Presentation is loading. Please wait.

Presentation is loading. Please wait.

How Phishing Works Prof. Vipul Chudasama.

Published byHelena Walker Modified over 9 years ago

Similar presentations

Presentation on theme: "How Phishing Works Prof. Vipul Chudasama."— Presentation transcript:

1 How Phishing Works Prof. Vipul Chudasama

2 Phishing Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Majorly by Spoofing Instant Messaging Social engineering Domain ,subdomain

3 History The first recorded mention of the term "phishing" is found in the hacking tool AOHell (according to its creator), which included a function for attempting to steal the passwords or financial details of America Online users.[1995] A phisher might pose as an AOL staff member and send an instant message to a potential victim, asking him to reveal his password. In order to lure the victim into giving up sensitive information, the message might include imperatives such as "verify your account" or "confirm billing information". Once the victim had revealed the password, the attacker could access and use the victim's account for fraudulent purposes or spamming.

4 Phishing

5 Phishing Types Phishing – Spoofed email[like American Express]
Spare phishing :Phishing attempts directed at specific individuals or companies Clone phishing: The attachment or link within the is replaced with a malicious version and then sent from an address spoofed to appear to come from the original sender. Whaling: senior executives and other high profile targets Rogue WiFi (MitM) 

6 How phishing carried out
Phisher Contact to malware software developer Malware software sends to thousand of people is designed to look like same as legitimated sites and insert link Phisher steal the money from user account Phisher captures user information Person click on link which is spoofed Website

7 Other Techniques Link Manipulation Website Forgery
Phone (Voice) Phishing

8 Phishing – Link Manipulation
Most methods of phishing use some form of technical deception designed to make a link in an (and the spoofed website it leads to) appear to belong to the spoofed organization. Misspelled URLs (Uniform resource locator ) or the use of subdomains are common tricks used by phishers, such as this example URL, Another common trick is to make the anchor text for a link appear to be a valid URL when the link actually goes to the phishers' site.

9 Phishing – Link Manipulation
An old method of spoofing links used links containing symbol, originally intended as a way to include a username and password in a web link. For example, the link might deceive a casual observer into believing that the it will open a page on Google.com, whereas the link actually directs the browser to a page on members.tripod.com, using a username of the page opens normally, regardless of the username supplied.

10 Phishing – Website Forgery
Once the victim visits the website the deception is not over. Some phishing scams use JavaScript commands in order to alter the address bar. This is done either by placing a picture of the legitimate entity's URL over the address bar, or by closing the original address bar and opening a new one containing the legitimate URL.

11 Phishing – Website Forgery
An attacker can even use a trusted website's own scripts against the victim. These types of attacks (known as cross-site scripting) are particularly problematic, because they direct the user to sign in at their bank or service's own web page, where everything from the web address to the security certificates appears correct. In reality, the link to the website is crafted to carry out the attack, although it is very difficult to spot without specialist knowledge. Just such a flaw was used in 2006 against PayPal.

12 Phone (Voice) Phishing
Not all phishing attacks require a fake website. In an incident in 2006, messages that claimed to be from a bank told users to dial a phone number regarding problems with their bank accounts. Once the phone number (owned by the phisher, and provided by a Voice over IP provider) was dialed, prompts told users to enter their account numbers and PIN. Voice phishing sometimes uses fake caller-ID data to give the appearance that the calls come from a trusted organization.

13 Phishing - How To Protect Yourself
Users can take steps to avoid phishing attempts by slightly modifying their browsing habits. Users who are contacted about an account needing to be "verified" (or any other topic used by phishers) can contact the company that is the subject of the to check that the is legitimate, They can also type in a trusted web address for the company's website into the address bar of their browser to bypass the link in the suspected phishing message.

14 Phishing - How To Protect Yourself
Nearly all legitimate messages from companies to their customers will contain an item of information that is not readily available to phishers. Some companies, like PayPal, always address their customers by their username in s, so if an addresses a user in a generic fashion ("Dear PayPal customer") it is likely to be an attempt at phishing. SPAM filters can also help by reducing the number of phishing s that users receive in their inboxes.

15 Phishing - How To Protect Yourself
Anti-phishing measures have been implemented as features embedded in browsers, as extensions or toolbars for browsers, and as part of website login procedures. For example, some anti-phishing toolbars display the real domain name for the visited website. The petname extension for Firefox lets users type in their own labels for websites, so they can later recognize when they are back at the correct site. If the site is a suspect, then the software may either warn the user or block the site outright. Internet Explorer Version 7 is intended to defend users from phishing as well as deceptive or malicious software, and it also features full user control of ActiveX and better security framework.

16 Phishing Example In this example, targeted at South Trust Bank users, the phisher has used an image to make it harder for anti-phishing filters to detect by scanning for text commonly used in phishing s.

17 Quiz Legitimate or Phishing

18 Phishing

19 Quiz Legitimate or Phishing

20 Legitmate

21

Download ppt "How Phishing Works Prof. Vipul Chudasama."

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via

What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via
Internet Safety Gleneagles Computer Club February 16, 2015 by Deborah Benson.

Internet Safety Gleneagles Computer Club February 16, 2015 by Deborah Benson.
Phishing Scams use spoofed emails and websites as lures to prompt people to voluntarily hand over sensitive information Phishing emails may contain.

Phishing Scams use spoofed s and websites as lures to prompt people to voluntarily hand over sensitive information Phishing s may contain.
Victoria ISD Common Sense Media Grade 6: Scams and schemes

Victoria ISD Common Sense Media Grade 6: Scams and schemes
Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.
How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.

How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.
What is identity theft, and how can you protect yourself from it?

What is identity theft, and how can you protect yourself from it?
Phishing, Spoofing, Spamming and Security How To Protect Yourself Additional Credits: Educause/SonicWall, Hendra Harianto Tuty, Microsoft Corporation,

Phishing, Spoofing, Spamming and Security How To Protect Yourself Additional Credits: Educause/SonicWall, Hendra Harianto Tuty, Microsoft Corporation,
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.

Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
1 What is Phishing? …listening to music by the band called Phish or perhaps …a hobby, sport or recreation involving the ocean, rivers or streams…nope.

1 What is Phishing? …listening to music by the band called Phish or perhaps …a hobby, sport or recreation involving the ocean, rivers or streams…nope.
A few simple steps, hints and tips to figure out if it is indeed fake. - By Emily Breuss.

A few simple steps, hints and tips to figure out if it is indeed fake. - By Emily Breuss.
Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.

Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.
Jason Rich CIS - 158 1.  The purpose of this project is to inform the audience about the act of phishing. Phishing is when fake websites are created.

Jason Rich CIS  The purpose of this project is to inform the audience about the act of phishing. Phishing is when fake websites are created.
PHISHING By, Himanshu Mishra Parrag Mehta. OUTLINE What is Phishing ? Phishing Techniques Message Delivery Effects of Phishing Anti-Phishing Techniques.

PHISHING By, Himanshu Mishra Parrag Mehta. OUTLINE What is Phishing ? Phishing Techniques Message Delivery Effects of Phishing Anti-Phishing Techniques.
Internet Phishing Not the kind of Fishing you are used to.

Internet Phishing Not the kind of Fishing you are used to.
Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang.

Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang.
Hey check out this cool PHISHING presentation! Benjamin Ross Lyerly.

Hey check out this cool PHISHING presentation! Benjamin Ross Lyerly.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Similar presentations

Ads by Google