PHISHING By, Himanshu Mishra Parrag Mehta. OUTLINE What is Phishing ? Phishing Techniques Message Delivery Effects of Phishing Anti-Phishing Techniques.

Slides:

Advertisements

Similar presentations

Protect Yourself Against Phishing. The good news: The number of US adult victims of identity fraud decreased from 9.3 million in 2005, to 8.4 million.

Advertisements

How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.

Software programs that enable you to view world wide web documents. Internet Explorer and Firefox are examples. Browser.

Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.

Learn to protect yourself... a 21 st Century Scam.. Phishing.

Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.

Internet Phishing Not the kind of Fishing you are used to.

Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang.

Threats To A Computer Network

Saravana Venkatesh Chellam Supervisor : Josef Pieprzyk.

Phishing – Read Behind The Lines Veljko Pejović

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Teach a man (person) to Phish Recognizing scams, spams and other personal security attacks July 17 th, 2013 High Tea at IT, Summer, 2013.

The OWASP Foundation OWASP Chennai Phishing.

Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.

Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.

How It Applies In A Virtual World

Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.

INTRODUCTION Coined in 1996 by computer hackers. Hackers use to fish the internet hoping to hook users into supplying them the logins, passwords.

GONE PHISHING ECE 4112 Final Lab Project Group #19 Enid Brown & Linda Larmore.

PHISHING AND SPAM INTRODUCTION There’s a good chance that in the past week you have received at least one that pretends to be from your bank,

Prevent Cross-Site Scripting (XSS) attack

Internet Vulnerabilities & Criminal Activity Phishing, Nigerian 419’s, & High-Yield Investment Programs (HYIP) /31/2011.

PHISHING FINANCIAL THREATS ON THE INTERNET -Alisha Esshaki 8a.

WEB SPOOFING by Miguel and Ngan. Content Web Spoofing Demo What is Web Spoofing How the attack works Different types of web spoofing How to spot a spoofed.

Reliability & Desirability of Data

Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.

Phishing, Spoofing, Spamming and Security How To Protect Yourself Additional Credits: Educause/SonicWall, Hendra Harianto Tuty, Microsoft Corporation,

PHISH OR NO PHISH? Masquerades, Deception, and Thievery On the web…

 A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. It is deliberately.

Phishing Pharming Spam. Phishing: Definition  A method of identity theft carried out through the creation of a website that seems to represent a legitimate.

IT Banking Advantages and Disadvantages. Advantages IT banking is faster and more convenient for the user as they no longer are required to be at the.

Web Spoofing Steve Newell Mike Falcon Computer Security CIS 4360.

Chapter 7 Phishing, Pharming, and Spam. Phishing Phishing is a criminal activity using computer security techniques. Phishers try to acquire information.

About Phishing Phishing is a criminal activity using social engineering techniques.criminalsocial engineering Phishers attempt to fraudulently acquire.

Phishing Internet scams. Phishing phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and.

BY : MUHAMMAD KHUZAIMI B. ISHAK 4 ADIL PUAN MAZITA INFORMATION AND COMMUNICATION OF TECHNOLOGY.

Phishing A practical case study. What is phishing? Phishing involves fraudulently acquiring sensitive information (e.g. passwords, credit card details.

VENKAT DEEP RAJAN SUMALATHA REDDY KARTHIK INJARAPU CPSC 620 CLEMSON UNIVERSITY.

Phishing: Trends and Countermeasures Blaine Wilson.

How Phishing Works Prof. Vipul Chudasama.

Copyright ©2005 CNET Networks, Inc. All rights reserved. Practice safety Learn how to protect yourself against common attacks.

Topic 5: Basic Security.

Sid Stamm, Zulfikar Ramzan and Markus Jokobsson Erkang Xu.

THE INTERNET. TABLE OF CONTENT CONNECTING TO THE INTERNET ELECTRONIC MAIL WORLD WIDE WEB INTERNET SERVICES.

Computer Crime: Identity Theft, Misuse of Personal Information, and How to Protect Yourself (Tawny Walsh, Irina Lohina, Renair Jackson, Jahmele Betterson,

PHISHING PRESENTED BY: ARQAM PASHA. AGENDA What is Phishing? Phishing Statistics Phishing Techniques Recent Examples Damages Caused by Phishing How to.

Malicious Attacks By: Jamie Woznicki Rahul-Anaadi Kurl Alexander Kaufmann Curtis Songer Daniel Cardenas Rivero.

FLTCYBERCOM / C10F    U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET    1 Overall Classification of this Briefing is UNCLASSIFIED//FOUO Phishing.

Spoofing The False Digital Identity. What is Spoofing?  Spoofing is the action of making something look like something that it is not in order to gain.

Created by the E-PoliceSlide 122 February, 2012 Dangers of s By Michael Kuc.

Phishing and Internet Scams. Definitions and recent statistics Why is it dangerous? Phishing techniques and identifiers Examples of phishing and scam.

CNP Fraud. Occurs when a fraudster falsifies an application to acquire a credit card using an individual’s personal information. (Eg: postal intercept)

Don’t click on that! Kevin Hill.  Spam: Unwanted commercial ◦ Advertising ◦ Comes from people wanting to sell you stuff. ◦ Headers may be forged.

Fall Phishing - attempt to acquire sensitive information, like bank account information or an account password, by posing as a legitimate entity.

Edexcel GCSE Cyber security threats Computer Science 1CP1

how to prevent them from being successful

Identity theft vector of the electronic age

ISYM 540 Current Topics in Information System Management

Phishing, what you should know

Phishing is a form of social engineering that attempts to steal sensitive information.

Information Security Session October 24, 2005

HOW DO I KEEP MY COMPUTER SAFE?

What is Phishing? Pronounced “Fishing”

Phishing “In computing, phishing (also known as carding and spoofing) is a form of social engineering, characterized by attempts to fraudulently acquire.

Spear Phishing Awareness

Phishing, Pharming, and Spam

Presentation transcript:

PHISHING By, Himanshu Mishra Parrag Mehta

OUTLINE What is Phishing ? Phishing Techniques Message Delivery Effects of Phishing Anti-Phishing Techniques Conclusion

WHAT IS PHISHING ? It is a form of identifying theft that uses both social engineering and technical subterfuge to steal consumer’s personal identity data as well as financial account credentials Phishers attempt to fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication.

PHISHING History Social Engineering Factors Psychological Factors

HISTORY First mentioned in AOL Usenet newsgroup on January 2, Variant of the word “fish”. AOHell – custom written program Line added on all instant messages.

SOCIAL ENGINEERING FACTORS Methods include mix of technical deceit and social engineering practices. Phishers persuade victims to perform series of actions. Popular communication channels: , web pages, instant messaging services. Impersonate as a trusted source.

PSYCHOLOGICAL FACTORS Trust Of Authority e.g. BOA questions the validity of account and web pages can look real may really be

PHISHING TECHNIQUES Link Manipulation Filter Evasion Website forgery Phone Phishing

LINK MANIPULATION Bad domain names – Actual domain host: – Phisher manipulated host : Friendly login URL’s – Third-party shortened URL’s – changed to Host name obfuscation – –

FILTER EVASION Flash-based websites Images instead of text

WEBSITE FORGERY JavaScript commands. Cross-site scripting (CSS or XSS). Full HTML substitution such as: page.htm Universal Man-in-the-middle Phishing Kit.

PHONE PHISHING Phone number owned by the phisher and provided by VOIP. – Fake Caller ID – Prompts user to enter account numbers and PIN – Vishing (voice Phishing)

MESSAGE DELIVERY Web-based and Spam Instant Messaging Trojan Hosts

WEB BASED Banner advertising graphics. Use of web-bugs Pop-up or frameless window. Embed malicious content and install software.

& SPAM

Official looking and sounding s Copies of legitimate corporate s with minor URL changes HTML based used to obfuscate target URL information Standard virus/worm attachments to s A plethora of anti spam-detection inclusions

Contd. Crafting of “personalised” or unique messages Fake postings to popular message boards and mailing lists Use of fake “Mail From:” addresses and open mail relays for disguising the source of the

INSTANT MESSAGING More popular with home users with more functionality included within the s/w Bots (automated programs that listen and participate in group discussions)

TROJANED HOSTS Trick home users to install software. Selective Information recorded. Java applet – “javautil.zip” – Key Logger

EFFECTS Financial Loss – Losses ranging from hundreds to tens of thousands of dollars Loss of Trust – Users Refrain from using Internet for business Law Enforcement Difficulties – Cross border attacks

ANTI-PHISHING Social Response Technical Response – Browser Alerts – Digitally Signed s – Augmenting Password Logins – Filters – Anti-virus Legal Response

SOCIAL RESPONSE Do not accept friend requests from people you don’t know on Facebook even though you may have many mutual friends with them Generic addressing Fraud Link

TECHNICAL RESPONSE Browser Alerts

TECHNICAL RESPONSE SenderReceiver Server CA Server Digitally Signed

TECHNICAL RESPONSE Augmented Password Login

TECHNICAL RESPONSE Spam Filter

CONCLUSION Phishing affects both consumers and organizations User Education can help prevent / fight Phishing Co-operation between governments can help nab Phishers

REFERENCES s/pdf/Phishing_DMosley.pdf s/pdf/Phishing_DMosley.pdf