Presentation is loading. Please wait.

Presentation is loading. Please wait.

PHISHING By, Himanshu Mishra Parrag Mehta. OUTLINE What is Phishing ? Phishing Techniques Message Delivery Effects of Phishing Anti-Phishing Techniques.

Published byVictor Price Modified over 9 years ago

Similar presentations

Presentation on theme: "PHISHING By, Himanshu Mishra Parrag Mehta. OUTLINE What is Phishing ? Phishing Techniques Message Delivery Effects of Phishing Anti-Phishing Techniques."— Presentation transcript:

1 PHISHING By, Himanshu Mishra Parrag Mehta

2 OUTLINE What is Phishing ? Phishing Techniques Message Delivery Effects of Phishing Anti-Phishing Techniques Conclusion

3 WHAT IS PHISHING ? It is a form of identifying theft that uses both social engineering and technical subterfuge to steal consumer’s personal identity data as well as financial account credentials Phishers attempt to fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication.

4 PHISHING History Social Engineering Factors Psychological Factors

5 HISTORY First mentioned in AOL Usenet newsgroup on January 2, 1996. Variant of the word “fish”. AOHell – custom written program Line added on all instant messages.

6 SOCIAL ENGINEERING FACTORS Methods include mix of technical deceit and social engineering practices. Phishers persuade victims to perform series of actions. Popular communication channels: email, web pages, instant messaging services. Impersonate as a trusted source.

7

8 PSYCHOLOGICAL FACTORS Trust Of Authority e.g. BOA questions the validity of account Email and web pages can look real http://bankofamerica.com/loginhttp://bankofamerica.com/login may really be http://bankofcrime.com/got_your_login

9 PHISHING TECHNIQUES Link Manipulation Filter Evasion Website forgery Phone Phishing

10 LINK MANIPULATION Bad domain names – Actual domain host: http://privatebanking.mybank.com. – Phisher manipulated host : http://privatebanking.mybank.com.ch Friendly login URL’s – http://mybank.com:ebanking@evilsite.com/phishing/fakepage.htm Third-party shortened URL’s – http://tinyurl.com changed to http://tinyurl.com/4outd http://tinyurl.comhttp://tinyurl.com/4outd Host name obfuscation – http://mybank.com:ebanking@evilsite.com/phishing/fakepage.htm http://mybank.com:ebanking@evilsite.com/phishing/fakepage.htm – http://mybank.com:ebanking@210.134.161.35/login.htm

11 FILTER EVASION Flash-based websites Images instead of text

12 WEBSITE FORGERY JavaScript commands. Cross-site scripting (CSS or XSS). Full HTML substitution such as: http://mybank.com/ebanking?URL=http://evilsite.com/phishing/fake page.htm Universal Man-in-the-middle Phishing Kit.

13 PHONE PHISHING Phone number owned by the phisher and provided by VOIP. – Fake Caller ID – Prompts user to enter account numbers and PIN – Vishing (voice Phishing)

14 MESSAGE DELIVERY Web-based Email and Spam Instant Messaging Trojan Hosts

15 WEB BASED Banner advertising graphics. Use of web-bugs Pop-up or frameless window. Embed malicious content and install software.

16 EMAIL & SPAM

17 Official looking and sounding emails Copies of legitimate corporate emails with minor URL changes HTML based email used to obfuscate target URL information Standard virus/worm attachments to emails A plethora of anti spam-detection inclusions

18 Contd. Crafting of “personalised” or unique email messages Fake postings to popular message boards and mailing lists Use of fake “Mail From:” addresses and open mail relays for disguising the source of the email

19 INSTANT MESSAGING More popular with home users with more functionality included within the s/w Bots (automated programs that listen and participate in group discussions)

20 TROJANED HOSTS Trick home users to install software. Selective Information recorded. Java applet – “javautil.zip” – Key Logger

21 EFFECTS Financial Loss – Losses ranging from hundreds to tens of thousands of dollars Loss of Trust – Users Refrain from using Internet for business Law Enforcement Difficulties – Cross border attacks

22 ANTI-PHISHING Social Response Technical Response – Browser Alerts – Digitally Signed Emails – Augmenting Password Logins – Filters – Anti-virus Legal Response

23 SOCIAL RESPONSE Do not accept friend requests from people you don’t know on Facebook even though you may have many mutual friends with them Generic addressing Fraud Link

24 TECHNICAL RESPONSE Browser Alerts

25 TECHNICAL RESPONSE SenderReceiverEmail Server CA Server Digitally Signed Email

26 TECHNICAL RESPONSE Augmented Password Login

27 TECHNICAL RESPONSE Spam Filter

28 CONCLUSION Phishing affects both consumers and organizations User Education can help prevent / fight Phishing Co-operation between governments can help nab Phishers

29 REFERENCES http://en.wikipedia.org/wiki/Phishing www.justice.gov http://www.infosecwriters.com/text_resource s/pdf/Phishing_DMosley.pdf http://www.infosecwriters.com/text_resource s/pdf/Phishing_DMosley.pdf http://www.ngssoftware.com

Download ppt "PHISHING By, Himanshu Mishra Parrag Mehta. OUTLINE What is Phishing ? Phishing Techniques Message Delivery Effects of Phishing Anti-Phishing Techniques."

Similar presentations

Protect Yourself Against Phishing. The good news: The number of US adult victims of identity fraud decreased from 9.3 million in 2005, to 8.4 million.

Protect Yourself Against Phishing. The good news: The number of US adult victims of identity fraud decreased from 9.3 million in 2005, to 8.4 million.
How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.

How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.
Software programs that enable you to view world wide web documents. Internet Explorer and Firefox are examples. Browser.

Software programs that enable you to view world wide web documents. Internet Explorer and Firefox are examples. Browser.
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.

Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
Learn to protect yourself... a 21 st Century Scam.. Phishing.

Learn to protect yourself... a 21 st Century Scam.. Phishing.
Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.

Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.
Phishing (pronounced “fishing”) is the process of sending e-mail messages to lure Internet users into revealing personal information such as credit card.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
Internet Phishing Not the kind of Fishing you are used to.

Internet Phishing Not the kind of Fishing you are used to.
Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang.

Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang.
Threats To A Computer Network

Threats To A Computer Network
Saravana Venkatesh Chellam 42323088 Supervisor : Josef Pieprzyk.

Saravana Venkatesh Chellam Supervisor : Josef Pieprzyk.
Phishing – Read Behind The Lines Veljko Pejović

Phishing – Read Behind The Lines Veljko Pejović
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
Teach a man (person) to Phish Recognizing email scams, spams and other personal security attacks July 17 th, 2013 High Tea at IT, Summer, 2013.

Teach a man (person) to Phish Recognizing scams, spams and other personal security attacks July 17 th, 2013 High Tea at IT, Summer, 2013.
The OWASP Foundation OWASP Chennai 2007 Phishing.

The OWASP Foundation OWASP Chennai Phishing.
Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.

Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.
Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.

Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.
How It Applies In A Virtual World

How It Applies In A Virtual World
Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.

Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.

Similar presentations

Ads by Google