Beruflich Dokumente
Kultur Dokumente
your valuable personal data, such as credit card numbers, passwords, account data, or other information. Con artists might send millions of fraudulent e-mail messages that appear to come from Web sites you trust, like your bank or credit card company, and request that you provide personal information.
History of Phishing
Phreaking + Fishing = Phishing Phreaking = making phone calls for free back in 70s Fishing = Use bait to lure the target
Phishing in 1995 Target: AOL users Purpose: getting account passwords for free time Threat level: low Techniques: Similar names ( www.ao1.com for www.aol.com ), social engineering
Phishing in 2001 Target: Ebayers and major banks Purpose: getting credit card numbers, accounts Threat level: medium Techniques: Same in 1995, keylogger Phishing in 2007 Target: Paypal, banks, ebay Purpose: bank accounts Threat level: high Techniques: browser vulnerabilities, link obfuscation
As scam artists become more sophisticated, so do their phishing e-mail messages and pop-up windows. They often include official-looking logos from real organizations and other identifying information taken directly from legitimate Web sites.
Phishing email appears to arrive from someone known to the victim Use spoofed identity of trusted organization to gain trust Urge victims to update or validate their account Threaten to terminate the account if the victims not reply Use gift or bonus as a bait Security promises
Context-aware attacks
Your bid on eBay has won! The books on your Amazon wish list are on sale!
Example.
Con artists also use Uniform Resource Locators (URLs) that resemble the name of a well-known company but are slightly altered by adding, omitting, or transposing letters. For example, the URL "www.microsoft.com" could appear instead as: www.micosoft.com www.mircosoft.com www.verify-microsoft.com
Never respond to an email asking for personal information Always check the site to see if it is secure. Call the phone number if necessary Never click on the link on the email. Retype the address in a new window Keep your browser updated Keep antivirus definitions updated Use a firewall
Install the Microsoft Phishing Filter Using Internet Explorer 7 or Windows Live Toolbar
Phishing Filter (http://www.microsoft.com/athome/security/online/phishing _filter.mspx) helps protect you from Web fraud and the risks of personal data theft by warning or blocking you from reported phishing Web sites. Install up-to-date antivirus and antispyware software. Some phishing e-mail contains malicious or unwanted software (like key loggers) that can track your activities or simply slow your computer. Numerous antivirus programs exist as well as comprehensive computer maintenance services like Norton Utilities. To help prevent spyware or other unwanted software, download Windows Defender.
Thank You