VENKAT DEEP RAJAN SUMALATHA REDDY KARTHIK INJARAPU CPSC 620 CLEMSON UNIVERSITY.

Slides:

Advertisements

Similar presentations

PHISHING AND ANTI-PHISHING TECHNIQUES Sumanth, Sanath and Anil CpSc 620.

Advertisements

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.

Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.

PHISHING By, Himanshu Mishra Parrag Mehta. OUTLINE What is Phishing ? Phishing Techniques Message Delivery Effects of Phishing Anti-Phishing Techniques.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

Chapter 9: Privacy, Crime, and Security

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.

Internet Phishing Not the kind of Fishing you are used to.

1 Managing Identity Threats May Where are the threats ? Customer Web/App Server Vulnerabilities: Trojan sniffers Soliciting to enter credentials.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Chapter 4 Personal Security

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.

Business Data Communications, Fourth Edition Chapter 10: Network Security.

Saravana Venkatesh Chellam Supervisor : Josef Pieprzyk.

Phishing – Read Behind The Lines Veljko Pejović

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Security+ Guide to Network Security Fundamentals, Third Edition

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

The OWASP Foundation OWASP Chennai Phishing.

How It Applies In A Virtual World

Security Issues: Phishing, Pharming, and Spam

INTRODUCTION Coined in 1996 by computer hackers. Hackers use to fish the internet hoping to hook users into supplying them the logins, passwords.

Phishing and Intrusion Prevention Tod Beardsley, TippingPoint (a division of 3Com), 02/15/06 – IMP-201.

Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

PHISHING AND SPAM INTRODUCTION There’s a good chance that in the past week you have received at least one that pretends to be from your bank,

Invasive Browser Sniffing and Countermeasures Markus Jakobsson & Sid Stamm.

WEB SPOOFING by Miguel and Ngan. Content Web Spoofing Demo What is Web Spoofing How the attack works Different types of web spoofing How to spot a spoofed.

BUSINESS B1 Information Security.

 We all know we need to stay safe while using the Internet, but we may not know just how to do that. In the past, Internet safety was mostly about.

Windows Vista Security Center Chapter 5(WV): Protecting Your Computer 9/17/20151Instructor: Shilpa Phanse.

Introduction to E-Marketing Understanding Marketing Techniques in the new E-conomy.

IT security By Tilly Gerlack.

Viruses & Destructive Programs

Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

People use the internet more and more these days so it is very important that we make sure everyone is safe and knows what can happen and how to prevent.

Phishing, Spoofing, Spamming and Security How To Protect Yourself Additional Credits: Educause/SonicWall, Hendra Harianto Tuty, Microsoft Corporation,

3-Protecting Systems Dr. John P. Abraham Professor UTPA.

CHAPTER 11 Spoofing Attack. INTRODUCTION Definition Spoofing is the act of using one machine in the network communication to impersonate another. The.

ED 505 Educational Technology By James Moore.  What is the definition of Netiquette and how does it apply to social media sites? ◦ Netiquette is the.

INTRODUCTION. The security system is used as in various fields, particularly the internet, communications data storage, identification and authentication.

Company LOGO Malicious Attacks Brian Duff Nidhi Doshi Timmy Choi Dustin Hellstern.

Web Spoofing Steve Newell Mike Falcon Computer Security CIS 4360.

IT Essentials 1 Chapter 9 JEOPADY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.

INGOTs Computer Security Name: Elliot Haran. Introduction  Staying safe on the internet  Learning to deal with Cyber Bullying, Stalking and grooming.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

How Phishing Works Prof. Vipul Chudasama.

CIS 450 – Network Security Chapter 4 - Spoofing. Definition - To fool. In networking, the term is used to describe a variety of ways in which hardware.

BeamAuth : Two-Factor Web Authentication with a Bookmark 14 th ACM Conference on Computer and Communications Security Ben Adida Presenter : SJ Park.

THE DEVIL IS IN THE (IMPLEMENTATION) DETAILS: AN EMPIRICAL ANALYSIS OF OAUTH SSO SYSTEMS SAN-TSAI SUN & KONSTANTIN BEZNOSOV PRESENTED BY: NAZISH KHAN COMPSCI.

Internet security  Definition  Types of internet security  Firewalls  Anti spyware  Buffer overflow attack  Phishing  Summary.

What are they? What do they have to with me?. Introduction  You may not know exactly what it is, but chances are you have encountered one at some point.

IT Computer Security JEOPARDY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.

Measures to prevent MITM attack and their effectiveness CSCI 5931 Web Security Submitted By Pradeep Rath Date : 23 rd March 2004.

ONLINE SAFETY AND SECURITY Computer Basics 1.5. INFAMOUS CYBER ATTACKS IN 2014 Sony Pictures: Attackers stole just about everything in the corporate network,

Introduction to Network Security. Acknowledgements.

1 Figure 9-3: Webserver and E-Commerce Security Browser Attacks  Take over a client via the browser Interesting information on the client Can use browser.

Cybersecurity Test Review Introduction to Digital Technology.

Extra Credit Presentation: Allegra Earl CSCI 101 T 3:30.

Vijay V Vijayakumar.  Implementations  Server Side Security  Transmission Security  Client Side Security  ATM’s.

Internet Privacy Define PRIVACY? How important is internet privacy to you? What privacy settings do you utilize for your social media sites?

Spoofing The False Digital Identity. What is Spoofing?  Spoofing is the action of making something look like something that it is not in order to gain.

Identity theft vector of the electronic age

Social Engineering Charniece Craven COSC 316.

Phishing is a form of social engineering that attempts to steal sensitive information.

How to Protect your Identity Online PIYUSH HARSH

Dangerous Types Of Malware. What is Malware Malware is a term used to denote the different types of intrusive software that are installed with the intent.

Implementing Client Security on Windows 2000 and Windows XP Level 150

Phishing “In computing, phishing (also known as carding and spoofing) is a form of social engineering, characterized by attempts to fraudulently acquire.

Presentation transcript:

VENKAT DEEP RAJAN SUMALATHA REDDY KARTHIK INJARAPU CPSC 620 CLEMSON UNIVERSITY

INTRODUCTION  Identity Theft  Number of phishing cases escalating in number  Customers tricked into submitting their personal data

Phishing.. ?  Defined as the task of sending an , falsely claiming to be an established enterprise in an attempt to scam a user into surrendering private information  Redirects user to a scam website, where the user is asked to submit his private data.  Derivation of the word “phishing”

Social Engineering Factors  Phishing attacks rely on a combination of technical deceit and social engineering practices  Phisher persuades the victim to perform some series of actions  Phisher impersonates a trusted source for the victim to believe

How does it look.. ?  Sophisticated messages and pop-up windows.  Official-looking logos from real organizations

A Phishing mail

Another example

Delivery Techniques  Mails or spam’s:  Most common way and done by utilizing spam tools.  Web-sites:  Embedding malicious content into the website.

Delivery Techniques  Redirecting:  Cheat the customer to enter illicit website.  Trojan horse:  Capturing home PC’s and utilizing them to propagate the attacks.

Attack Techniques  Man-in-the-middle Attacks  URL Obfuscation Attacks  Cross-site Scripting Attacks  Preset Session Attack  Hidden Attacks

Man-in-the-middle Attacks

Cross-site Scripting Attacks

Preset Session Attack:

Defensive mechanisms  Client-Side  Server-Side  Enterprise Level

Client-Side  Desktop Protection Technologies  Browser Capabilities  Digitally signed s  User-application level monitoring solutions

 Local Anti-Virus protection  Personal Firewall  Personal IDS  Personal Anti-Spam  Spy ware Detection Desktop Protection Technologies

Browser Capabilities Browser Capabilities  Disable all window pop-up functionality  Disable Java runtime support  Disable ActiveX support  Disable all multimedia and auto-play/auto-execute extensions  Prevent the storage of non-secure cookies

Digitally Signed

Server-side Validating Official Communications Strong token based authentication

Validating Official Communications  Digital Signatures  Visual or Audio personalization of

Strong token based authentication

Enterprise Level  Mail Server Authentication  Digitally Signed  Domain Monitoring

Mail Server Authentication Mail Server Authentication

Digitally Signed

Domain Monitoring Monitor the registration of Internet domains relating to their organization The expiry and renewal of existing corporate domains The registration of similarly named domains

Conclusion  Understanding the tools and technologies  User awareness  Implementing Multi-tier defense mechanisms

References  Cyveillance the brand monitoring network   The phishing Guidewww.ngssoftware.comwww.ngssoftware.com    Stutz, Michael (January 29, 1998). "AOL: A Cracker's Paradise”AOL: A Cracker's Paradise 