Phishing
description
Transcript of Phishing
By The Blank Mind GroupDana FellowsJason KohutRick Barton
Darrell FraserKuo-Luen Chang
Darrell FraserKuo-Luen Chang
When phishers personalize their attacks to their intended targets to increase the probability of success.
A sneaky attempt by scammers to hijack the personal computers of top-ranking business executives.
Phishing has existed in different forms for years
Federal Level◦ CAN-SPAM (Controlling the Assault of Non-Solicited Pornography And Marketing) Act of 2003
Signed into law by George W. Bush
Sets standards for sending commercial email
It is a misdemeanor to send spam with falsified header information!
Anti-Phishing Act of 2004(never got past committee) Introduced by Senator Patrick Leahy
Anti-Phishing Act of 2005(never enacted) This law, had it passed, would have placed
large fines and lengthy prison sentences for “fake websites and bogus websites” developed for the purpose of defrauding individuals
First law to differentiate and target “phishing” specifically
No State/Local Laws in Missouri◦ Other states have enacted laws within their
borders.
Federal Laws Control Phishing because it’s Interstate Fraud
Phishing has not yet been addressed by the lawmakers of Missouri
Commercial email allowed as long as it conforms to three types of compliances:
Social Networking Websites◦ Due to their popularity, social networking
websites have become popular phishing holes.
Criminals pretending to be the IRS to attain sensitive information from U.S. taxpayers.◦ IRS Video Warning About Phishing
After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of $63.80. Please submit the tax refund request and allow us 6-9 days in order to process it.
A refund can be delayed for a variety of reasons. For example submitting invalid records or applying after the deadline.
To access the form for your tax refund, please click here
Regards, Internal Revenue Service
Compliance #3 – Sending Behavior
Jeffrey Brett Goodin
First person prosecuted under CAN-SPAM Act
Conned AOL customers by sending emails that appeared to be from AOL’s billing department, which required users to reveal their personal and credit card information
Sentenced in 2007 to 70 months
Ordered to pay over 1 million dollars to his victims.
Management needs to inform employees about the potential threats of phishing and the signs to look for.
◦ Don’t give out company login information to suspicious emails.
◦ Never login through an email from a business partner if asked. Go to their corporate website and login how you normally would.
Update internet browsers to the latest versions. ◦ Make sure your browser has the SSL (Secure
Socket Layer) certificate selected. Computer Security Programs
◦ Avira Premium Security Suite◦ McAfee SiteAdvisor◦ ESET Smart Security◦ Phishtank (SiteChecker)
Windows Mail eBay Toolbar
Definition History Problematic Behaviors Laws Compliance Guidelines Penalties Current Management Application Client Based Anti-Phishing Programs