Phishing A practical case study. What is phishing? Phishing involves fraudulently acquiring sensitive information (e.g. passwords, credit card details.

Slides:

Advertisements

Similar presentations

Phishing Scams use spoofed s and websites as lures to prompt people to voluntarily hand over sensitive information Phishing s may contain.

Advertisements

Protect Yourself Against Phishing. The good news: The number of US adult victims of identity fraud decreased from 9.3 million in 2005, to 8.4 million.

ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.

How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.

Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.

Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.

Learn to protect yourself... a 21 st Century Scam.. Phishing.

A few simple steps, hints and tips to figure out if it is indeed fake. - By Emily Breuss.

Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.

Jason Rich CIS  The purpose of this project is to inform the audience about the act of phishing. Phishing is when fake websites are created.

  Cyberbullying can be as simple as continuing to send e- mail or text harassing someone who has said they want no further contact with the sender.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.

Internet Phishing Not the kind of Fishing you are used to.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.

Threats To A Computer Network

Cryptography: Keeping Your Information Safe. Information Assurance/Information Systems –What do we do? Keep information Safe Keep computers Safe –What.

URL Obscuring COEN 152/252 Computer Forensics  Thomas Schwarz, S.J

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

AI&SS Administrative Group April, Meal Reimbursements. Invoices, Check Requests Year end deadlines for Accounting De-obligation of Accounts “Phishing”

Access the forum from the Support section of the GWB Student website or go directly to forum.gwb.com.

PHISHING FINANCIAL THREATS ON THE INTERNET -Alisha Esshaki 8a.

P HI SH I NG !. WHAT IS PHISHING ? In computer security phishing is trying to acquire important information such as; passwords, usernames and credit card.

WEB SPOOFING by Miguel and Ngan. Content Web Spoofing Demo What is Web Spoofing How the attack works Different types of web spoofing How to spot a spoofed.

1 HTML (Set Up Public Folder) Some material on these slides is taken directly from

Reliability & Desirability of Data

1 DoD Cardholder Self Registration November 21, 2008.

URL Obscuring COEN 252 Computer Forensics  Thomas Schwarz, S.J

Phishing Pharming Spam. Phishing: Definition  A method of identity theft carried out through the creation of a website that seems to represent a legitimate.

IT Banking Advantages and Disadvantages. Advantages IT banking is faster and more convenient for the user as they no longer are required to be at the.

Web Spoofing Steve Newell Mike Falcon Computer Security CIS 4360.

How to Register for Apprenticeship Vacancies. 1.Visit 2.Click on ‘Search for vacancies’. 3.Click.

Drive-by pharming is an interesting type of networking attack that combines multiple networking vulnerabilities and average user laziness to create an.

Chapter 7 Phishing, Pharming, and Spam. Phishing Phishing is a criminal activity using computer security techniques. Phishers try to acquire information.

CCT355H5 F Presentation: Phishing November Jennifer Li.

About Phishing Phishing is a criminal activity using social engineering techniques.criminalsocial engineering Phishers attempt to fraudulently acquire.

Phishing Internet scams. Phishing phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and.

BY : MUHAMMAD KHUZAIMI B. ISHAK 4 ADIL PUAN MAZITA INFORMATION AND COMMUNICATION OF TECHNOLOGY.

Phishing: Trends and Countermeasures Blaine Wilson.

How Phishing Works Prof. Vipul Chudasama.

URL Obscuring COEN 252 Computer Forensics  Thomas Schwarz, S.J

The spoofed . The spoofing The link appears as (i.e NOODLEBANK.com) But actually it links to

A Matter of Your Personal Security Phishing. Beware of Phishing s Several employees received an that looked legitimate, as if it was being.

Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP Headers Client IP Address HTTP User Login FAT URLs Cookies.

BY JESSICA SCHOLEY p1. Id Fraud Is When Someone Pretends To Be Someone Else Using There Address, Birthday And Other Information. People Also Use Id Fraud.

A Matter of Your Personal Security Phishing Revised 11/30/15.

Created by Jodie Kleymeer, July 18, Permission to view and use with credit given to author. Evaluating Web Resources Authority, Content, Objectivity,

October is National CyberSecurity Awareness Month OIT and IT providers across campus are launching an awareness campaign to provide tips and resources.

Welcome. What is it? Proceed to Student Registration Walkthrough Connect is an on-line assignment and assessment platform that helps students connect.

Phishing and online fraud What parents need to know.

Internet safety. Dangers of a poor password How people guess your password Your partner, child, or pet's name, possibly followed by a 0 or 1 The last.

PHISHING PRESENTED BY: ARQAM PASHA. AGENDA What is Phishing? Phishing Statistics Phishing Techniques Recent Examples Damages Caused by Phishing How to.

FLTCYBERCOM / C10F    U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET    1 Overall Classification of this Briefing is UNCLASSIFIED//FOUO Phishing.

Spoofing The False Digital Identity. What is Spoofing?  Spoofing is the action of making something look like something that it is not in order to gain.

Threats To Data 30 Threats To Data 30. Threats To Data 30 We’re now going to look at a range of different threats to people’s data: Opportunity Threats.

Phishing and Internet Scams. Definitions and recent statistics Why is it dangerous? Phishing techniques and identifiers Examples of phishing and scam.

Internet Security TEAMS March 18 th, ISP:Internet Service Provider.

CNP Fraud. Occurs when a fraudster falsifies an application to acquire a credit card using an individual’s personal information. (Eg: postal intercept)

Don’t click on that! Kevin Hill.  Spam: Unwanted commercial ◦ Advertising ◦ Comes from people wanting to sell you stuff. ◦ Headers may be forged.

Fall Phishing - attempt to acquire sensitive information, like bank account information or an account password, by posing as a legitimate entity.

Take the Quiz and find out more!

Important Information Provided by Information Technology Center

An Introduction to Phishing and Viruses

ISYM 540 Current Topics in Information System Management

Fastmail Password Recovery. Customer Service Number: For more details visit this link:

Computer Security.

Phishing Don’t fall for fake

User Registration.

What is Phishing? Pronounced “Fishing”

Spear Phishing Awareness

Presentation transcript:

Phishing A practical case study

What is phishing? Phishing involves fraudulently acquiring sensitive information (e.g. passwords, credit card details etc) by masquerading as a trusted entity.

The sites (i.e NOODLEBANK.com) (i.e NOOD1EBANK.com)

The real site

The spoofed

The spoofing The link appears as (i.e NOODLEBANK.com) But actually it links to (i.e NOOD1EBANK.com)

The fake site

The “steal” When Debasis entered his username- password at the spoofed website, the username-password was sent across to the criminal carrying out the phishing attack. In this case study the username-password is sent across to a spamavert address so that it can be seen by everyone trying out this case study.

More examples… In this case study, the user was enticed with a misleading URL. Such urls can be created easily using simple html code such as: This link displays the correct url but on clicking takes the user to the spoofed url.

Using a url with an ip address This url does not lead to noodlebank.com, it leads to the website on the IP address

Using a split domain name cure-login.nood1ebank.com/login.asp This url does not lead to noodlebank.com, it leads to the spoofed website.

Using an obfuscated url 2e%31%39%2e%32%31%37%2e%35%33 This url does not lead to noodlebank.com, it leads to the website on the IP address

Hex to ASCII converter

Useful urls To try out the genuine website: To try out the spoofed website: To see the usernames-passwords being “stolen”

Questions?