phishing pd

8/3/2019 Phishing Pd

1/22

PRESENTATION

ON

PHISHING

Submitted By :

Prateek Vinod Chadha-9103439

Samarth Jain-9103445

Ayush Dargar-9103450

Hemant Khandelwal-9103453

Nitesh Sahni-9103456


2/22

Cyber Crime Intentional use of information technology by cyber

terrorists for producing destructive and harmful

effects to tangible and intangible property of othersis called cyber crime.

Cyber terrorists usually use the computer as a tool,

target, or both for their unlawful act either to gaininformation which can result in heavy loss/damage tothe owner of that intangible sensitive information.


3/22

Internet is one of the means by which the offenders cangain such price sensitive information of companies,firms, individuals, banks, intellectual property crimes(such as stealing new product plans, its description,

market program plans, list of customers etc.), sellingillegal articles, pornography etc.

this is done through many methods such as internet

phishing, spoofing, pharming, wire transfer etc. and useit to their own advantage without the consent of theindividual.


4/22

What is Phishing ?

Phishing is an attempt to gainpersonal or financial informationfrom an individual.

or in another words is the act of sendingan E-mail that falsely claims to be from abank or other E-commerce enterprise.


5/22

Recognize Phishing Scams and Fraudulent E-mails

Phishing is a type of deception designed to steal yourvaluable personal data, such as credit card numbers,passwords, account data, or other information


6/22

How Is It Done?

Using e-mail messages which completely resembles theoriginal mail messages of customers, hackers can ask

for verification of certain information, like account

numbers or passwords etc. here customer might nothave knowledge that the e-mail messages are deceivingand would fail to identify the originality of themessages, this results in huge financial loss when the

hackers use that information for fraudulent acts likewithdrawing money from customers account withouthim having knowledge of it.


7/22

Socially aware attacksUrge victims to update or validate their account Use gift or bonus as a bait Security promises

Context-aware attacks

Your bid on eBay has won!

The books on your Amazon wish list are on sale!

Spear-Phishing: Improved Target Selection


8/22

Here are a few phrases to look for if you think an e-mail message is a

phishing scam.

"Verify your account."Businesses should not ask you to sendpasswords, login names, Social Security numbers, or other personalinformation through e-mail. If you receive an e-mail from anyone asking

you to update your credit card information, do not respond: this is aphishing scam.

"If you don't respond within 48 hours, your account will beclosed."These messages convey a sense of urgency so that you'll respondimmediately without thinking. Phishing e-mail might even claim that

your response is required because your account might have beencompromised.

How To Tell If An E-mail Message is Fraudulent


9/22

How To Tell If An E-mail Message is Fraudulent (contd)

"Dear Valued Customer."Phishing e-mail messages areusually sent out in bulk and often do not contain your first or lastname.

"Click the link below to gain access to youraccount."HTML-formatted messages can contain links or formsthat you can fill out just as you'd fill out a form on a Web site.

The links that you are urged to click may contain all or part of areal company's name and are usually"masked," meaning thatthe link you see does not take you to that address but somewheredifferent, usually a phony Web site. Notice in the following example that resting the mouse pointeron the link reveals the real Web address, as shown in the box withthe yellow background. The string of cryptic numbers looksnothing like the company's Web address, which is a suspicioussign.

QuickTime and a

TIFF (Uncompressed) decompressorare needed to see this picture.

Example of masked

URL address


10/22

Con artists also use Uniform Resource Locators (URLs) that resemble thename of a well-known company but are slightly altered by adding, omitting, ortransposing letters.

For example, the URL "www.microsoft.com" could appear instead as:www.micosoft.comwww.mircosoft.comwww.verify-microsoft.com

How To Tell If An E-mail Message is Fraudulent (contd)


11/22Barbara J. Fullerton & Sabrina I. Pacifici

Example of Phishing

From: Customer Support [mailto:[email protected]]

Sent: Thursday, October 07, 2004 7:53 PM

To: Eilts

Subject: NOTE! Citibank account suspend in process

Dear Customer:

Recently there have been a large number of cyber attacks pointing our database servers. In order

to safeguard your account, we require you to sign on immediately. This personal check is requested

of you as a precautionary measure and to ensure yourselves that everything is normal with yourbalance and personal information. This process is mandatory, and if you did not sign on withinthe nearest time your account may be subject to temporary suspension. Please make sure youhave your Citibank(R) debit card number and your User ID and Password at hand. Pleaseuse our secure counter server to indicate that you have signed on, please click the link bellow:http://211.158.34.249/citifi/. Note that we have no particular indications that your details havebeen compromised in any way. Thank you for your prompt attention to this matter and thank you

for using Citibank(R)

Regards,

Citibank(R) Card Department

(C)2004 Citibank. Citibank, N.A., Citibank, F.S.B.,

Citibank (West), FSB. Member FDIC.Citibank and Arc
http://211.158.34.249/citifi/http://211.158.34.249/citifi/


12/22

Phishing used almost for financial

fraud !

The Largest International Phishing Case Ever Conducted

The criminals used phishing to get access tohundreds of bank accounts, stealing $1.5million.

USandEgyptian authorities havecharged 100 people ( 53 defendants fromCalifornia, Nevada and North Carolina 47 Authorities in Egypt charged.

8th October 2009


13/22

Facebook PhishingITGN345 Sec.01

Dear Info. Sec. Students,

There are 4 students got zero (0/10) in the assignment mark because of plagiarism.Some students copied and pasted from each other. Others copied from theinternet. For this reason some of you will find his/her mark is low. 10 marks were lostwhich affects your final grade. However, all of you passed except those students

because they didnt fill up this form .Please add me on my facebook and send me your details with full name and IDnumber mobiles phones that I can contact you Full name Date of Birth DriversLicense Number Current and previous addresses & Employers Mothers MaidenName.

Good Luck & Regards,

Dr. Mathew Nicho


14/22

Phishing Harms Firms Harmful at many levels

Threatens effective communication

Undermines goodwill and trust

Customers Direct harm from stolen IDs, passwords

Could perceive business as not taking adequatesteps to protect users

Diminishes value of brand Could affect shareholders Possibility of liability for failure to exercise due

diligence in protecting trademark

Based in part on material that is

copyright 2004 Don Holden, CISSPUsed with permission (and thanks).


15/22

If You were Phished Immediately cancel your account or change your

password.

Report the company, right away Review your statements and comments overtime.

And Remember be AWARE!


16/22

Additional Credits: Educause/SonicWall, Hendra Harianto Tuty, Microsoft Corporation, some images from Anti-Phishing Workgroups Phishing Archive,Carnegie Mellon CyLab

PHISHING

How To Protect Yourself

Dr. Harold L. Bud Cothern


17/22

Dont put your SensitiveDATA into your E-mail

Your Organization / Bank / University WILL NEVERASK YOU FOR YOURPASSWORDS!!


18/22

Never Trust TinyURL.com links !!


19/22

Only shop with vendors you trust to

avoid to be an victim .

Never Enter your CREDIT CARD if thewebsite doesnt start with https:// ordoesnt have the security locker SSL


20/22

Use Internet VISA CARD.


21/22

Phishing Filter(http://www.microsoft.com/athome/security/online/phishing_filter.mspx) helps protect you from Web fraud and the risks ofpersonal data theft by warning or blocking you from reportedphishing Web sites.

Install up-to-date antivirus and antispyware software. Somephishing e-mail contains malicious or unwanted software (likekeyloggers) that can track your activities or simply slow yourcomputer.

Numerous antivirus programs exist as well as comprehensivecomputer maintenance services like Norton Utilities. To helpprevent spyware or other unwanted software, downloadWindowsDefender.

Install the Microsoft Phishing Filter Using

Internet Explorer 7 orWindows Live Toolbar


22/22

Thank YouFor Your

phishing pd

Documents