2
Charity or Chicanery? This has been a year filled with natural disasters – tornadoes, earthquakes, droughts, wildfires, and floods. The devastation to lives and property has been overwhelming and makes us want to help the victims, frequently through donations of money. But be careful: the Federal Internet Crime Complaint Center (IC3) has issued an alert warning you that bad times frequently bring out bad people. When you make a donation to a charity, be sure to protect yourself by following these straightforward guidelines: Never respond to unsolicited email. Delete it. Be skeptical of people representing themselves as officials using email to solicit for donations. Never click on a link in an unsolicited email. Be cautious of email claiming to contain pictures in attachments. The attachments might contain viruses. Donate directly to known charities. If you are not familiar with a particular charity, the Internet can provide a wealth of information. By using this easy strategy, you can ensure that your hard-earned dollars are going exactly where you want them to go. Fall 2008 When U.S. legislators ratified the Anti-Spam Act of 2003, there was a notable exclusion – political candidates are still allowed to solicit contributions via email. This is a mixed blessing. It allows political candidates to quickly reach millions of potential contributors, but it also provides a golden opportunity for phishers. During the 2000 presidential election, phishing was still in its infancy and its impact was minimal. Then in 2004, phishers targeted the Kerry-Edwards campaign because they were actively using the Internet to communicate. One of the known attacks was an email directing people to a phony website soliciting donations. Many people willingly provided credit card and other personal information thinking that they were supporting their chosen candidate. In another scam, an email requested that the recipient call a specific 900 number to discuss the issues. Those who called the number were billed at $1.99 per minute. Neither perpetrator was caught. Now phishing attacks have gained momentum and the 2008 presidential campaign is a well-stocked phishing pond! Here are some common sense suggestions to make sure your money goes where you want it to. 1. If you receive an email soliciting a donation, do a little research before responding. Both candidates and phishers are counting on your impulsiveness. 2. Do not click on any link in the email or view any attachments. The safest action is to contact local campaign headquarters by telephone or in person. They can give you the official campaign website address. 3. Be aware that there are “sounds like” web URLs that can be used for phishing expeditions, so make sure you repeat the website address back to verify it. 4. Keep in mind that you should contact them. Do not respond to an unsolicited telephone request for a campaign contribution. Unsolicited calls can be vishing attacks! The election promises to be an exciting one and we encourage your participation – just do it in a way that protects your personal finances and information! Phishing on the Campaign Trail Protecting yourself against phishing attacks is really quite simple. 1. Make a call to verify information. Make sure you use the phone number in your rolodex, not one provided in a suspicious email. 2. Type it yourself. Don’t just click on a link or cut and paste it onto your browser. Type your trusted URL yourself and you’ll get to the real destination. 3. Beef up your security. There’s no good reason not to have anti-virus, anti-spam, and spyware detection on your computer. There are inexpensive software bundles available and even free programs you can download from the Internet. 4. Read your bank and credit card statements. Take a quick scan of your statements as soon as they arrive. If you see something suspicious, it’s much better to check it out sooner rather than later. 5. Recognize the Sharks. Visit the Maine Anti-Phishing Coalition website at www.noPhishing.org for the latest information on phishing attacks and links to helpful resources. Five Easy Pieces (of advice) The Official Newsletter of noPhishing.org

Phishing on the Campaign Trail

  • Upload
    others

  • View
    0

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Phishing on the Campaign Trail

Charityor Chicanery?

Thishasbeenayearfilledwith

naturaldisasters–tornadoes,

earthquakes,droughts,wildfires,

andfloods.Thedevastationto

livesandpropertyhasbeen

overwhelmingandmakesuswant

tohelpthevictims,frequently

throughdonationsofmoney.

Butbecareful:theFederalInternet

CrimeComplaintCenter(IC3)has

issuedanalertwarningyouthatbad

timesfrequentlybringoutbadpeople.

Whenyoumakeadonationtoacharity,

besuretoprotectyourselfbyfollowing

thesestraightforwardguidelines:

•Neverrespondtounsolicitedemail.

Deleteit.

•Beskepticalofpeoplerepresenting

themselvesasofficialsusingemail

tosolicitfordonations.

•Neverclickonalinkinan

unsolicitedemail.

•Becautiousofemailclaiming

tocontainpicturesinattachments.

Theattachmentsmight

containviruses.

•Donatedirectlytoknowncharities.

Ifyouarenotfamiliarwitha

particularcharity,theInternet

canprovideawealthofinformation.

Byusingthiseasystrategy,you

canensurethatyourhard-earned

dollarsaregoingexactlywhere

youwantthemtogo.

Fall2008

WhenU.S.legislatorsratifiedtheAnti-Spam

Actof2003,therewasanotableexclusion–

politicalcandidatesarestillallowedto

solicitcontributionsviaemail.Thisisa

mixedblessing.Itallowspolitical

candidatestoquicklyreachmillionsof

potentialcontributors,butitalsoprovides

agoldenopportunityforphishers.

Duringthe2000presidentialelection,phishing

wasstillinitsinfancyanditsimpactwas

minimal.Thenin2004,phisherstargetedthe

Kerry-Edwardscampaignbecausetheywere

activelyusingtheInternettocommunicate.

Oneoftheknownattackswasanemail

directingpeopletoaphonywebsitesoliciting

donations.Manypeoplewillinglyprovided

creditcardandotherpersonalinformation

thinkingthattheyweresupportingtheir

chosencandidate.

Inanotherscam,anemailrequestedthat

therecipientcallaspecific900numberto

discusstheissues.Thosewhocalledthe

numberwerebilledat$1.99perminute.

Neitherperpetratorwascaught.

Nowphishingattackshavegainedmomentum

andthe2008presidentialcampaignisa

well-stockedphishingpond!Herearesome

commonsensesuggestionstomakesure

yourmoneygoeswhereyouwantitto.

1. Ifyoureceiveanemailsolicitingadonation,doalittleresearchbeforeresponding.Bothcandidatesandphishersarecountingonyourimpulsiveness.

2.Donotclickonanylinkintheemailorviewanyattachments.Thesafestactionistocontactlocalcampaignheadquartersbytelephoneorinperson.Theycangiveyoutheofficialcampaignwebsiteaddress.

3.Beawarethatthereare“soundslike”webURLsthatcanbeusedforphishingexpeditions,somakesureyourepeatthewebsiteaddressbacktoverifyit.

4.Keepinmindthatyoushouldcontactthem.Donotrespondtoanunsolicitedtelephonerequestforacampaigncontribution.Unsolicitedcallscanbevishingattacks!

Theelectionpromisestobeanexcitingone

andweencourageyourparticipation–just

doitinawaythatprotectsyourpersonal

financesandinformation!

PhishingontheCampaignTrail

Protectingyourselfagainstphishingattacksisreallyquitesimple.

1. Make a call to verify information.Makesureyouusethephonenumberinyour

rolodex,notoneprovidedinasuspiciousemail.

2. Type it yourself. Don’tjustclickonalinkorcutandpasteitontoyourbrowser.

TypeyourtrustedURLyourselfandyou’llgettotherealdestination.

3. Beef up your security. There’snogoodreasonnottohaveanti-virus,anti-spam,and

spywaredetectiononyourcomputer.Thereareinexpensivesoftwarebundlesavailable

andevenfreeprogramsyoucandownloadfromtheInternet.

4. Read your bank and credit card statements. Takeaquickscanofyourstatements

assoonastheyarrive.Ifyouseesomethingsuspicious,it’smuchbettertocheckitout

soonerratherthanlater.

5. Recognize the Sharks. VisittheMaineAnti-PhishingCoalitionwebsiteatwww.noPhishing.org

forthelatestinformationonphishingattacksandlinkstohelpfulresources.

FiveEasyPieces(ofadvice)

TheOfficialNewsletterofnoPhishing.org

MEAPC.3120-13.noPhishingNewsletterIII v3.indd 1 8/15/08 3:13:37 PM

Page 2: Phishing on the Campaign Trail

W H AT TO D O I F yO U S U S P EC T yO U ’ V E

• Immediately notify your bank.

Bepreparedtoprovidethebank

withasmuchinformationaspossible.

Theymayrequestthatyouforwardthem

thephishingemail.

• Place a fraud alert on your credit report

bycontactinganyofthethreeconsumer

creditbureausbelow.

– Equifax:1-800-525-6285;

www.equifax.com;P.O.Box740241,

Atlanta,GA30374-0241

– Experian:1-888-EXPERIAN

(397-3742);www.experian.com;

P.O.Box9532,Allen,TX75013

– TransUnion:1-800-680-7289;

www.transunion.com;FraudVictim

AssistanceDivision,P.O.Box6790,

Fullerton,CA92834-6790

Contactingoneofthesecompanies

automaticallyalertstheothertwo,who

willalsoplaceanalertintheirrecords.

Whenyoucall,aninitial90-dayfraudalert

willbeplacedonyourcreditreportanda

freecopyofyourreportwillbesenttoyou.

Thefraudalertpreventsanynewaccounts

frombeingopenedinyournamewithout

permission.Aftertheinitialfraudalerthas

expired,ifyou’vefiledapolicereportyou

canrequestanextended7-yearfraudalert.

Toobtainanextendedfraudalert,youmust

providethecreditbureauswithacopyof

yourinitialpolicereportandanyother

fraudreportstheymayrequire.

AsofFebruary,2006,Mainebecameone

ofseveralstatestoallowconsumersto

“freeze”theircreditreports.Withcertain

specificexceptions,asecurityfreeze

prohibitsacreditbureaufromreleasing

yourcreditreportoranyinformation

fromitwithoutyourexpressauthorization.

Thefreezegoesintoeffectfivebusiness

daysafterthecreditbureauhasreceived

yourletter.Aftertenbusinessdaysfrom

receivingyourlettertoplaceafreezeon

youraccount,thecreditbureauwillsend

youaconfirmationlettercontaininga

uniquePIN(personalidentificationnumber)

orpassword.KeepthisPINorpasswordin

asafeplace.Ifyourcreditfilesarefrozen,

evensomeonewhohasyournameand

SocialSecurityNumberprobablywould

notbeabletoobtaincreditinyourname.

Asecurityfreezeisfreetoidentity

theftvictimswhohaveapolicereport,

investigativereport,oracomplainttoa

lawenforcementagencyconcerning

identitytheft.

Toplaceafreeze,youmustwritetoeach

ofthethreecreditbureaus.Creditbureaus

chargea$10fee,unlessyouareavictim

whosendsacopyofyourpolicereport,

investigativereport,oracomplainttoa

lawenforcementagencyconcerning

identitytheft.

Here’swhatelseyoushoulddo:

• File a reportwithlocallawenforcement.

• Review credit card or bank statements

tomakecertainallactivitywaslegitimate.

• Formoreinformationonidentitytheft,

visittheFTCIdentityTheftwebsite.

http://www.ftc.gov/bcp/edu/microsites/

idtheft

Protect yourself!

Thiscomprehensivewebsitehasa

wealthofusefulinformationtargeted

atprotectingyouandyourpersonal

informationfromphishingattacksand

identitytheft.Itincludescommonsense

suggestionsonhowtobestprotect

yourconfidentialinformation,

up-to-datereportsofscams,whatto

doifyouthinkyourinformationhas

beencompromised,andlinkstoseveral

otherhelpfulwebsites.There’sevena

fungamecalled“PhishingScams—

AvoidtheBait”whichtestsyourability

torecognizeaphishingattempt.

SponsoredbytheMaineAnti-Phishing

Coalition(MEAPC),thewebsitestrives

toprovidetimelyandusefultopics

foryourfinancialandcybersecurity.

Memberbanksworktogetherto

maintainthesiteandtocreateposters,

newsletters,andseminarsdedicatedto

increasingyourawarenessoftechniques

usedinphishingandotherscams.

Pleaseinvestafewmomentsofyour

timeexploringwww.noPhishing.org.

Itwillbetimewellspent.

B E E N P H I S H E D

ParticipatingBanksintheMaineAnti-PhishingCoalition

MEAPC.3120-13.noPhishingNewsletterIII v3.indd 2 8/15/08 3:13:43 PM


Tracking Phishing Attacks Over Time - Amazon Web Servicespapers.have joined in the campaign against phishing. For instance, Google maintains a blacklist of phishing sites and has built

Tracking Phishing Attacks Over Time - Amazon Web Servicespapers.have joined in the campaign against phishing. For instance, Google maintains a blacklist of phishing sites and has built

Documents
How to Spot Phishing Attacks - MicroAge · How to Spot Phishing Attacks What is Spear Phishing? Like phishing ploys, spear phishing scams are designed to obtain sensitive information

How to Spot Phishing Attacks - MicroAge · How to Spot Phishing Attacks What is Spear Phishing? Like phishing ploys, spear phishing scams are designed to obtain sensitive information

Documents
The Campaign Trail

The Campaign Trail

Documents
Lessons From the Marketing Campaign Trail: Using Social Media to Engage Multicultural Communities

Lessons From the Marketing Campaign Trail: Using Social Media to Engage Multicultural Communities

Documents
Phishing Campaign Targets Login Credentials of Multiple U.S., … · phishing page hosted on the malicious domain “40-71[.]xyz”. This document was submitted to VirusTotal in Mexico

Phishing Campaign Targets Login Credentials of Multiple U.S., … · phishing page hosted on the malicious domain “40-71[.]xyz”. This document was submitted to VirusTotal in Mexico

Documents
AWARENESS OF PHISHING SCENARIO - CYBERWISER.eu · 2020. 11. 19. · Phishing attack exercise •Identify phishing indicators in an email. •Distinguish phishing from legitimate emails

AWARENESS OF PHISHING SCENARIO - CYBERWISER.eu · 2020. 11. 19. · Phishing attack exercise •Identify phishing indicators in an email. •Distinguish phishing from legitimate emails

Documents
On the UK campaign trail

On the UK campaign trail

News & Politics
Typographical lessons from retail, the subway & the campaign trail

Typographical lessons from retail, the subway & the campaign trail

Documents
SPEAR PHISHING - dandh.com...SPEAR PHISHING VS PHISHING Spear phishing and phishing attacks both leverage impersonation to commit fraud. The difference between the two is that spear

SPEAR PHISHING - dandh.com...SPEAR PHISHING VS PHISHING Spear phishing and phishing attacks both leverage impersonation to commit fraud. The difference between the two is that spear

Documents
Phishing Awareness - Valdosta State University€¦ · Types of Phishing Attacks Spear phishing - Phishing attempts directed at specific individuals or companies have been termed

Phishing Awareness - Valdosta State University€¦ · Types of Phishing Attacks Spear phishing - Phishing attempts directed at specific individuals or companies have been termed

Documents
PHISHING DIPLOMACY - Area 1 Security · 2018-12-19 · PHISHING DIPLOMACY 7 / PHISHING DIPLOMACY / AREA1SECURITY.COM Campaign Details ping - sends a connection request to another

PHISHING DIPLOMACY - Area 1 Security · 2018-12-19 · PHISHING DIPLOMACY 7 / PHISHING DIPLOMACY / AREA1SECURITY.COM Campaign Details ping - sends a connection request to another

Documents
Phishing Attacks in the Cloud Effective Strategies to ... Attacks in the Cloud – Effective Strategies to Protect Your Brand ... Launch Phishing Campaign ... SaaS introduces new concerns:

Phishing Attacks in the Cloud Effective Strategies to ... Attacks in the Cloud – Effective Strategies to Protect Your Brand ... Launch Phishing Campaign ... SaaS introduces new concerns:

Documents
Abbey-Chesterton Bridge on the Chisholm Trail · Briefing Note 2015/01 Cambridge Cycling Campaign 1 Abbey-Chesterton Bridge on the Chisholm Trail Introduction Cambridge Cycling Campaign

Abbey-Chesterton Bridge on the Chisholm Trail · Briefing Note 2015/01 Cambridge Cycling Campaign 1 Abbey-Chesterton Bridge on the Chisholm Trail Introduction Cambridge Cycling Campaign

Documents
The Quarterly Newsletter of Information Technology · In addition to this training, ITD has been running a Phishing campaign of its own through an external company. These test phishing

The Quarterly Newsletter of Information Technology · In addition to this training, ITD has been running a Phishing campaign of its own through an external company. These test phishing

Documents
Phishing & Spear Phishing - info.vadesecure.com Marketing Website... · Phishing Spear Phishing Understanding an Emerging Threat to Healthcare Organizations 5 vadesecure.com How Phishing

Phishing & Spear Phishing - info.vadesecure.com Marketing Website... · Phishing Spear Phishing Understanding an Emerging Threat to Healthcare Organizations 5 vadesecure.com How Phishing

Documents
Fidelis Threat Advisory #1013 RAT in a jar: A phishing campaign

Fidelis Threat Advisory #1013 RAT in a jar: A phishing campaign

Documents
Gone Phishing, an Anti-Phishing Program Journey€¦ · Gone Phishing, an Anti-Phishing Program Journey Ava Logan-Woods, Information Security Specialist Eshante Lovett, Information

Gone Phishing, an Anti-Phishing Program Journey€¦ · Gone Phishing, an Anti-Phishing Program Journey Ava Logan-Woods, Information Security Specialist Eshante Lovett, Information

Documents
Detecting a Phishing Attack with Phishing Intelligence ... · Detecting a Phishing Attack with Phishing Intelligence Engine (PIE) 1 Phishing Statistics: What Every Business Needs

Detecting a Phishing Attack with Phishing Intelligence ... · Detecting a Phishing Attack with Phishing Intelligence Engine (PIE) 1 Phishing Statistics: What Every Business Needs

Documents
Phishing During a Pandemic: Actors, Campaigns & Threats ... · 02/06/2020  · All Global Campaign Brand Abuse All COVID-Themed Global Campaign Brand Abuse Global vs COVID Brand Abuse

Phishing During a Pandemic: Actors, Campaigns & Threats ... · 02/06/2020  · All Global Campaign Brand Abuse All COVID-Themed Global Campaign Brand Abuse Global vs COVID Brand Abuse

Documents
GLOBAL COVID 19-RELATED PHISHING CAMPAIGN BY …...Jun 18, 2020  · India 21 June 2020 Individuals Singapore 21 June 2020 Businesses South Korea 21 June 2020 Individuals Phishing

GLOBAL COVID 19-RELATED PHISHING CAMPAIGN BY …...Jun 18, 2020  · India 21 June 2020 Individuals Singapore 21 June 2020 Businesses South Korea 21 June 2020 Individuals Phishing

Documents
Phishing and Trust. Agenda Questions? Questions? Phishing Phishing Project feedback Project feedback Trust Trust

Phishing and Trust. Agenda Questions? Questions? Phishing Phishing Project feedback Project feedback Trust Trust

Documents
Happy Trails to You: Developing the Dallas Trail Safety and Awareness Campaign

Happy Trails to You: Developing the Dallas Trail Safety and Awareness Campaign

Education
Phishing Spear Phishing - ASSP Region I€¦ · Phishing& Spear Phishing attacks are similar -key differences: •Phishingcampaign -very broad and automated, think 'spray & pray’

Phishing Spear Phishing - ASSP Region I€¦ · Phishing& Spear Phishing attacks are similar -key differences: •Phishingcampaign -very broad and automated, think 'spray & pray’

Documents
On the Campaign Trail with Congress Candidate, Priya Dutt (Pt. 1)

On the Campaign Trail with Congress Candidate, Priya Dutt (Pt. 1)

News & Politics
On the campaign trail with congress candidate, priya dutt (pt 2)

On the campaign trail with congress candidate, priya dutt (pt 2)

Documents
I. The campaign II. The election. I. The campaign -the campaign trail/the stump -canvassing -permanent campaign -“megastates” -“swing states”

I. The campaign II. The election. I. The campaign -the campaign trail/the stump -canvassing -permanent campaign -“megastates” -“swing states”

Documents
Changing Minds: The Campaign for Skyland Trail

Changing Minds: The Campaign for Skyland Trail

Documents
OILRIG CAMPAIGN ANALYSIS - SHI · 7 Malware Samples for Analysis 8 Campaign Targets ... When translated from Turkish to English this likely means “military coup.” The phishing

OILRIG CAMPAIGN ANALYSIS - SHI · 7 Malware Samples for Analysis 8 Campaign Targets ... When translated from Turkish to English this likely means “military coup.” The phishing

Documents
Hostile Media and the Campaign Trail: Perceived Media Bias ...terpconnect.umd.edu/~nan/738readings/Huge Glynn...Hostile Media and the Campaign Trail M. Huge & C. J. Glynn candidate

Hostile Media and the Campaign Trail: Perceived Media Bias ...terpconnect.umd.edu/~nan/738readings/Huge Glynn...Hostile Media and the Campaign Trail M. Huge & C. J. Glynn candidate

Documents
Following Joe Peters on the Campaign trail

Following Joe Peters on the Campaign trail

News & Politics