing. The exception is when you use the Web interface to outlook: in that case forward is the only option.

39

40

[1] http://escience.anu.edu.au/lecture/comp171 0/phish/printNotes.en.html [2] http://en.wikipedia.org/wiki/Phishing [3] http://security.fnal.gov/talks/ [4] http://www.stanford.edu/~ouster/cgibin/cs142-fall10/lectures.php

41

42