Published on

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. PHISHING
  2. 2. CONTENTS :- Introduction Types of phishing Examples of phishing Techniques of phishing Prevention methods
  3. 3. FISHING
  4. 4. PHISHING
  6. 6. Phishing is an attempt to fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.
  7. 7. Types of phishing Spear phishing Clone phishing Whaling phishing
  8. 8. Characteristics of phishing emails
  9. 9. 1. Disguised hyperlinks and sender address- • Appear similar as the genuine institution site. • Sender address of the email also appears as originated from the targeted company.
  10. 10. 2. Email consists of a clickable image : • Scam emails arrive as a clickable image file containing fraud request for information. • Clicking anywhere within the email will cause the bogus website to open.
  11. 11. 3. Content appears genuine Scam email include logos, styling, contact and copyright information. identical to those used by the targeted institution.
  12. 12. 4. Unsolicited requests for sensitive information : • Emails asks to click a link and provide sensitive personal information . • It is highly unlikely that a legitimate institution would request sensitive information in such a way.
  13. 13. 5. Generic Greetings • Scam mails are sent in bulk to many recipients and use generic greetings such as "Dear account holder" or "Dear [targeted institution] customer".
  14. 14. Phishing Techniques
  15. 15. Email/Spam • Sending mails that look trustworthy to user • Send the same email to millions of users, requesting them to fill in personal details • Messages have an urgent note • Click on a link which is embedded in your email.
  16. 16. Example of Phishing Email
  17. 17. “Man in the Middle” - attack • Attackers situate between the customer and the real web-based application • The attacker's server then proxies all communications between the customer and the real web-based application server
  18. 18. Link Manipulation By manipulating the links for example Instead of Misspelled URLs or sub domains are common tricks used by Attacker
  19. 19. Key loggers Key loggers are designed to monitor all the key strokes
  20. 20. Content Injection  Inserting malicious content into legitimate site.  Three primary types of content-injection phishing:  Hackers can compromise a server through a security vulnerability and replace or augment the legitimate content with malicious content.  Malicious content can be inserted into a site through a cross-site scripting vulnerability.  Malicious actions can be performed on a site through a SQL injection vulnerability.
  21. 21. Malware-Based Phishing • In this method, phishers used malicious software to attack on the user machine. • This phishing attack spreads due to social engineering or security vulnerabilities. • In social engineering, the user is convinced to open an attachment that attracts the user regarding some important information and download it containing malwares. • Exploiting the security vulnerabilities by injecting worms and viruses is another form of malware based phishing.
  22. 22. Trojan Horse • Trojan is a program that gives complete access of host computer to phishers after being installed at the host computer. • Phishers will make the user to install the trojan software which helps in email propagating and hosting fraudulent websites.
  23. 23. Beast (A Trojan horse software)
  24. 24. Mobile Phishing • Mobile Phishing is a social engineering technique where the attack is invited via mobile texting rather than email. • An attacker targets mobile phone users with a phishing attack for the purpose of soliciting account passwords or sensitive information from the user. • The user is enticed to provide information or go to a compromised web site via text message.
  25. 25. Prevention Against Phishing Attack • Never respond to emails that request personal financial information • Visit bank’s websites by typing the URL into the address bar • Keep a regular check on your accounts • Be cautious with emails and personal data
  26. 26. • Keep your computer secure • Use anti-spam software • Use anti-spyware software • Use the Microsoft Baseline Security Analyser (MBSA) • Use Firewall
  27. 27. Continued… • Protect against DNS pharming attacks • Check the website you are visiting is secure • Use backup system images • Get educated about phishing prevention attack • Always report suspicious activity
  28. 28. It is better to be safer now than feel sorry later. Thank you.