Presentation is loading. Please wait.

Presentation is loading. Please wait.

Phishing is a form of social engineering that attempts to steal sensitive information.

Published byChester Fitzgerald Modified over 6 years ago

Similar presentations

Presentation on theme: "Phishing is a form of social engineering that attempts to steal sensitive information."— Presentation transcript:

1

2 Phishing is a form of social engineering that attempts to steal sensitive information.
An attacker’s goal is to compromise systems to obtain usernames, passwords, and other account and/or financial data. They most frequently accomplish phishing attacks via . The attacker sends crafted s to people within an organization. The usually pretends to be from someone trustworthy, like your bank, UPS/FedEx, a credit card company or an airline, or some other site for which you may have login credentials. The includes a link to an “official” website that is actually a fake site operated by the attacker

3 Once the user visits the fake site, they may be asked overtly to enter account information such as usernames, passwords, credit card details, social security or bank account numbers. The victim may also be exposed to malware by the fake site. Taking advantage of a variety of vulnerabilities in the browser, the attacker may be able to install a Trojan Horse on the user’s computer. If done correctly, the attack can capture sensitive information without the victim even knowing that they have been compromised.

4 Emails claiming to be from organizations
Who can phish u 1- s from people you know claiming to be stranded in a foreign country, asking you to wire money so that they can travel home. 2- s claiming to be from reputable news organizations capitalizing on trending news. s claiming to be from organizations 3- s threatening to harm recipients unless sums in the thousands of dollars are paid.

5 types of phishing attacks
1-Malware-Based Phishing refers to scams that involve running malicious software on users' PCs. 2-Web Trojans pop up invisibly when users are attempting to log in. They collect the user's credentials locally and transmit them to the phisher. 3-Deceptive Phishing:{ The term "phishing" originally referred to account theft using instant messaging but the most common broadcast method today is a deceptive message}. Messages about the need to verify account information, system failure requiring users to re-enter their information, fictitious account charges, undesirable account changes, new free services requiring quick action, and many other scams are broadcast to a wide group of recipients with the hope that the unwary will respond by clicking a link to or signing onto a bogus site where their confidential information can be collected.

6 Phishing can take many forms and can be achieved with many tools and techniques. Here, we highlight the most common tools and techniques that are used to carry out phishing scams **Link Manipulation: 1-Use of Sub-Domains For nontechnical users who may not be familiar with sub-domains, this trick works like magic for the hacker, Consider for example, you get an from a renowned xyz bank that asks for your credentials and requests you to click on the URL A nontechnical person will consider that the link would direct to a “user” section of the xyz bank

7 2-Hidden URLs Another commonly used link manipulation technique is when a phisher hides the actual URL under plain text. This means that rather than displaying the actual URL,

8 Phishing tools: 1-super phisher 2-phishercreator 3-SpearPhisher
4-Ninja Phishing Framework 5-Aurora Phishing

9 Tips to Prevent Phishing Attacks
1. Learn to Identify Suspected Phishing s There are some qualities that identify an attack through an They duplicate the image of a real company. Copy the name of a company or an actual employee of the company. Include sites that are visually similar to a real business. Promote gifts, or the loss of an existing account.

10 2. Check the Source of Information From Incoming Mail 3
2. Check the Source of Information From Incoming Mail 3. Never Go to Your Bank’s Website by Clicking on Links Included in s 4. Enhance the Security of Your Computer: a-keeping your computer protected with a good antivirus to block this type of attack. B-you should always have the most recent update on your operating system and web browsers

11 5. Enter Your Sensitive Data in Secure Websites Only In order for a site to be ‘safe’, it must begin with ‘ and your browser should show an icon of a closed lock. 6. Periodically Check Your Accounts It never hurts to check your bank accounts periodically to be aware of any irregularities in your online transactions.

12 7. Phishing Doesn’t Only Pertain to Online Banking Most phishing attacks are against banks, but can also use any popular website to steal personal data such as eBay, Facebook, PayPal, etc 8-Most legitimate s will address you by your full name at the beginning of the message. If there is any doubt that the is legitimate, be smart and don't enter your information. Even if you believe the message is valid, following the guidelines above will prevent you from giving phishers your personal information

13 Super phisher

14 Super phisher

15

16 Done by : Marwa Alawneh Duaa Abu rumman

Download ppt "Phishing is a form of social engineering that attempts to steal sensitive information."

Similar presentations

Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,

Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,
Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.
Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.

Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.
How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.

How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.

Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
Jason Rich CIS - 158 1.  The purpose of this project is to inform the audience about the act of phishing. Phishing is when fake websites are created.

Jason Rich CIS  The purpose of this project is to inform the audience about the act of phishing. Phishing is when fake websites are created.
Phishing (pronounced “fishing”) is the process of sending e-mail messages to lure Internet users into revealing personal information such as credit card.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
Internet Phishing Not the kind of Fishing you are used to.

Internet Phishing Not the kind of Fishing you are used to.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
How It Applies In A Virtual World

How It Applies In A Virtual World
CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. Emails. Safe browsing for shopping and online banks. Social media.

CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.
PHISHING AND SPAM EMAIL INTRODUCTION There’s a good chance that in the past week you have received at least one email that pretends to be from your bank,

PHISHING AND SPAM INTRODUCTION There’s a good chance that in the past week you have received at least one that pretends to be from your bank,
Cyber Crimes.

Cyber Crimes.
Day 3 Cybersafety Presented by FJUHSD Teacher Librarian.

Day 3 Cybersafety Presented by FJUHSD Teacher Librarian.
Reliability & Desirability of Data

Reliability & Desirability of Data
IT security By Tilly Gerlack.

IT security By Tilly Gerlack.
Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.

Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.
CCT355H5 F Presentation: Phishing November 22. 2012 Jennifer Li.

CCT355H5 F Presentation: Phishing November Jennifer Li.
About Phishing Phishing is a criminal activity using social engineering techniques.criminalsocial engineering Phishers attempt to fraudulently acquire.

About Phishing Phishing is a criminal activity using social engineering techniques.criminalsocial engineering Phishers attempt to fraudulently acquire.
Phishing Internet scams. Phishing phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and.

Phishing Internet scams. Phishing phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and.

Similar presentations

Ads by Google