Don’t Be “Phooled” By Phishing Federal Trade Commission National Consumers League Microsoft...
-
Upload
christiana-newton -
Category
Documents
-
view
215 -
download
0
Transcript of Don’t Be “Phooled” By Phishing Federal Trade Commission National Consumers League Microsoft...
Don’t Be Don’t Be “Phooled”“Phooled”
By PhishingBy PhishingFederal Trade CommissionFederal Trade Commission
National Consumers LeagueNational Consumers LeagueMicrosoft CorporationMicrosoft Corporation
March 31, 2005March 31, 2005
Susan GrantSusan GrantDirector, National Consumer Director, National Consumer
League’sLeague’sNational Fraud Information Center National Fraud Information Center
and and Internet Fraud Watch ProgramInternet Fraud Watch Program
Phishing StatisticsPhishing Statistics
#4 Internet Fraud#4 Internet Fraud #10 Telemarketing Fraud#10 Telemarketing Fraud
– National Fraud Information Center / Internet Fraud National Fraud Information Center / Internet Fraud WatchWatch, , National Consumers League, 2004National Consumers League, 2004
43% or 91 million U.S. adults have received a 43% or 91 million U.S. adults have received a phishing contactphishing contact
Of those 5% or 4.5 million U.S. adults have Of those 5% or 4.5 million U.S. adults have provided personal information to phishersprovided personal information to phishers
– STAR/First Data, November 2004STAR/First Data, November 2004
www.phishinginfo.orwww.phishinginfo.org g
Can You Can You Spot Spot
a Phish?a Phish?
Jacqueline BeauchereJacqueline BeauchereBusiness Strategy ManagerBusiness Strategy Manager
Microsoft CorporationMicrosoft Corporation
Deceptive AddressSource code reveals actual mail from address as “href=mailto:[email protected]”
Deceptive LinkSource code reveals that the actual address linked to is href=http://www.online-msnupdate.com/?sess=qCKWmHUBPPZwT8n4GEMNh7owHDEGt40IHKG5tAGiqGOjNeovRc&[email protected]
The difference between these two URLs could be a sign that the message is fake. (However, even if the URLs are the same, don't let down your guard, because the pop-up could be a trick, too.)
Alarmist MessageCriminals try their best to create a sense of urgency so you'll respond without thinking. Also, look for misspellings, grammatical errors, and typos--such as “…an access to MSN services for your account…”
Unpersonalized MessagesBe wary if a company you regularly do business with fails to address you by name.
Know the CompanyeBay generally does not send out emails to customers containing login links. Look carefully at the status bar for all links and URLs—the URL in the status bar for the login link is not eBay.com.
Differences between links or URLs in an email and the status bar should make you suspicious. If you receive an e-mail like this one, open a new browser window, type in the URL yourself and login into your account to see if there are any real account problems.
PHISH
Look carefully at the link. See the @ sign? This is a common phishing trick. In some browser applications, when a URL uses an @ sign, everything to the left of the @ sign is disregarded and the browser only reads to the right of the @ sign. When you see or suspect an @ trick, be suspicious. If you think that the sender of the email has no legitimate association with the domain you see there, suspect a phish.
PHISH
Aaron KornblumAaron KornblumInternet SafetyInternet Safety
Enforcement AttorneyEnforcement AttorneyMicrosoft CorporationMicrosoft Corporation
MSN Billing Phishing CaseMSN Billing Phishing Case
3 Subpoenas identified ISP
in Austria
5 Subpoena to Qwest and
investigations identified Jayson Harris in Iowa,
US
1 MS filed John Doe lawsuit in WA
6 Referred to FBI and obtained $3 million Default Judgment
2 Issued subpoenas to web hosts in
CA
4 Austrian ISP identified IP address
registered to Qwest in the US
Lydia ParnesLydia ParnesActing Director, Bureau of Acting Director, Bureau of
Consumer ProtectionConsumer ProtectionFederal Trade Commission Federal Trade Commission
Tip Number 1:
• If you get an email or pop up message that asks for personal or financial information, don’t reply, and don’t click on the link in the message. Legitimate companies don’t ask for this information by email
Tip Number 2:
• Don’t email personal or financial information.
Tip Number 3:
• Read your credit card and bank account statements as soon as you receive them to spot any unauthorized charges
Tip Number 4:
• Use anti virus software and a firewall, and keep them up-to-date.
Tip Number 5:
• Report suspicious activity to the FTC.