Presentation is loading. Please wait.

Presentation is loading. Please wait.

VENKAT DEEP RAJAN SUMALATHA REDDY KARTHIK INJARAPU CPSC 620 CLEMSON UNIVERSITY.

Published byDominick Hardy Modified over 9 years ago

Similar presentations

Presentation on theme: "VENKAT DEEP RAJAN SUMALATHA REDDY KARTHIK INJARAPU CPSC 620 CLEMSON UNIVERSITY."— Presentation transcript:

1 VENKAT DEEP RAJAN SUMALATHA REDDY KARTHIK INJARAPU CPSC 620 CLEMSON UNIVERSITY

2 INTRODUCTION  Identity Theft  Number of phishing cases escalating in number  Customers tricked into submitting their personal data

3 Phishing.. ?  Defined as the task of sending an email, falsely claiming to be an established enterprise in an attempt to scam a user into surrendering private information  Redirects user to a scam website, where the user is asked to submit his private data.  Derivation of the word “phishing”

4 Social Engineering Factors  Phishing attacks rely on a combination of technical deceit and social engineering practices  Phisher persuades the victim to perform some series of actions  Phisher impersonates a trusted source for the victim to believe

5 How does it look.. ?  Sophisticated e-mail messages and pop-up windows.  Official-looking logos from real organizations

6 A Phishing mail

7 Another example

8 Delivery Techniques  Mails or spam’s:  Most common way and done by utilizing spam tools.  Web-sites:  Embedding malicious content into the website.

9 Delivery Techniques  Redirecting:  Cheat the customer to enter illicit website.  Trojan horse:  Capturing home PC’s and utilizing them to propagate the attacks.

10 Attack Techniques  Man-in-the-middle Attacks  URL Obfuscation Attacks  Cross-site Scripting Attacks  Preset Session Attack  Hidden Attacks

11 Man-in-the-middle Attacks

12 Cross-site Scripting Attacks

13 Preset Session Attack:

14 Defensive mechanisms  Client-Side  Server-Side  Enterprise Level

15 Client-Side  Desktop Protection Technologies  Browser Capabilities  Digitally signed Emails  User-application level monitoring solutions

16  Local Anti-Virus protection  Personal Firewall  Personal IDS  Personal Anti-Spam  Spy ware Detection Desktop Protection Technologies

17 Browser Capabilities Browser Capabilities  Disable all window pop-up functionality  Disable Java runtime support  Disable ActiveX support  Disable all multimedia and auto-play/auto-execute extensions  Prevent the storage of non-secure cookies

18 Digitally Signed Email

19 Server-side Validating Official Communications Strong token based authentication

20 Validating Official Communications  Digital Signatures  Visual or Audio personalization of email

21 Strong token based authentication

22 Enterprise Level  Mail Server Authentication  Digitally Signed Email  Domain Monitoring

23 Mail Server Authentication Mail Server Authentication

24 Digitally Signed Email

25 Domain Monitoring Monitor the registration of Internet domains relating to their organization The expiry and renewal of existing corporate domains The registration of similarly named domains

26 Conclusion  Understanding the tools and technologies  User awareness  Implementing Multi-tier defense mechanisms

27 References  Cyveillance the brand monitoring network www.cyveillance.comwww.cyveillance.com  http://www.technicalinfo.net/index.html http://www.technicalinfo.net/index.html  The phishing Guidewww.ngssoftware.comwww.ngssoftware.com  http://www.webopedia.com/TERM/P/phishing.htmlhttp://www.webopedia.com/TERM/P/phishing.html  http://www.wordspy.com/words/phishing.asp http://www.wordspy.com/words/phishing.asp  Stutz, Michael (January 29, 1998). "AOL: A Cracker's Paradise”AOL: A Cracker's Paradise  http://www.technicalinfo.net/papers/Phishing.html http://www.technicalinfo.net/papers/Phishing.html

Download ppt "VENKAT DEEP RAJAN SUMALATHA REDDY KARTHIK INJARAPU CPSC 620 CLEMSON UNIVERSITY."

Similar presentations

PHISHING AND ANTI-PHISHING TECHNIQUES Sumanth, Sanath and Anil CpSc 620.

PHISHING AND ANTI-PHISHING TECHNIQUES Sumanth, Sanath and Anil CpSc 620.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.

How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.

Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
PHISHING By, Himanshu Mishra Parrag Mehta. OUTLINE What is Phishing ? Phishing Techniques Message Delivery Effects of Phishing Anti-Phishing Techniques.

PHISHING By, Himanshu Mishra Parrag Mehta. OUTLINE What is Phishing ? Phishing Techniques Message Delivery Effects of Phishing Anti-Phishing Techniques.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Chapter 9: Privacy, Crime, and Security

Chapter 9: Privacy, Crime, and Security
Phishing (pronounced “fishing”) is the process of sending e-mail messages to lure Internet users into revealing personal information such as credit card.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
Internet Phishing Not the kind of Fishing you are used to.

Internet Phishing Not the kind of Fishing you are used to.
1 Managing Identity Threats May 2010. 2 Where are the threats ? Customer Web/App Server Vulnerabilities: Trojan sniffers Soliciting Email to enter credentials.

1 Managing Identity Threats May Where are the threats ? Customer Web/App Server Vulnerabilities: Trojan sniffers Soliciting to enter credentials.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Chapter 4 Personal Security

Chapter 4 Personal Security
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.
Business Data Communications, Fourth Edition Chapter 10: Network Security.

Business Data Communications, Fourth Edition Chapter 10: Network Security.
Saravana Venkatesh Chellam 42323088 Supervisor : Josef Pieprzyk.

Saravana Venkatesh Chellam Supervisor : Josef Pieprzyk.
Phishing – Read Behind The Lines Veljko Pejović

Phishing – Read Behind The Lines Veljko Pejović
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Similar presentations

Ads by Google