Saravana Venkatesh Chellam 42323088 Supervisor : Josef Pieprzyk.

Slides:

Advertisements

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Advertisements

How to protect yourself, your computer, and others on the internet

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.

PHISHING AND ANTI-PHISHING TECHNIQUES Sumanth, Sanath and Anil CpSc 620.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

What is identity theft, and how can you protect yourself from it?

Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.

Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.

PHISHING By, Himanshu Mishra Parrag Mehta. OUTLINE What is Phishing ? Phishing Techniques Message Delivery Effects of Phishing Anti-Phishing Techniques.

NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.

1 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, 2008 See: ISS e G Computer Security: Advice for computer.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Phishing – Read Behind The Lines Veljko Pejović

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.

BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 

The OWASP Foundation OWASP Chennai Phishing.

DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?

Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.

How It Applies In A Virtual World

Norman SecureSurf Protect your users when surfing the Internet.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.

INTRODUCTION Coined in 1996 by computer hackers. Hackers use to fish the internet hoping to hook users into supplying them the logins, passwords.

First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

PHISHING AND SPAM INTRODUCTION There’s a good chance that in the past week you have received at least one that pretends to be from your bank,

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel

The Internet = A World of Opportunities Look what’s at your fingertips A way to communicate with friends, family, colleagues Access to information and.

Lesson 2- Protecting Yourself Online. Determine the strength of passwords Evaluate online threats Protect against malware/hacking Protect against identity.

IT security By Tilly Gerlack.

Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.

Phishing, Spoofing, Spamming and Security How To Protect Yourself Additional Credits: Educause/SonicWall, Hendra Harianto Tuty, Microsoft Corporation,

Network problems Last week, we talked about 3 disadvantages of networks. What are they?

BTT12OI.  Do you know someone who has been scammed online? What happened?  Been tricked into sending someone else money (not who they thought they were)

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Customer Interface for wuw.com 1.Context. Customer Interface for wuw.com 2. Content Our web-site can be classified as an service-dominant website. 3.

CCT355H5 F Presentation: Phishing November Jennifer Li.

Phishing Internet scams. Phishing phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and.

VENKAT DEEP RAJAN SUMALATHA REDDY KARTHIK INJARAPU CPSC 620 CLEMSON UNIVERSITY.

Copyright ©2005 CNET Networks, Inc. All rights reserved. Practice safety Learn how to protect yourself against common attacks.

Topic 5: Basic Security.

What is Spam? d min.

Activity 4 Catching Phish. Fishing If I went fishing what would I be doing? On the Internet fishing (phishing) is similar!

Computer Crime: Identity Theft, Misuse of Personal Information, and How to Protect Yourself (Tawny Walsh, Irina Lohina, Renair Jackson, Jahmele Betterson,

Cybersecurity Test Review Introduction to Digital Technology.

PHISHING PRESENTED BY: ARQAM PASHA. AGENDA What is Phishing? Phishing Statistics Phishing Techniques Recent Examples Damages Caused by Phishing How to.

1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.

ONLINE SECURITY Tips 1 Online Security Online Security Tips.

Safe Computing Practices. What is behind a cyber attack? 1.

Yes, it’s the holidays... A time of joy, a time of good cheer, a time of celebration... From the Office of the Chief Human Capital Officer (CHCO ) Privacy.

Phishing and Internet Scams. Definitions and recent statistics Why is it dangerous? Phishing techniques and identifiers Examples of phishing and scam.

Internet Safety.

An Introduction to Phishing and Viruses

Done by… Hanoof Al-Khaldi Information Assurance

Learn how to protect yourself against common attacks

ISYM 540 Current Topics in Information System Management

Phishing, what you should know

Phishing is a form of social engineering that attempts to steal sensitive information.

Information Security Session October 24, 2005

HOW DO I KEEP MY COMPUTER SAFE?

9 ways to avoid viruses and spyware

Implementing Client Security on Windows 2000 and Windows XP Level 150

Cybersecurity Simplified: Phishing

Presentation transcript:

Saravana Venkatesh Chellam Supervisor : Josef Pieprzyk

Roadmap : Aim Significance Introduction to phishing & its attacks Overview of phishing techniques Countermeasures of phishing techniques. Conclusion and future scope.

Aim: To understand phishing and its impacts in different industries. To Identify the phishing techniques. To provide the counter measures of anti-phishing techniques. To provide recommendation and identify future scope of phishing.

Project significance: Few important aspects: loss of privacy by clients, identity of clients is compromised, stolen client credentials can be abused (sold on black market, used to commit computer crimes, etc.) Due to the scale of the attacks, there is the potential for huge financial loses(average theft of $4000 USD per attack) Customers of financial institutions, retail companies, social networking sites and internet service providers were frequent targets.

Project significance: In 2010, RSA witnessed a total of 203,985 phishing attacks launched(RSA online Fraud, 2010) As compared to the total in 2009, this marks a 27 percent increase in the phishing attack volume over the previous year (RSA online Fraud, 2010)

Project significance: APWG(Anti-phishing group)

Project significance: Results of an phishing attack: (Simon Whitehouse, 2007) 5% Get To The End User – 100,000 (APWG) 5% Click On The Phishing Link – 5,000 (APWG) 60% of banks suffered from Phishing attacks against their brands – (Gartner) 2% Enter Data Into The Phishing Site –100 (Gartner)

Introduction: Phishing is a form of identity theft that aims to steal sensitive information from user such as password and credit card information. Mediums include: s,Websites,IM. The Goal is to extract information from a target.

Introduction: The Major driver of phishing is –Money Money Money !!! With organisations becoming more aware phishers had to come up with advanced methods. Phishing attacks nowadays use pre packaged toolkits and advanced spam techniques to ensure maximum exposure.

Phishing attack representation: Stan Hegt - May Analysis of phishing attacks

Overview of Phishing techniques Phishing delivery modes: and Spam Web-based Delivery IRC and Instant Messaging Trojaned Hosts.

Phishing methods: Gunter The Phishing Guide

Phishing techniques: E mail techniques :- Attachments to s – Use of font differences – Hyperlinks to similar domain names- Filling forms. Web –based techniques:- Fake banner advertising. IM. Fake websites(having similar domain names). Browser vulnerabilities,Spyware,malware.

Phishing techniques: Spoofed mails: A formal request is sent to the user to send back sensitive information. Some scams are like winning notifications which ask for credit card number and other information. Spoofed websites: Here fake websites of financial organisation etc are crafted by attackers similar to the legitimate site. Mostly these websites are http enabled not https.

Some tricks: To reduce suspicion and increase authenticity:-  The URLs might be obfuscated to look like the legitimate site. Example : as  It uses real logos and corporate identity elements in the spoofed website.

Typical attack: Attacker sends a large number of people of spoofed s(that act like to be coming from a legitimate organisation) to users. The s have hyperlink to spoofed websites wherein the users are directed to. The victims are then asked to enter their sensitive information.

Phishing techniques: Instant messenger:  As IM clients allow for embedded dynamic content (such as graphics, URLs, multimedia includes, etc.) to be sent by channel participants. Usage of bots (automated programs that listen and participate in group discussions) in many of the popular channels, means that it is very easy for a phisher to anonymously send semi-relevant links and fake information to would-be victims.

Phishing techniques Web based- Phishing attacks : Client-side Vulnerability Exploitation Browser vulnerabilities – Add-ons, plugins etc Observing Customer Data key-loggers and screen-grabbers

Phishing Techniques: Observing customer data: Keylogger,screengrabbers The purpose of key loggers is to observe and record all key presses by the customers. Some sophisticated phishing attacks make use of code designed to take a screen shot of data that has been entered into a web- based application

Countermeasure against phishing The defensive mechanisms to counter the phishing technique threats. The Client-side – this includes the user’s PC and desktop. The Server-side – this includes the business’ Internet visible systems and custom applications. Enterprise Level – distributed technologies and third-party management services.

Client side : At the client-side, protection against phishing can be afforded by: Desktop protection technologies User application-level monitoring solutions Locking-down browser capabilities Digital signing and validation of General security awareness

Server side: Improving customer awareness Providing validation information for official communications Ensuring that the Internet web application is securely developed and doesn’t include easily exploitable attack vectors. Using strong token-based authentication systems Keeping naming(domain name) systems simple and understandable

Enterprise level: Automatic validation of sending server addresses Digital signing of services Monitoring of corporate domains and notification of “similar” registrations Perimeter or gateway protection agents Third-party managed services

Checklist for prevention: RecommendationConsumerBusiness attachments from s(open only trusted people s) Yes Awareness when receiving s that ask for account details. Yes Avoid clicking on hyperlink in s.Yes Report suspicious s to the authorities.Yes To be upto date on all information related to phishing.Yes Usage of latest browsers versions and installation of security patches. Yes Install update and maintain firewalls(including malware, spyware security ) Yes Consistently monitor logs of firewalls,DNS servers and intrusion detection systems(to check for infected systems etc) Yes Ensuring only approved third party devices can connect to the network. Yes

Future scope of phishing: We expect that the future of scope of phishing is expected to rise especially in the mobile environment. The mobile operating systems and browsers lack the security indicators,as a result the users cannot always check if they are in the correct site. Android phones could be more vulnerable to phishing. (Free market phishy apps online)

Conclusion: The driver of phishing is money and phishing is expected to rise in future !!! Awareness and education among users and businesses Usage of technology to fight phishing. The combat the phishing techniques we need sound anti- phishing policies, measures(defense) and law enforcement.