PPT-Detecting Phishing Attacks:

Theory Cues and Practice CSU PDI Steve Lovaas January 8 2010 Overview What is phishing Overview of the problem Evolution of the attacks How to tackle the problem Awareness amp Attitude. & Defense!. Who am I?. Michael LaSalvia . H. as . been in the information security industry for over 10 years and has worked for several fortune 500 companies, large managed services providers as well as a SANS mentor. Amber McConahy. Trust. Multifaceted and . multidimensional. Marsh & . Dibben. (2003) definition and layers of trust. “Trust concerns a positive expectation regarding the behavior of somebody or something is a situation that entails risk to the trusting party” . Based on material by Prof. Vern . Paxson. , UC Berkeley. Detecting Attacks. Given a choice, we’d like our systems to be airtight-secure. But often we don’t have that choice. #1 reason why not: cost (in different dimensions). Avoid Falling Victim to These Cyber Threats. It’s in the news.... Ransomware Discoveries. 2005. 2012. 2013. Q1. Q2. Q3. Q4. 2014. Q1. Q2. Q3. Q4. 2015. Q1. Q2. Q3. Q4. 2016. Q1. -. Gpcoder. Reveton. Preventing Phishing Attacks by Revealing User Intentions. 10/20/2009. Loomi. Liao. Agenda. The problems. Some anti-phishing solutions. The Web Wallet solutions. The Web Wallet User Interface. User study. Paxson. , UC Berkeley. Detecting Attacks. Given a choice, we’d like our systems to be airtight-secure. But often we don’t have that choice. #1 reason why not: cost (in different dimensions). A (messy) alternative: detect misuse rather than build a system that can’t be misused. Detecting Variation. In populations or when comparing closely related species, one major objective is to identify variation among the samples. AKA, one of the main goals in genomics is to identify what genomic features make individuals/populations/species different. Spam:. Spam is unsolicited or undesired electronic junk mail. Characteristics of spam are:. Mass . mailing to large number of recipients. Usually a commercial advertisement. Annoying but usually harmless unless coupled with a fraud based phishing scam . Avoid Falling Victim to These Cyber Threats. It’s in the news.... Ransomware Discoveries. 2005. 2012. 2013. Q1. Q2. Q3. Q4. 2014. Q1. Q2. Q3. Q4. 2015. Q1. Q2. Q3. Q4. 2016. Q1. -. Gpcoder. Reveton. Information Security Assistant . Division of Information Technology. What is Phishing?. Phishing email messages, websites, and phone calls are designed to steal . money or sensitive information. . Cybercriminals can do this by . Rakesh . Verma. Computer Science Department. University of Houston. Houston, TX. Motivation. Explosion of Devices and Interconnectivity . How big is the Internet? . An estimated 2.2 billion people access the net regularly from a computer, smart phone, tablet, TV, or other device. [health-information-technology.net/internet-size/. CS2550 Foundations of Cybersecurity Social Engineering Focus on the Human Cybersecurity is not just about computers People play equally critical roles Authentication principals Holders of important information Alina Stechyshyn,. USNH Cybersecurity Analyst. Phishing attacks are on the rise. Phishing attacks: # 1 attack in higher ed now.. Phishing attacks: 95% of all cyber-attacks on enterprise networks. UNH: email filtering policies + security operations folks. Natallia. . Dziatsel. Mateusz . Czernikiewicz. Matt Baker. The use of electronic communication, mainly email, to trick someone into providing sensitive passwords that will allow access to bank accounts, credit card information, and related data.