SlideShare a Scribd company logo

Phishing

Download as PPTX, PDF
S
SaurabhKantSahu1

This document discusses phishing, including common techniques like deceptive phishing emails and malware-based attacks. Phishing causes financial loss and data theft due to unawareness and technical sophistication of attacks. Protections include two-factor authentication, HTTPS, checking website reliability, and using anti-phishing toolbars. While phishing can't be eliminated, security technologies and user education can significantly reduce losses.

Related slideshows

Phishing attack seminar presentation
Phishing attack seminar presentation Phishing attack seminar presentation
Phishing attack seminar presentation
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniques
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
 
1 of 16
PHISHING Presented By:- Saurabh Kant Sahu
CONTENT 2 • Introduction • Examples of Phishing attacks • Common Phishing Techniques • Causes of Phishing • Effects of Phishing • Protection against Phishing • Conclusion • Reference
INTRODUCTION ▰ A phishing attack is a method of tricking users into unknowingly providing personal and financial information or sending funds to attackers. ▰ The most common form is to use email to provide a link to what appears to be a legitimate site but is actually a malicious site controlled by the attacker. 3
“The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. 44 As per Oxford dictionary “Phishing” is:
EXAMPLES OF PHISHING ATTACKS ▰ RBI(Reserve Bank of India) phishing scam ▻ Users received an email, disguised as originating from the RBI, which promised them a prize money of 10Lakhs within 48 hours. ▰ Google under phishing attacks ▻ Users received a legal notice which wanted them to refurbish their personal information with a warning that users who did not update their details within 30 days would lose their account permanently. 5
COMMON PHISHING TECHNIQUES ▰ Deceptive phishing ▻ Email messages claiming to come from recognized sources ask you to verify your account, re-enter information or make a payment. ▰ Malware-based phishing ▻ Malware can be present as an email attachment or a downloadable file from a web site for a particular issue. 6
COMMON PHISHING TECHNIQUES (Contd..) ▰ DNS based phishing (“Pharming”) ▻ Fraudsters hijack a website’s domain name and use it to direct users to an imposter site. ▰ Man-in-the-middle phishing ▻ Hacker will be in between the user and the website. Whenever user enters their information hackers will take the information without causing interruption to the users. 7
COMMON PHISHING TECHNIQUES (Contd..) ▰ Search Engine phishing ▻ Phishers will create web pages for fake products, get the pages indexed by search engines, and wait for customers to enter their confidential information. ▰ Content-injection phishing ▻ Hackers will replace the original content with the fake content in the website which misdirects the user to give their sensitive information. 8
CAUSES OF PHISHING ▰ Unawareness among public ▻ There has been lack of awareness regarding the phishing attacks among the common masses. ▰ Unawareness of policy ▻ The fraudsters often count on victim’s unawareness of Bank/financial institution policies and procedures for contacting customers, particularly for issues relating to account maintenance and fraud investigation. ▰ Technical sophistication ▻ URL obfuscation is used by phishers to make phishing emails and web sites appear more legitimate. e.g. PayPals.com instead of PayPal.com 9
EFFECTS OF PHISHING Phishing is a serious crime in the cyber world. Due to Phishing, there may be: ▰ Financial loss ▰ Data loss ▰ Blacklisting of institutions ▰ Introduction of malware and viruses into a PC or a computer system ▰ Illegal use of user’s details ▰ Misuse of your social security number etc ▰ The phisher can also take a user’s account details and open a new account on the name of the user for financial gain. 10
PROTECTION AGAINST PHISHING ▰ Two-factor authentication ▻ In this process you login with a password and a secret code received on your mobile. ▰ HTTPS Protocol ▻ HTTPS is a more secure protocol than HTTP. These websites are equipped with SSL (secure socket layer) that creates a secure channel for information transition. 11
PROTECTION AGAINST PHISHING (Contd..) ▰ Website reliability ▻ Before entering login details users should check the padlock appeared on the top or bottom of webpage. ▰ Hyperlink in mails ▻ Never click hyperlink in mails from unknown or unverified sources. 12
PROTECTION AGAINST PHISHING (Contd..) ▰ Anti-phishing toolbar ▻ These toolbars run quick checks on the sites that you are visiting and compare them to lists of known phishing sites. ▰ Firewalls ▻ Firewalls check where the traffic is coming from, whether it is an acceptable domain name or Internet protocol. 13
CONCLUSION Phishing will never be completely eradicated. However, a combination of good organization and practice, proper application of current technologies, and improvements in security technology has the potential to drastically reduce the prevalence of phishing and the losses suffered from it. User education remains the strongest and at the same time, the weakest link to phishing counter measures. 14
REFERENCES ▰ Paper titled “A Review on Phishing Attacks and Various Anti Phishing Techniques”(International Journal of Computer Applications) ▰ Paper titled “Phishing Attacks and Defenses”(International Journal of Security and Its Applications Vol. 10) ▰ https://en.wikipedia.org/wiki/Phishing ▰ https://www.tripwire.com/state-of-security/security-awareness 15
Thank You 16

More Related Content

Phishing

  • 2. CONTENT 2 • Introduction • Examples of Phishing attacks • Common Phishing Techniques • Causes of Phishing • Effects of Phishing • Protection against Phishing • Conclusion • Reference
  • 3. INTRODUCTION ▰ A phishing attack is a method of tricking users into unknowingly providing personal and financial information or sending funds to attackers. ▰ The most common form is to use email to provide a link to what appears to be a legitimate site but is actually a malicious site controlled by the attacker. 3
  • 4. “The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. 44 As per Oxford dictionary “Phishing” is:
  • 5. EXAMPLES OF PHISHING ATTACKS ▰ RBI(Reserve Bank of India) phishing scam ▻ Users received an email, disguised as originating from the RBI, which promised them a prize money of 10Lakhs within 48 hours. ▰ Google under phishing attacks ▻ Users received a legal notice which wanted them to refurbish their personal information with a warning that users who did not update their details within 30 days would lose their account permanently. 5
  • 6. COMMON PHISHING TECHNIQUES ▰ Deceptive phishing ▻ Email messages claiming to come from recognized sources ask you to verify your account, re-enter information or make a payment. ▰ Malware-based phishing ▻ Malware can be present as an email attachment or a downloadable file from a web site for a particular issue. 6
  • 7. COMMON PHISHING TECHNIQUES (Contd..) ▰ DNS based phishing (“Pharming”) ▻ Fraudsters hijack a website’s domain name and use it to direct users to an imposter site. ▰ Man-in-the-middle phishing ▻ Hacker will be in between the user and the website. Whenever user enters their information hackers will take the information without causing interruption to the users. 7
  • 8. COMMON PHISHING TECHNIQUES (Contd..) ▰ Search Engine phishing ▻ Phishers will create web pages for fake products, get the pages indexed by search engines, and wait for customers to enter their confidential information. ▰ Content-injection phishing ▻ Hackers will replace the original content with the fake content in the website which misdirects the user to give their sensitive information. 8
  • 9. CAUSES OF PHISHING ▰ Unawareness among public ▻ There has been lack of awareness regarding the phishing attacks among the common masses. ▰ Unawareness of policy ▻ The fraudsters often count on victim’s unawareness of Bank/financial institution policies and procedures for contacting customers, particularly for issues relating to account maintenance and fraud investigation. ▰ Technical sophistication ▻ URL obfuscation is used by phishers to make phishing emails and web sites appear more legitimate. e.g. PayPals.com instead of PayPal.com 9
  • 10. EFFECTS OF PHISHING Phishing is a serious crime in the cyber world. Due to Phishing, there may be: ▰ Financial loss ▰ Data loss ▰ Blacklisting of institutions ▰ Introduction of malware and viruses into a PC or a computer system ▰ Illegal use of user’s details ▰ Misuse of your social security number etc ▰ The phisher can also take a user’s account details and open a new account on the name of the user for financial gain. 10
  • 11. PROTECTION AGAINST PHISHING ▰ Two-factor authentication ▻ In this process you login with a password and a secret code received on your mobile. ▰ HTTPS Protocol ▻ HTTPS is a more secure protocol than HTTP. These websites are equipped with SSL (secure socket layer) that creates a secure channel for information transition. 11
  • 12. PROTECTION AGAINST PHISHING (Contd..) ▰ Website reliability ▻ Before entering login details users should check the padlock appeared on the top or bottom of webpage. ▰ Hyperlink in mails ▻ Never click hyperlink in mails from unknown or unverified sources. 12
  • 13. PROTECTION AGAINST PHISHING (Contd..) ▰ Anti-phishing toolbar ▻ These toolbars run quick checks on the sites that you are visiting and compare them to lists of known phishing sites. ▰ Firewalls ▻ Firewalls check where the traffic is coming from, whether it is an acceptable domain name or Internet protocol. 13
  • 14. CONCLUSION Phishing will never be completely eradicated. However, a combination of good organization and practice, proper application of current technologies, and improvements in security technology has the potential to drastically reduce the prevalence of phishing and the losses suffered from it. User education remains the strongest and at the same time, the weakest link to phishing counter measures. 14
  • 15. REFERENCES ▰ Paper titled “A Review on Phishing Attacks and Various Anti Phishing Techniques”(International Journal of Computer Applications) ▰ Paper titled “Phishing Attacks and Defenses”(International Journal of Security and Its Applications Vol. 10) ▰ https://en.wikipedia.org/wiki/Phishing ▰ https://www.tripwire.com/state-of-security/security-awareness 15