Presentation is loading. Please wait.

Presentation is loading. Please wait.

PHISHING PRESENTED BY: ARQAM PASHA. AGENDA What is Phishing? Phishing Statistics Phishing Techniques Recent Examples Damages Caused by Phishing How to.

Similar presentations


Presentation on theme: "PHISHING PRESENTED BY: ARQAM PASHA. AGENDA What is Phishing? Phishing Statistics Phishing Techniques Recent Examples Damages Caused by Phishing How to."— Presentation transcript:

1 PHISHING PRESENTED BY: ARQAM PASHA

2 AGENDA What is Phishing? Phishing Statistics Phishing Techniques Recent Examples Damages Caused by Phishing How to avoid being a Phishing Victim?

3 What is Phishing? “Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication”.

4 What is Phishing? The purpose of a phishing message is to acquire sensitive information about a user. For doing so the message needs to deceive the intended recipient. Typically carried out by email or IM. Official-looking e-mail sent to potential victims. Pretends to be from their Service Provider such as Retail Store, Bank, Club etc.

5 What is Phishing? Link in an e-mail message directs the user to a Web page Asks for Financial Information Page looks genuine Easy to fake valid Web site Any HTML page on the real Web can be copied and thus modified.

6 Phishing Statistics

7 Global Phishing Survey 2010 In 2H2010, there were at least 67,677 phishing attacks worldwide. This is greater than the 48,244 observed in 1H2010, but significantly less than the record 126,697 in 2H2009. Phishing remains concentrated in certain namespaces. Sixty percent of attacks occurred in just four TLDs:.COM,.CC,.NET, and.ORG. And 89 percent of malicious domain registrations were made in four TLDs:.COM,.TK,.NET, and.INFO.

8 Phishing Techniques

9

10 Recent Examples An example of a phishing e-mail, disguised as an official e-mail from a (fictional) bank. The sender is attempting to trick the recipient into revealing confidential information by "confirming" it at the phisher's website. Note the misspelling of the words received and discrepancy. Also note that although the URL of the bank's webpage appears to be legitimate, the hyperlink would actually be pointed at the phisher's webpage.

11 Ebay This link takes you to http://signinebay.com/cgibin.tk/eBaydll.php

12 Citibank Not the real address

13 People’s Bank Not the proper link for peoples.com

14 Damages Caused by Phishing Threatens effective communication Undermines goodwill and trust Drives people away from usage of Internet Direct harm to customers from stolen IDs, passwords

15 Damages Caused by Phishing Diminishes value of brand Could affect shareholders Possibility of liability for failure to exercise due diligence in protecting trademark

16 How to avoid being a victim? 1. Never respond to requests for personal information via email. When in doubt, call the institution that claims to have sent you the email. –phishers typically include upsetting or exciting (but false)statements in their emails to get people to react immediately (i.e., claiming they will shut off your account) –phishers typically ask for confidential information such as usernames, passwords, credit card numbers, social security numbers, etc.

17 How to Avoid being a victim? 2. If you suspect the message might not be authentic, don't use the links within the email to get to a web page –call the company on the telephone or log onto the website directly by typing their Web address in your browser. 3. Never fill out forms in email messages that ask for confidential information

18 How to avoid being a victim? 4. Always ensure that you're using a secure website when submitting credit card or other sensitive information via your web browser –check the beginning of the Web address in your browsers address bar - it should be ‘https://’ rather than just ‘http://’ –look for the locked padlock icon on your browser (i.e. Internet Explorer/Mozilla)

19 How to avoid being a victim? 5. Regularly check your bank, credit and debit card statements to ensure that all transactions are legitimate and if anything is suspicious, contact your bank and all card issuers immediately 6. Ensure that your browser and OS software is up-to-date and that latest security patches are applied

20 Works Cited APWG. "Global Phishing Survey: Trends and Domain Name Use in 2H 2010.“ "Avoid Getting 'Hooked' By Phishers." Welcome to Fraud.org, Online Home of NCL's Fraud Center. Patil, DJ. "Building Data Science Teams - O'Reilly Radar." O'Reilly Radar - Insight, Analysis, and Research about Emerging Technologies. "ScienceDirect - Computer Fraud & Security : Internet War: Picking on the Finance Sector – Survey: More Vulnerabilities & Phishing." ScienceDirect - Home. Urmann, David. "Phishing Techniques." Ezine Articles. Wikipedia. "Phishing." Wikipedia, the Free Encyclopedia.

21 Time’s Up! Thank you for listening!


Download ppt "PHISHING PRESENTED BY: ARQAM PASHA. AGENDA What is Phishing? Phishing Statistics Phishing Techniques Recent Examples Damages Caused by Phishing How to."

Similar presentations


Ads by Google