Freud and Phishing: The Psychology Behind Internet Scams - PowerPoint PPT Presentation

1 / 38
About This Presentation
Title:

Freud and Phishing: The Psychology Behind Internet Scams

Description:

Freud and Phishing: The Psychology Behind Internet Scams. JC ... 93 Bank of America online banking account logins. 2,609 Hotmail email ... Being Naughty ' ... – PowerPoint PPT presentation

Number of Views:406
Avg rating:3.0/5.0
Slides: 39
Provided by: GLT
Category:

less

Transcript and Presenter's Notes

Title: Freud and Phishing: The Psychology Behind Internet Scams


1
Freud and PhishingThe Psychology Behind
Internet Scams
  • JC Lamkin, CNA, PMP
  • Gypsy Lane Technologies
  • Philadelphia, PA 19144
  • (215) 843-1039
  • Jc.lamkin_at_gltMYpc.com
  • http//www.gltMYpc.com
  • Twitter.com/TechCrusader

2
What is Phishing?
3
Making Money with Phish
  • 2,000,000 emails are sent
  • 5 get to the end user 100,000 (APWG)
  • 5 click on the phishing link 5,000 (APWG)
  • 2 enter data into the phishing site 100
    (Gartner)
  • 1,200 from each person who enters data (FTC)
  • Our potential reward 120,000

4
How Much Information?
  • 4.1 million The number of credit card numbers
    discovered in ONE phishing blind drop a 4 month
    period
  • A typical day
  • Information for 13,677 accounts
  • 3,356 credit cards
  • 255 PayPal account logins
  • 1,038 eBay account logins
  • 93 Bank of America online banking account logins
  • 2,609 Hotmail email account logins

Source Washingtonpost.com (Security Fix Brian
Krebs)
5
Phish and Spam are Different
6
Psychology Phish ? Spam
  • People treat spam and phish differently
  • Take a Phishing Email and place it in an end
    users spam folder.
  • 10 of the time the user removes the phishing
    email from the spam folder and places it in their
    inbox.
  • Take a Phishing Email and place it in an
    end-users phish folder
  • The user removes the phishing email from the
    phish folder less than 0.5 of the time.

7
The Tricks of the Trade
8
Fear Youre Being Naughty
payments or donations for obscene or certain
sexually oriented goods or services.
your accountlimited for xxxcambabes.com cam
shows.
9
Fear Account Takeover
someone had used your account to make fake
bids
You must verify
no choice but to suspend your account.
10
Fear Service Deactivation 1
service(s)will be deactivated
11
Fear Service Deactivation 2
service(s)will be deactivated
12
Fear Service Deactivation 3
service(s)will be deactivated
13
Fun eBay Lottery
14
Fun eBay Conference
15
Fun eBay Anniversary
LEGIT
16
Fun Take a Survey
17
Fun Take a Survey
LEGIT
18
Confusion Account Change
19
Confusion Did I Buy This?
20
Assistance My Refund?
21
Assistance Were Here to Help
22
Assistance Fraud Detection
23
Assistance Buy Safely
LEGIT
24
Poll-time Possibilities
LEGIT?? ...Only for Poll Workers
25
Compassion No Scruples
26
Other Email Tricks
  • Multi-Stage Attacks
  • Email 1 Well be updating all our accounts
    this weekend
  • Email 2 We discovered a problem with your
    account
  • Multi-channel Attacks
  • Email contains both
  • Phishing URL
  • Phishing phone number (typically VOIP based)

27
The Domain Name Game
  • citibank-validate.info
  • earthlink-reactivation.net
  • services-bankofamerica.com
  • sales-aol.net
  • secure-ebay.com
  • msn-reactivation.net
  • secure-usbank.info
  • service-visa.net
  • verification-e-gold.com
  • customer-verification.com
  • banking-account-renewal.com

Hall of Fame
  • Phishers SSL Certificate
  • citibanhk.de
  • Duplicated Registrar Info
  • credltlyonaisse.com
  • Registering a Cyrillic a
  • paypal.com

28
Web Site Tricks
We arrive at the website. Is something phishy?
29
Web Site Tricks
There is no address bar!
30
Web Site Tricks
Now theres two!
31
More Web Site Tricks
  • Search Engine Listings
  • Common URL misspellings
  • www.mailfrontier.com
  • www.mailfronteir.com
  • www.malefrontier.com

32
Tips on Protecting Yourself from Phishing
33
Protect Yourself
  • Know your senders
  • Is this someone I do business with?
  • Is this something I was told Id receive?
  • Look for other ways to respond

34
Protect Yourself
  • Stay on guard
  • Look for clues improve your PhishingIQ
  • Dont be afraid to ask
  • Know how your system is updated
  • Protect your system
  • Check your records
  • Check your sources, snopes.com

35
Not Just a Consumer Issue
  • Operations
  • Microsoft Updates, RSA SecurID
  • Corporate credit cards
  • American Express, Visa, MasterCard
  • Purchasing and Payments
  • Ebay, PayPal
  • Network Services
  • Verizon, Earthlink
  • Web Services
  • DNS Name Registration, Hosting Companies

36
Protect Your Brand
  • Cut-and-Paste links, minimize links
  • Use personal information where possible
  • Provide non-email ways to verify
  • Use standard company domain names
  • Identify your partners
  • Set and follow standard communication practices

37
Phishing - Dont Take the Bait
  • Preemptive
  • Phishing is different than spam think Virus
  • Technology
  • Its more than a consumer issue
  • Multi-faceted solution No silver bullet
  • Psychology
  • Educate your customers/employees/yourself
  • Improve their PhishingIQ
  • Email is still Good! Really it is!

38
Freud and PhishingThe Psychology Behind
Internet Scams
  • JC Lamkin, CNA, PMP
  • Gypsy Lane Technologies
  • Philadelphia, PA 19144
  • (215) 843-1039
  • Jc.lamkin_at_gltMYpc.com
  • http//www.gltMYpc.com
  • Twitter.com/TechCrusader
  • Special thanks to infosecurity.com
Write a Comment
User Comments (0)
About PowerShow.com