SlideShare a Scribd company logo

PPT on Phishing

Download as PPTX, PDF
P
Pankaj Yadav

This document discusses phishing, which is an attempt to acquire personal information like usernames, passwords, and credit card details under false pretenses. It covers common phishing techniques like link manipulation and website forgery. It also discusses types of phishing like deceptive, malware-based, and DNS-based phishing. The document outlines causes of phishing like misleading emails and lack of user awareness. It proposes both technical and social approaches to anti-phishing and examines the effects of phishing like identity theft and financial loss. Finally, it recommends defenses like education and detection tools to counter phishing attacks.

Related slideshows

Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You Safe
 
Phishing
PhishingPhishing
Phishing
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
 
1 of 19
Submitted To: Submitted By: Er. Sadik Khan Pankaj Yadav 131234040031 Phishing
Content  Introduction  Phishing Techniques  Phishing Examples  Types of Phishing  Causes of Phishing  Anti Phishing  Effects of Phishing  Defend against Phishing Attacks  Conclusion  Reference
Introduction  Phishing is the act of attempting to acquire information such as username, password and credit card details as a trustworthy entity in an electronic communication.  Communications purporting to be from popular social web sites ,auction sites, online payment process or IT administrators are commonly used to lure the unsuspecting public .Phishing emails may contain links to websites that are infected with malware.
Phishing Techniques  LINK MANIPULATION
Phishing Techniques  FILTER EVASION : (By Pass cheat code)
Phishing Techniques WEBSITE FORGERY : Some phishing scams use JavaScript commands in order to alter the address bar. This is done either by placing a picture of a legitimate URL over the address bar, or by closing the original bar and opening up a new one with the legitimate URL
Phishing Techniques PHONE PHISHING :
Phishing Examples  In this example, targeted at South Trust Bank users, the phisher has used an image to make it harder for anti-phishing filters to detect by scanning for text commonly used in phishing emails.
Phishing Examples
Types of Phishing  Deceptive - Sending a deceptive email, in bulk, with a “call to action” that demands the recipient click on a link.  Malware-Based - Running malicious software on the user’s machine. Various forms of malware-based phishing are :  Key Loggers & Screen Loggers  Session Hijackers (Cookies )  Web Trojans  Data Theft
Types of Phishing  DNS-Based - Phishing that interferes with the integrity of the lookup process for a domain name. Forms of DNS-based phishing are:  Hosts file poisoning  Polluting user’s DNS cache  Proxy server compromise  Man-in-the-Middle Phishing - Phisher positions himself between the user and the legitimate site.
Types of Phishing  Content-Injection – Inserting malicious content into legitimate site. Three primary types of content-injection phishing:  Hackers can compromise a server through a security vulnerability and replace or augment the legitimate content with malicious content.  Malicious content can be inserted into a site through a cross-site scripting vulnerability.  Malicious actions can be performed on a site through a SQL injection vulnerability.
Causes of Phishing  Misleading e-mails  No check of source address  Vulnerability in browsers  No strong authentication at websites of banks and financial institutions  Limited use of digital signatures  Non-availability of secure desktop tools  Lack of user awareness  Vulnerability in applications
Anti Phishing  A. Social responses  B. Technical approaches  1. Helping to identify legitimate websites.  2. Browsers alerting users to fraudulent websites.  3. Eliminating Phishing mail.  4. Monitoring and takedown.  C. Legal approaches
Effects of Phishing  Internet fraud  Identity theft  Financial loss to the original institutions  Difficulties in Law Enforcement Investigations  Erosion of Public Trust in the Internet.
Defend against Phishing Attacks  Preventing a phishing attack before it begins  Detecting a phishing attack  Preventing the delivery of phishing messages  Preventing deception in phishing messages and sites  Counter measures  Interfering with the use of compromised information
Conclusion  No single technology will completely stop phishing.  However, a combination of good organization and practice, proper application of current technologies, and improvements in security technology has the potential to drastically reduce the prevalence of phishing and the losses suffered from it.
Reference  www.phishtank.com  https://en.wikipedia.org/wiki/Phishing  https://safety.yahoo.com/Security/PHISHING-SITE.html 
PPT on Phishing

More Related Content

PPT on Phishing

  • 1. Submitted To: Submitted By: Er. Sadik Khan Pankaj Yadav 131234040031 Phishing
  • 2. Content  Introduction  Phishing Techniques  Phishing Examples  Types of Phishing  Causes of Phishing  Anti Phishing  Effects of Phishing  Defend against Phishing Attacks  Conclusion  Reference
  • 3. Introduction  Phishing is the act of attempting to acquire information such as username, password and credit card details as a trustworthy entity in an electronic communication.  Communications purporting to be from popular social web sites ,auction sites, online payment process or IT administrators are commonly used to lure the unsuspecting public .Phishing emails may contain links to websites that are infected with malware.
  • 5. Phishing Techniques  FILTER EVASION : (By Pass cheat code)
  • 6. Phishing Techniques WEBSITE FORGERY : Some phishing scams use JavaScript commands in order to alter the address bar. This is done either by placing a picture of a legitimate URL over the address bar, or by closing the original bar and opening up a new one with the legitimate URL
  • 8. Phishing Examples  In this example, targeted at South Trust Bank users, the phisher has used an image to make it harder for anti-phishing filters to detect by scanning for text commonly used in phishing emails.
  • 10. Types of Phishing  Deceptive - Sending a deceptive email, in bulk, with a “call to action” that demands the recipient click on a link.  Malware-Based - Running malicious software on the user’s machine. Various forms of malware-based phishing are :  Key Loggers & Screen Loggers  Session Hijackers (Cookies )  Web Trojans  Data Theft
  • 11. Types of Phishing  DNS-Based - Phishing that interferes with the integrity of the lookup process for a domain name. Forms of DNS-based phishing are:  Hosts file poisoning  Polluting user’s DNS cache  Proxy server compromise  Man-in-the-Middle Phishing - Phisher positions himself between the user and the legitimate site.
  • 12. Types of Phishing  Content-Injection – Inserting malicious content into legitimate site. Three primary types of content-injection phishing:  Hackers can compromise a server through a security vulnerability and replace or augment the legitimate content with malicious content.  Malicious content can be inserted into a site through a cross-site scripting vulnerability.  Malicious actions can be performed on a site through a SQL injection vulnerability.
  • 13. Causes of Phishing  Misleading e-mails  No check of source address  Vulnerability in browsers  No strong authentication at websites of banks and financial institutions  Limited use of digital signatures  Non-availability of secure desktop tools  Lack of user awareness  Vulnerability in applications
  • 14. Anti Phishing  A. Social responses  B. Technical approaches  1. Helping to identify legitimate websites.  2. Browsers alerting users to fraudulent websites.  3. Eliminating Phishing mail.  4. Monitoring and takedown.  C. Legal approaches
  • 15. Effects of Phishing  Internet fraud  Identity theft  Financial loss to the original institutions  Difficulties in Law Enforcement Investigations  Erosion of Public Trust in the Internet.
  • 16. Defend against Phishing Attacks  Preventing a phishing attack before it begins  Detecting a phishing attack  Preventing the delivery of phishing messages  Preventing deception in phishing messages and sites  Counter measures  Interfering with the use of compromised information
  • 17. Conclusion  No single technology will completely stop phishing.  However, a combination of good organization and practice, proper application of current technologies, and improvements in security technology has the potential to drastically reduce the prevalence of phishing and the losses suffered from it.
  • 18. Reference  www.phishtank.com  https://en.wikipedia.org/wiki/Phishing  https://safety.yahoo.com/Security/PHISHING-SITE.html 