Phishing
- 2. CONTENT
2
• Introduction
• Examples of Phishing attacks
• Common Phishing Techniques
• Causes of Phishing
• Effects of Phishing
• Protection against Phishing
• Conclusion
• Reference
- 3. INTRODUCTION
▰ A phishing attack is a method of tricking
users into unknowingly providing personal
and financial information or sending funds
to attackers.
▰ The most common form is to use email to
provide a link to what appears to be a
legitimate site but is actually a malicious
site controlled by the attacker.
3
- 4. “The fraudulent practice of sending
emails purporting to be from reputable
companies in order to induce individuals
to reveal personal information, such as
passwords and credit card numbers.
44
As per Oxford dictionary “Phishing” is:
- 5. EXAMPLES OF PHISHING ATTACKS
▰ RBI(Reserve Bank of India) phishing scam
▻ Users received an email, disguised as
originating from the RBI, which promised
them a prize money of 10Lakhs within 48
hours.
▰ Google under phishing attacks
▻ Users received a legal notice which wanted
them to refurbish their personal information
with a warning that users who did not update
their details within 30 days would lose their
account permanently. 5
- 6. COMMON PHISHING TECHNIQUES
▰ Deceptive phishing
▻ Email messages claiming to come from
recognized sources ask you to verify your
account, re-enter information or make a
payment.
▰ Malware-based phishing
▻ Malware can be present as an email
attachment or a downloadable file from a
web site for a particular issue.
6
- 7. COMMON PHISHING TECHNIQUES (Contd..)
▰ DNS based phishing (“Pharming”)
▻ Fraudsters hijack a website’s domain
name and use it to direct users to an
imposter site.
▰ Man-in-the-middle phishing
▻ Hacker will be in between the user and the
website. Whenever user enters their
information hackers will take the
information without causing interruption
to the users. 7
- 8. COMMON PHISHING TECHNIQUES (Contd..)
▰ Search Engine phishing
▻ Phishers will create web pages for fake
products, get the pages indexed by search
engines, and wait for customers to enter
their confidential information.
▰ Content-injection phishing
▻ Hackers will replace the original content
with the fake content in the website which
misdirects the user to give their sensitive
information. 8
- 9. CAUSES OF PHISHING
▰ Unawareness among public
▻ There has been lack of awareness regarding the phishing attacks among the
common masses.
▰ Unawareness of policy
▻ The fraudsters often count on victim’s unawareness of Bank/financial
institution policies and procedures for contacting customers, particularly for
issues relating to account maintenance and fraud investigation.
▰ Technical sophistication
▻ URL obfuscation is used by phishers to make phishing emails and web sites
appear more legitimate. e.g. PayPals.com instead of PayPal.com 9
- 10. EFFECTS OF PHISHING
Phishing is a serious crime in the cyber world. Due to Phishing, there may be:
▰ Financial loss
▰ Data loss
▰ Blacklisting of institutions
▰ Introduction of malware and viruses into a PC or a computer system
▰ Illegal use of user’s details
▰ Misuse of your social security number etc
▰ The phisher can also take a user’s account details and open a new account on
the name of the user for financial gain.
10
- 11. PROTECTION AGAINST PHISHING
▰ Two-factor authentication
▻ In this process you login with a
password and a secret code received
on your mobile.
▰ HTTPS Protocol
▻ HTTPS is a more secure protocol
than HTTP. These websites are
equipped with SSL (secure socket
layer) that creates a secure channel
for information transition. 11
- 12. PROTECTION AGAINST PHISHING (Contd..)
▰ Website reliability
▻ Before entering login details users
should check the padlock appeared
on the top or bottom of webpage.
▰ Hyperlink in mails
▻ Never click hyperlink in mails from
unknown or unverified sources.
12
- 13. PROTECTION AGAINST PHISHING (Contd..)
▰ Anti-phishing toolbar
▻ These toolbars run quick checks
on the sites that you are visiting
and compare them to lists of
known phishing sites.
▰ Firewalls
▻ Firewalls check where the traffic
is coming from, whether it is an
acceptable domain name or
Internet protocol. 13
- 14. CONCLUSION
Phishing will never be completely eradicated.
However, a combination of good organization and
practice, proper application of current
technologies, and improvements in security
technology has the potential to drastically reduce
the prevalence of phishing and the losses suffered
from it. User education remains the strongest and
at the same time, the weakest link to phishing
counter measures.
14
- 15. REFERENCES
▰ Paper titled “A Review on Phishing Attacks and Various Anti Phishing
Techniques”(International Journal of Computer Applications)
▰ Paper titled “Phishing Attacks and Defenses”(International Journal of Security
and Its Applications Vol. 10)
▰ https://en.wikipedia.org/wiki/Phishing
▰ https://www.tripwire.com/state-of-security/security-awareness
15