• Home

  • Documents

  • PHISH OR NO PHISH? Masquerades, Deception, and Thievery On the web…
20
PHISH OR NO PHISH? Masquerades, Deception, and Thievery On the web…

PHISH OR NO PHISH? Masquerades, Deception, and Thievery On the web…

Embed Size (px)

Citation preview

Page 1: PHISH OR NO PHISH? Masquerades, Deception, and Thievery On the web…

PHISH OR NO PHISH?

Masquerades, Deception, and Thievery

On the web…

Page 2: PHISH OR NO PHISH? Masquerades, Deception, and Thievery On the web…

“PHISHING”

“Phishing is the act of attempting to acquire information such as

usernames, passwords, and credit card details (and sometimes, indirectly,

money) by masquerading as a trustworthy entity in an electronic

communication.”

“Phishing is an example of social engineering techniques used to deceive

users, and exploits the poor usability of current web security technologies.”

The term “phishing” is a variant of fishing, probably influenced by phreaking, and alludes to "baits" used in hopes

that the potential victim will "bite" by clicking a malicious link or opening a malicious attachment, in which case

their financial information and passwords may then be stolen.

http://en.wikipedia.org/wiki/Phishing (10/16/2012)

Page 3: PHISH OR NO PHISH? Masquerades, Deception, and Thievery On the web…

TECHNIQUES

Phishing

Spear Phishing

Clone Phishing

Whaling

Link manipulation

Filter evasion

Website forgery

Phone phishing

Clone Phishing

Tab nabbing

Evil twins

Click-through syndrome

Page 4: PHISH OR NO PHISH? Masquerades, Deception, and Thievery On the web…

PHISHING SUCCESS

Phishing is profitable with only a low level of

success.1% of 1% of a web site’s visitors being “phished” can be highly profitable!

8:51 PM, 10/16/2012, the “dashboard” for CA.GOV websites indicated 29,752

visitors.

Deceive 3 people an hour, and a phisher can score one or more of the

following profitable items:• Personal identity information• Financial data• Passwords & PIN numbers• Drivers license, medical information, tax records.

Page 5: PHISH OR NO PHISH? Masquerades, Deception, and Thievery On the web…

TARGETS

Page 6: PHISH OR NO PHISH? Masquerades, Deception, and Thievery On the web…

STATISTICS

Page 7: PHISH OR NO PHISH? Masquerades, Deception, and Thievery On the web…

DEFENSE TRIFECTA

Vouch for

Website

CertificateAuthority

TLS/

SSL

Page 8: PHISH OR NO PHISH? Masquerades, Deception, and Thievery On the web…

PHISH OR NO PHISH?

The fastest growing Internet game

sweeping the nation!

Page 9: PHISH OR NO PHISH? Masquerades, Deception, and Thievery On the web…

PHISH?

Page 10: PHISH OR NO PHISH? Masquerades, Deception, and Thievery On the web…

PHISH?

Page 11: PHISH OR NO PHISH? Masquerades, Deception, and Thievery On the web…

THIS IS THE PHISH!

Page 12: PHISH OR NO PHISH? Masquerades, Deception, and Thievery On the web…

GET A LOCK!

What is the “threshold” used for

a website to get an SSL certificate

and a “LOCK?”

The Ability to Pay.

Page 13: PHISH OR NO PHISH? Masquerades, Deception, and Thievery On the web…

EV CERTIFICATE

Focuses on website owner:• Official paper trail that backs up your claim that you

(1) Own that website, and (2) Own that IP/DNS name, and (3) you are a legal entity.

User:• Offers visual cues for the users that the website

employs an EV certificate.

Page 14: PHISH OR NO PHISH? Masquerades, Deception, and Thievery On the web…

WELLS FARGO

Page 15: PHISH OR NO PHISH? Masquerades, Deception, and Thievery On the web…

USAA

Page 16: PHISH OR NO PHISH? Masquerades, Deception, and Thievery On the web…

COMPARISON

Page 17: PHISH OR NO PHISH? Masquerades, Deception, and Thievery On the web…

EV SSL CERTS…

Web browserHas built in Knowledge of EV CAs

Third Party CA

Web Site Certificate

Auditing EntityBuilt-in

knowledge

(X.509 standard)

Page 18: PHISH OR NO PHISH? Masquerades, Deception, and Thievery On the web…

HOW TO IMPLEMENT EV SSL

Get the certificate from a reputable

source.

Educate your users!!• Get them to check the address bar.

Code your website cleanly!

Page 19: PHISH OR NO PHISH? Masquerades, Deception, and Thievery On the web…

PHISH TANK

http://www.phishtank.com/phish_archive.php

http://www.phishtank.com/phish_archive.php
Page 20: PHISH OR NO PHISH? Masquerades, Deception, and Thievery On the web…

QUESTIONS?

The end


Phish market protocol

Phish market protocol

Education
Egungun Masquerades/Costumes Yoruba Peoples of Nigeria

Egungun Masquerades/Costumes Yoruba Peoples of Nigeria

Documents
No such thing as a free phish lunch

No such thing as a free phish lunch

Technology
Theme Music: Phish I am hydrogen - UMD

Theme Music: Phish I am hydrogen - UMD

Documents
STATE OF THE 2017 PHISH - info.wombatsecurity.com of the Phish 2017/Wom… · Welcome to the third annual State of the Phish ... This year’s report shows some positive trends. Organizations

STATE OF THE 2017 PHISH - info.wombatsecurity.com of the Phish 2017/Wom… · Welcome to the third annual State of the Phish ... This year’s report shows some positive trends. Organizations

Documents
Phish & Tips: Best Practices for Phishing Your Technical

Phish & Tips: Best Practices for Phishing Your Technical

Documents
PHISH framework for Streaming Graph Algorithmswsga.sandia.gov/docs/Plimpton_stream.pdf · PHISH framework for Streaming Graph Algorithms Steve Plimpton Sandia National Labs CERI/DIMACS

PHISH framework for Streaming Graph Algorithmswsga.sandia.gov/docs/Plimpton_stream.pdf · PHISH framework for Streaming Graph Algorithms Steve Plimpton Sandia National Labs CERI/DIMACS

Documents
ANATOMY OF A PHISH - Varonis · ANATOMY OF A PHISH Exploring The New Security Threats From Social Attacks, And What To Do About Them

ANATOMY OF A PHISH - Varonis · ANATOMY OF A PHISH Exploring The New Security Threats From Social Attacks, And What To Do About Them

Documents
Phish training

Phish training

Technology
Phish - Mike's Corner

Phish - Mike's Corner

Documents
The Phish Songbook v1

The Phish Songbook v1

Documents
Neuropsychiatric Masquerades Hasta Sifilis Ppt

Neuropsychiatric Masquerades Hasta Sifilis Ppt

Documents
One Phish, Two Phish, Red Phish, Your Account Details Just Got Stolen

One Phish, Two Phish, Red Phish, Your Account Details Just Got Stolen

Technology
Neuropsychiatric Masquerades: Is it a Horse or a Zebra€¦ · Neuropsychiatric Masquerades: Is it a Horse or a Zebra ... apathy, poor insight and ... Addison’s disease- fatigue,

Neuropsychiatric Masquerades: Is it a Horse or a Zebra€¦ · Neuropsychiatric Masquerades: Is it a Horse or a Zebra ... apathy, poor insight and ... Addison’s disease- fatigue,

Documents
Phish - Alpharetta 1 - Setbreak Humor

Phish - Alpharetta 1 - Setbreak Humor

Entertainment & Humor
Phish - FL Association of Management Information Systems · 2019-06-28 · Benchmark Phish-prone Percentage by Industry Energy & Utilities Financial Services Business Services Manufacturing

Phish - FL Association of Management Information Systems · 2019-06-28 · Benchmark Phish-prone Percentage by Industry Energy & Utilities Financial Services Business Services Manufacturing

Documents
Jeremy Bednarsh's Great Phish Songs

Jeremy Bednarsh's Great Phish Songs

Entertainment & Humor
Emmanuel C. Onwuzolum - The Ritual Theatricality of Igbo Masks and Masquerades

Emmanuel C. Onwuzolum - The Ritual Theatricality of Igbo Masks and Masquerades

Documents
Catching Phish with Machine Learning - Columbia University · 2018-04-23 · Inky Phish Fence Thinks this message looks suspicious. (From: id196@aexp-ip.com) 4 Report Phish Feedback

Catching Phish with Machine Learning - Columbia University · 2018-04-23 · Inky Phish Fence Thinks this message looks suspicious. (From: [email protected]) 4 Report Phish Feedback

Documents
As The Phish Turns

As The Phish Turns

Technology
Phinding Phish: Evaluating Anti-Phishing Tools

Phinding Phish: Evaluating Anti-Phishing Tools

Documents
Mummies and masquerades: English and Caribbean connections · Mummies and masquerades: English and Caribbean connections ... Millington published the analysis demonstrating that Ewing

Mummies and masquerades: English and Caribbean connections · Mummies and masquerades: English and Caribbean connections ... Millington published the analysis demonstrating that Ewing

Documents
Level Design Document: Rikhters Thievery City Level

Level Design Document: Rikhters Thievery City Level

Documents
8 th Circle-8 th Level -Thievery

8 th Circle-8 th Level -Thievery

Documents
ONE PHISH TWO PHISH THREE PHISH - ID Agent...Some internet browsers can be fitted with anti-phishing toolbars that run checks on sites before you visit and compare them to lists of

ONE PHISH TWO PHISH THREE PHISH - ID Agent...Some internet browsers can be fitted with anti-phishing toolbars that run checks on sites before you visit and compare them to lists of

Documents
I need your help MUST READ! Hey Friend! 1 phish, 2 phish, clicked phish… · 2020-07-21 · I need your help MUST READ! Hey Friend! 1 phish, 2 phish, clicked phish, data breach

I need your help MUST READ! Hey Friend! 1 phish, 2 phish, clicked phish… · 2020-07-21 · I need your help MUST READ! Hey Friend! 1 phish, 2 phish, clicked phish, data breach

Documents
Shooting phish in a barrel

Shooting phish in a barrel

Technology
WKU IT Helpdesk · PDF file•Report Security Incidents •Phishing scams •Check the Phish Bowl •Forward to phish@wku.edu •Unintentional data loss. ... •Classroom Technology

WKU IT Helpdesk · PDF file•Report Security Incidents •Phishing scams •Check the Phish Bowl •Forward to [email protected] •Unintentional data loss. ... •Classroom Technology

Documents
Phish v. Knight: Opp to Preliminary Injunction

Phish v. Knight: Opp to Preliminary Injunction

Documents
Cyber Security Awareness Month Don’t be a Phish!

Cyber Security Awareness Month Don’t be a Phish!

Documents