Add to collection(s) Add to saved
  1. Arts & Humanities
  2. Communications
  3. Marketing

Phishing

advertisement 
By The Blank Mind Group
Dana Fellows Darrell Fraser
Jason Kohut Kuo-Luen Chang
Rick Barton
Darrell Fraser
Kuo-Luen Chang
Definition
 History
 Problematic Behaviors
 Laws
 Compliance Guidelines
 Penalties
 Current Management Application
 Client Based Anti-Phishing Programs



According to Merriam-Webster, “phishing” is “a
scam by which an email user is duped into
revealing personal or confidential information
which the scammer can use illicitly.”
Wikipedia states “in the field of computer security
phishing is the criminally fraudulent process of
attempting to acquire sensitive information such
as usernames, passwords, and credit card details
by masquerading as a trustworthy entity in
electronic communication.”
Spear
Phishing
When phishers personalize their
attacks to their intended targets to
increase the probability of success.
Whale
Phishing
A sneaky attempt by scammers to
hijack the personal computers of
top-ranking business executives.

Phishing has existed in different forms for
years
Mail scams
Telephone scams
Has evolved along with technology
Now used electronically
Gullible consumers easily duped
Mass emailing capability increases
probability of hooking victims
Phishing is a Global problem and therefore
difficult to regulate or prosecute
United States is the World Leader in
Phishing sites. See Jason Kohut’s Blog

Federal Level
◦ CAN-SPAM (Controlling the Assault of Non-Solicited
Pornography And Marketing) Act of 2003
 Signed into law by George W. Bush
 Sets standards for sending commercial email
 It is a misdemeanor to send spam with falsified
header information!

Anti-Phishing Act of 2004(never got past
committee)
 Introduced by Senator Patrick Leahy

Anti-Phishing Act of 2005(never enacted)
 This law, had it passed, would have placed large
fines and lengthy prison sentences for “fake
websites and bogus websites” developed for the
purpose of defrauding individuals
 First law to differentiate and target “phishing”
specifically

No State/Local Laws in Missouri
◦ Other states have enacted laws within their
borders.


Federal Laws Control Phishing because it’s
Interstate Fraud
Phishing has not yet been addressed by the
lawmakers of Missouri

Commercial email allowed as long as it
conforms to three types of compliances:
Compliance #1-Unsubscribe
•A method to unsubscribe from future emails must be
provided
Compliance #2 – Content: Relevant Subject Lines
•Accurate “From” lines
•Legitimate Physical address of the publisher/advertiser
•Content is exempt if it consists of national security
messages, political messages, or religious messages

Social Networking Websites
◦ Due to their popularity, social networking websites
have become popular phishing holes.

Criminals pretending to be the IRS to attain
sensitive information from U.S. taxpayers.
◦ IRS Video Warning About Phishing
After the last annual calculations of your fiscal activity we
have determined that you are eligible to receive a tax
refund of $63.80. Please submit the tax refund request
and allow us 6-9 days in order to process it.
A refund can be delayed for a variety of reasons. For
example submitting invalid records or applying after the
deadline.
To access the form for your tax refund, please click here
Regards,
Internal Revenue Service

Compliance #3 – Sending Behavior
Message cannot be sent through
an open relay
Message cannot be sent to a
harvested email address
Message cannot contain a false
header

Jeffrey Brett Goodin
 First person prosecuted under CAN-SPAM Act
 Conned AOL customers by sending emails that
appeared to be from AOL’s billing department,
which required users to reveal their personal and
credit card information
 Sentenced in 2007 to 70 months
 Ordered to pay over 1 million dollars to his victims.

Management needs to inform employees
about the potential threats of phishing and
the signs to look for.
◦ Don’t give out company login information to
suspicious emails.
◦ Never login through an email from a business
partner if asked. Go to their corporate website and
login how you normally would.

Update internet browsers to the latest
versions.
◦ Make sure your browser has the SSL (Secure Socket
Layer) certificate selected.

Computer Security Programs
◦
◦
◦
◦


Avira Premium Security Suite
McAfee SiteAdvisor
ESET Smart Security
Phishtank (SiteChecker)
Windows Mail
eBay Toolbar
Definition
 History
 Problematic Behaviors
 Laws
 Compliance Guidelines
 Penalties
 Current Management Application
 Client Based Anti-Phishing Programs

Related documents
Cardholder Alert: How to Avoid Phishing Scams
Cardholder Alert: How to Avoid Phishing Scams
Security Awareness for ISACA
Security Awareness for ISACA
The following malicious email was received by members of the
The following malicious email was received by members of the
Internet Safety - CFFinfo
Internet Safety - CFFinfo
Update from Spring and the IT Team:
Update from Spring and the IT Team:
User Interfaces and Algorithms for Fighting Phishing Jason I. Hong Carnegie Mellon University
User Interfaces and Algorithms for Fighting Phishing Jason I. Hong Carnegie Mellon University
Download
advertisement