Upload File

phishing

25

Upload: ankita-sharma

Post on 07-Nov-2014

24 views

Category:

Documents


1 download

Report

Tags:

DESCRIPTION

All about phishing

TRANSCRIPT

Page 1: Phishing
Page 2: Phishing

PHISHING BASICS

• Pronounced "fishing“• The word has its Origin from two words “Password Harvesting” or fishing

for Passwords• Phishing is an online form of pretexting, a kind of deception in which an

attacker pretends to be someone else in order to obtain sensitive information from the victim

• Also known as "brand spoofing“• Phishers are phishing artists

Dept. of I&CT, MIT, Manipal

Page 3: Phishing

COMPARISON TO SPAM

Dept. of I&CT, MIT, Manipal

• The purpose of a phishing message is to acquire sensitive information about a user. For doing so the message needs to deceive the intended recipient.

• So it doesn’t contains any useful information and hence falls under the category of spam.

• A spam message tries to sell a product or service, whereas phishing message needs to look like it is from a legitimate organization.

• Techniques applied to spam message cant be applied naively to phishing messages.

Page 4: Phishing

ANATOMY OF PHISHING MESSAGE

Dept. of I&CT, MIT, Manipal

A raw phishing message can be split into two components:

• Content • Headers

Page 5: Phishing

ANATOMY OF PHISHING MESSAGE

Dept. of I&CT, MIT, Manipal

Sting

Page 6: Phishing

CONTENT

Dept. of I&CT, MIT, Manipal

It is further subdivided into two parts:

• Cover• Sting

Page 7: Phishing

HEADERS

Dept. of I&CT, MIT, Manipal

It is further subdivided into two parts:

• Mail clients• Mail relays

Page 8: Phishing

WHY PHISHING ATTACK!

Dept. of I&CT, MIT, Manipal

Lack of Knowledge• computer system • security and security indicators• web fraud

Visual Deception• Visually deceptive text• Images masking underlying text

Page 9: Phishing

Lack of computer knowledge

www.ebay.com www.ebay-members-security.com

Dept. of I&CT, MIT, Manipal

Page 10: Phishing

Lack of knowledge of security and security indicators

Dept. of I&CT, MIT, Manipal

Page 11: Phishing

Lack of knowledge of web-fraud

Dept. of I&CT, MIT, Manipal

Page 12: Phishing

Visually Deceptive Text

Original website Phishing website

Dept. of I&CT, MIT, Manipal

Page 13: Phishing

Image Masking Underlying Text

Dept. of I&CT, MIT, Manipal

Page 14: Phishing

MANTRA OF PHISHERS

Dept. of I&CT, MIT, Manipal

Configuration

NeglectDeceit

Page 15: Phishing

Legal Response

Dept. of I&CT, MIT, Manipal

• In the United State, Senator Patrick Leahy introduced the Anti-Phishing Act of 2005 in Congress on March 1, 2005.

http://en.wikipedia.org/wiki/Anti-Phishing_Act_of_2005
Page 16: Phishing

How to Avoid being a Phishing victim

Dept. of I&CT, MIT, Manipal

1. Never respond to requests for personal information via email. When in doubt, call the institution that claims to have sent you the email.E.g. “Dear Sir or Madam” rather than “Dear Dr. Phatak”

2. If you suspect the message might not be authentic, don't use the links within the email to get to a web page.

3. Never fill out forms in email messages that ask for confidential information

Page 17: Phishing

How to Avoid being a Phishing victim…

Dept. of I&CT, MIT, Manipal

Page 18: Phishing

How to Avoid being a Phishing victim…

4. Always ensure that you're using a secure website when submitting credit card or other sensitive information via your web browser

• check the beginning of the Web address in your browsers address bar - it should be ‘https://’ rather than just ‘http://’

• look for the locked padlock icon on your browser (i.e.Netscape/Mozilla)

Dept. of I&CT, MIT, Manipal

Page 19: Phishing

How to Avoid being a Phishing victim…

5. Regularly check your bank, credit and debit card statements to ensure that all transactions are legitimate and if anything is suspicious, contact your bank and all card issuers immediately

6. Ensure that your browser and OS software is up-to-date and that latest security patches are applied

Dept. of I&CT, MIT, Manipal

Page 20: Phishing

How to Avoid being a Phishing victim…

7. Verify the real address of a web site.

• javascript:alert("The actual URL of this site has been verified as: " + location. protocol + "//" + location. hostname +"/");

Dept. of I&CT, MIT, Manipal

Page 21: Phishing

ANALYSIS OF A PHISHING DATABASE

The Anti Phishing Working Group maintains a “Phishing Archive” • Certificate (digital certificate, public key certificate)• Certificate Authority (CA)• HTTPS• Secure Sockets Layer (SSL) and Transport Layer Security(TLS)

Dept. of I&CT, MIT, Manipal

Page 22: Phishing

MANTRA OF VICTIMS

Dept. of I&CT, MIT, Manipal

Myths

SolutionFact

Page 23: Phishing

REFERENCES1. Cannon, J.C. Privacy. Pearson Education, 2005.2. Hilley, Sarah. “Internet war: picking on the finance Sector-survey.” Computer

Fraud & Security, October 2006.3. Bellowing, Steven. “Spamming, Phishing, Authentication and Privacy.” Inside

Risks, December 20044. Mulrean, Jennifer. “Phishing scams: How to avoid Getting hooked.” Dollar Wise.5. Hunter, Philip. “Microsoft declares war on phishers.” Computer Fraud & Security

May 2006: 6. Google. http://www.google.com7. Anti-Phishing Working Group. Phishing Activity Trends Report November 2005 8. Anti-Phishing Working Group Phishing Archive.

http://antiphishing.org/phishing_archive.htm9. Ba, S. & P. Pavlov. Evidence of the Effect of Trust Building Technology in Electronic

Markets: Price Premiums and Buyer Behavior.

Dept. of I&CT, MIT, Manipal

http://www.google.com/
Page 24: Phishing

Dept. of ICT, MIT, Manipal

Page 25: Phishing

Dept. of I&CT, MIT, Manipal

THANK YOU


Phishing techniques

Who is Fighting Phishing: An Overview of the Phishing Lifecycle

Phishing Spear Phishing - ASSP Region I€¦ · Phishing& Spear Phishing attacks are similar -key differences: •Phishingcampaign -very broad and automated, think 'spray & pray’

Internet Phishing

PHISHING THREAT MALWARE REVIEW - Cofense · PHISHING THREAT AND MALWARE REVIEW: 2019 Figure 1: As identified by the Cofense Phishing Defense Center. PHISHING THREATS BY TYPE October

Anti-Phishing Technology - APWG › reports › phishing-sfectf-report.pdf · 1/19/2005 Anti-Phishing Technology 2 The frequency of phishing attacks has increased dramatically in

Phishing Awareness - Valdosta State University€¦ · Types of Phishing Attacks Spear phishing - Phishing attempts directed at specific individuals or companies have been termed

Phishing attack

Phishing & Pharming

Table of Contents - RiskSOURCE Clark-Theders › wp-content › uploads › 2019 › 05 › ... · 4 Phishing vs. Spear Phishing Often, the terms phishing and spear phishing are used

Phishing ppt

Gone Phishing, an Anti-Phishing Program Journey€¦ · Gone Phishing, an Anti-Phishing Program Journey Ava Logan-Woods, Information Security Specialist Eshante Lovett, Information

Phishing the Web · Phishing the web / Peter Panter / 20041227 Introduction to the „Phishing“ phenomenon Word Origin • Roots of the word „phishing“ derive from „fishing“,

UNCLASSIFIED//FOUO DoD Spear-Phishing Awareness Training · Spear Phishing is a GREATER threat!!! Spear Phishing is a highly targeted phishing attempt. The attacker selectively chooses

PHISHING DETECTION

Why phishing still works: user strategies for combating phishing … · 2020. 9. 23. · Why phishing still works: user strategies for combating phishing attacks Mohamed Alsharnouby,

My Phishing

Intro phishing

Table of Contents - Sutcliffe Insurance · 2020. 3. 26. · 4 Phishing versus Spear Phishing Often, the terms phishing and spear phishing are used interchangeably. However, there

Phishing Thesis

PHISHING By, Himanshu Mishra Parrag Mehta. OUTLINE What is Phishing ? Phishing Techniques Message Delivery Effects of Phishing Anti-Phishing Techniques

Phishing Pd

COMBATTING MODERN EMAIL PHISHING ATTACKS · 2016-11-07 · Combatting modern email phishing attacks More effective than traditional phishing scams, spear-phishing attacks are carefully

Combating Phishing: A Proactive Approach Phishing... · COMBATING PHISHING: A PROACTIVE APPROACH | 4 Phishing: on the rise and more sophisticated As a well-known and trusted brand,

AWARENESS OF PHISHING SCENARIO - CYBERWISER.eu · 2020. 11. 19. · Phishing attack exercise •Identify phishing indicators in an email. •Distinguish phishing from legitimate emails

Phishing Email Attacks - AVAREN ITfor spear phishing attacks. Spear phishing is nearly identical to standard email . phishing – except it is more targeted. Rather than sending the

What is Phishing | How to Spot a Phishing email or Website 2020 | Antivirus for Phishing Attack

Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks

Phishing - Study Mafiastudymafia.org/wp-content/uploads/2015/03/CSE-phishing-report.pdf · Phishing software and computer programs are designed to prevent the occurrence of Phishing

Phishing with Asterisk PBX - Black Hat | Home · Phishing with Asterisk PBX Jay Schulman Why Is Phishing Changing •Phishing e-mails are becoming less effective •Regulatory changes

How to Spot Phishing Attacks - MicroAge · How to Spot Phishing Attacks What is Spear Phishing? Like phishing ploys, spear phishing scams are designed to obtain sensitive information

Phishing Storyboard_Final

Phishing & Spear Phishing - info.vadesecure.com Marketing Website... · Phishing Spear Phishing Understanding an Emerging Threat to Healthcare Organizations 5 vadesecure.com How Phishing

Phishing awareness

SPEAR PHISHING - dandh.com...SPEAR PHISHING VS PHISHING Spear phishing and phishing attacks both leverage impersonation to commit fraud. The difference between the two is that spear