Deceptive Phishing By Yevgeniy Stupak What is it

Deceptive Phishing By: Yevgeniy Stupak

What is it? Deceptive phishing is a specific type of a phishing attack that targets emails in order to convince the unsuspecting consumer of an offer or action they must take that inevitably leads them to a bogus site to collect their private information. Information such as: usernames, passwords, bank account, credit cards, etc.

History Early phishing began on AOL. AOHell was a program designed for hackers to pose as AOL representatives. AOL IM was used to request information from unsuspecting victims. AOL was able to create stricter enforcement policies that eventually drew away hackers from their servers.

AOHell Features Fake account generator Phishing tools (such as “fisher” tool that sent IMs to random users) Punter (IM-bomb) that would log users off Mail bomb – flooded mailboxes Steve Case cloak – which would let users pose as AOL founder

Phishing Today Inuit's Turbo. Tax was a recent victim of email phishing. Customers received fake emails asking to “verify their accounts” and “update their accounts” or face an added charge. Inuit was quick to beef up their online security. State officials believe phishing was the reason for information that was used to deploy these bogus claims.

Phishing Today cont. Target was another recent phishing victim. Malicious software was installed on all domestic Target locations that would store all swiped credit cards and other personal information. And the biggest reason for this was failure to act. Target's IT team in Minneapolis failed to detect the alerts. As much as 1 in 3 consumers were affected.

Phishing Today cont. The last current example I want to talk about is Montclair State University email scams. Most recent email stated that emails were coming from “Montclair Admin” with the subject “Re: “. It would include links that would lead to a fake webpage with the University logo for credibility.

How To Prevent It? There are 7 steps to prevent phishing: 1. Guard against spam 2. Communicate over phone or secure sites 3. Don't click links, download files, or open attachments from unknown senders 4. Never email secure information 5. Beware of pop-ups 6. Protect your computer with firewall, spam filter, virus-protection and malware-protection 7. Check your online accounts and bank

Prevention Proposition I looked at how Twitter verifies celebrity and business accounts and thought why not do the same for emails? My proposition would force all corporations that use email as communication to verify their identity and would include this identification in all emails sent. This would stop email spoofing by having the identification occur only on corporate computers.

Conclusion While I do believe my proposition could work to lower phishing activity that occurs today, the biggest way to prevent it and keep it under control is to stay informed and think smart about who you give your personal information to. Think smart and don't fall for the bait.

References Turbo. Tax http: //blogs. wsj. com/totalreturn/2015/02/09/anot her-fraud-concern-for-turbotax-users/ AOHell - http: //en. wikipedia. org/wiki/AOHell Target http: //www. bloomberg. com/bw/articles/2014 -0313/target-missed-alarms-in-epic-hack-of-creditcard-data#p 1 Rules to follow http: //www. identitytheftkiller. com/preventphishing-scams. php