Docsity
Log inSign up
Docsity
Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity

Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan

Guidelines and tips
Guidelines and tips
Sell on Docsity
Sell on Docsity
Log inSign up

Prepare for your exams

Study with the several resources on Docsity

Find documents

Prepare for your exams with the study notes shared by other students like you on Docsity

Search Store documents

The best documents sold by students who completed their studies

Search through all study resources
Docsity AINEW

Summarize your documents, ask them questions, convert them into quizzes and concept maps

Explore questions

Clear up your doubts by reading the answers to questions asked by your fellow students

Earn points to download

Earn points by helping other students or get them with a premium plan

Share documents
download point icon20 Points

For each uploaded document

Answer questions
download point icon5 Points

For each given answer (max 1 per day)

All the ways to get free points
Get points immediately

Choose a premium plan with all the points you need

Study Opportunities

Choose your next study program

Get in touch with the best universities in the world. Search through thousands of universities and official partners

Community

Ask the community

Ask the community for help and clear up your study doubts

University Rankings

Discover the best universities in your country according to Docsity users

Free resources

Our save-the-student-ebooks!

Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors

From our blog

Exams and Study
Go to the blog

Phishing: A Scam to Steal Private Information - Prof. Abigail C. Chapin, Study notes of Computer Science

Harford Community CollegeComputer Science
Prof. Abigail C. Chapin

Phishing is a criminal mechanism employing social engineering and technical subterfuge to steal consumers' personal identity data and financial account credentials. The background, description, risks, and examples of phishing attacks, as well as protection methods and training for users.

Typology: Study notes

Pre 2010

Uploaded on 08/19/2009

koofers-user-a6g
koofers-user-a6g 🇺🇸

10 documents

1 / 4

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CIS0
Phishing A scam to steal private information
Background
Summary: Phishing is when an attacker sends an e-mail or displays a
Web announcement that falsely claims to be from a legitimate
organization. The intention of the messenger is to trick the user into
surrendering private information.
Description: A more specific definition is offered by the Anti-phishing Working Group (APWG):
Phishing is a criminal mechanism employing both social engineering and technical subterfuge
to steal consumers’ personal identity data and financial account credentials. The victim in a
phishing attack is asked to respond to an e-mail or is directed to a Web site to update personal
information, such as passwords, credit card numbers, Social Security numbers, bank account
numbers, or other information. This is often information that the legitimate organization would
already have. However, the web site or email recipient is actually a fake, and any information
given is stolen.
Risk: A successful Phishing attack can lead to online identity theft. By capturing a user’s
personal information, an attacker can gain access to the user’s account on a legitimate Web
site. The activities of the attacker could lead to substantial financial loss to the user, denial of
access to e-mail, or other losses.
Example of Occurrence: On the weekend of January 3, 2009, several users on the social
network Web site Twitter became victims of a phishing attack. The users were deceived into
giving away their passwords when they received an e-mail similar to one that they would receive
from Twitter with a link that read, ―hey, check out this funny blog about you…‖. The link seemed
to go to the real Twitter site, but was actually a fake site at another domain (that is, not on
Twitter's computers) designed to look the same. Any personal information entered by the user
on the fake site was then captured by the attacker.
Twitter responded by reporting the offending domain, and changing the affected users’
passwords.
What sort of Twitter would give away their password?
http://www.guardian.co.uk/technology/2009/jan/08/twitter-barack-obama-britney-spears-micro-blog-networking
pf3
pf4

Partial preview of the text

Download Phishing: A Scam to Steal Private Information - Prof. Abigail C. Chapin and more Study notes Computer Science in PDF only on Docsity!

Phishing – ―A scam to steal private information‖

Background

Summary: Phishing is when an attacker sends an e-mail or displays a Web announcement that falsely claims to be from a legitimate organization. The intention of the messenger is to trick the user into surrendering private information.

Description: A more specific definition is offered by the Anti-phishing Working Group (APWG): ―Phishing is a criminal mechanism employing both social engineering and technical subterfuge to steal consumers’ personal identity data and financial account credentials.‖ The victim in a phishing attack is asked to respond to an e-mail or is directed to a Web site to update personal information, such as passwords, credit card numbers, Social Security numbers, bank account numbers, or other information. This is often information that the legitimate organization would already have. However, the web site or email recipient is actually a fake, and any information given is stolen.

Risk: A successful Phishing attack can lead to online identity theft. By capturing a user’s personal information, an attacker can gain access to the user’s account on a legitimate Web site. The activities of the attacker could lead to substantial financial loss to the user, denial of access to e-mail, or other losses.

Example of Occurrence: On the weekend of January 3, 2009, several users on the social network Web site Twitter became victims of a phishing attack. The users were deceived into giving away their passwords when they received an e-mail similar to one that they would receive from Twitter with a link that read, ―hey, check out this funny blog about you…‖. The link seemed to go to the real Twitter site, but was actually a fake site at another domain (that is, not on Twitter's computers) designed to look the same. Any personal information entered by the user on the fake site was then captured by the attacker.

Twitter responded by reporting the offending domain, and changing the affected users’ passwords.

What sort of Twitter would give away their password? http://www.guardian.co.uk/technology/2009/jan/08/twitter-barack-obama-britney-spears-micro-blog-networking

A Phishing E-Mail Example

Protection Against Phishing

  1. Point your browser to http://upload.wikimedia.org/wikipedia/en/f/fb/Paypal_Phishing.png. This shows an email that says it comes from Paypal. The Web address in the box, http//211.248.156/Paypal/cgi-bin/webscrcmd_login.php, appears when the user mouse-over the “Click here to verify your account” link. Complete the security checklist for this email and turn it in. What suspicious phrases do you see in the email?
  2. Do one of the following

a. Play at least two games of Anti-Phishing Phil at http://cups.cs.cmu.edu/antiphishing_phil/. Create a “blacklist” of the phishing Web site addresses you encountered, and a “whitelist” of the legitimate Web sites.

b. Take the “SonicWall Phishing and Spam IQ Test” a couple of times (http://www.sonicwall.com/phishing/). Look at the test result sheet. For at least two of the Subjects listed, click on the “Why?” link that appears under the “Explain Answer Column.” The e-mail you viewed for that question should re- appear—this time with explanations. Summarize the explanations in your own words.

Extra Credit +10 each

For the following, you may do a web search, or if you or someone you know has experienced one of these attacks, you may use that information.

  1. In recent years, a more insidious form of phishing, known as spear phishing , has taken root. Spear phishing is customized to a particular user. It often addresses the recipient directly (by name) and may include other personal information about the user. Look up a recent example of spear phishing. What about the e-mail that makes it a suspected phish?
  2. Pharming is yet another recent form of phishing, which automatically redirects the user to a fake Web site—no clicking required. Look up a recent example of pharming. What about the e-mail that makes it a suspected phish?