SlideShare a Scribd company logo

Phishing

•Download as PPT, PDF•
•
Alka Falwaria
Alka Falwaria
Technology
1 of 28
PHISHING
CONTENTS :- Introduction Types of phishing Examples of phishing Techniques of phishing Prevention methods
FISHING
PHISHING
PHISHING PHREAKING FISHING FREAKPHONE
Phishing is an attempt to fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.
Types of phishing Spear phishing Clone phishing Whaling phishing
Characteristics of phishing emails
1. Disguised hyperlinks and sender address- • Appear similar as the genuine institution site. • Sender address of the email also appears as originated from the targeted company.
2. Email consists of a clickable image : • Scam emails arrive as a clickable image file containing fraud request for information. • Clicking anywhere within the email will cause the bogus website to open.
3. Content appears genuine Scam email include logos, styling, contact and copyright information. identical to those used by the targeted institution.
4. Unsolicited requests for sensitive information : • Emails asks to click a link and provide sensitive personal information . • It is highly unlikely that a legitimate institution would request sensitive information in such a way.
5. Generic Greetings • Scam mails are sent in bulk to many recipients and use generic greetings such as "Dear account holder" or "Dear [targeted institution] customer".
Phishing Techniques
Email/Spam • Sending mails that look trustworthy to user • Send the same email to millions of users, requesting them to fill in personal details • Messages have an urgent note • Click on a link which is embedded in your email.
Example of Phishing Email
“Man in the Middle” - attack • Attackers situate between the customer and the real web-based application • The attacker's server then proxies all communications between the customer and the real web-based application server
Link Manipulation By manipulating the links for example www.facb00k.com Instead of www.facebook.com Misspelled URLs or sub domains are common tricks used by Attacker
Key loggers Key loggers are designed to monitor all the key strokes
Content Injection  Inserting malicious content into legitimate site.  Three primary types of content-injection phishing:  Hackers can compromise a server through a security vulnerability and replace or augment the legitimate content with malicious content.  Malicious content can be inserted into a site through a cross-site scripting vulnerability.  Malicious actions can be performed on a site through a SQL injection vulnerability.
Malware-Based Phishing • In this method, phishers used malicious software to attack on the user machine. • This phishing attack spreads due to social engineering or security vulnerabilities. • In social engineering, the user is convinced to open an attachment that attracts the user regarding some important information and download it containing malwares. • Exploiting the security vulnerabilities by injecting worms and viruses is another form of malware based phishing.
Trojan Horse • Trojan is a program that gives complete access of host computer to phishers after being installed at the host computer. • Phishers will make the user to install the trojan software which helps in email propagating and hosting fraudulent websites.
Beast (A Trojan horse software)
Mobile Phishing • Mobile Phishing is a social engineering technique where the attack is invited via mobile texting rather than email. • An attacker targets mobile phone users with a phishing attack for the purpose of soliciting account passwords or sensitive information from the user. • The user is enticed to provide information or go to a compromised web site via text message.
Prevention Against Phishing Attack • Never respond to emails that request personal financial information • Visit bank’s websites by typing the URL into the address bar • Keep a regular check on your accounts • Be cautious with emails and personal data
• Keep your computer secure • Use anti-spam software • Use anti-spyware software • Use the Microsoft Baseline Security Analyser (MBSA) • Use Firewall
Continued… • Protect against DNS pharming attacks • Check the website you are visiting is secure • Use backup system images • Get educated about phishing prevention attack • Always report suspicious activity
It is better to be safer now than feel sorry later. Thank you.

Recommended

What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?Quick Heal Technologies Ltd.
 
Phishing
PhishingPhishing
PhishingSagar Rai
 
Phishing
PhishingPhishing
Phishinganjalika sinha
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanControlScan, Inc.
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing AttacksSysCloud
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
Phishing attack
Phishing attackPhishing attack
Phishing attackRaghav Chhabra
 
Phishing
PhishingPhishing
PhishingSouganthikaSankaresw
 

Recommended

What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?Quick Heal Technologies Ltd.
 
Phishing
PhishingPhishing
PhishingSagar Rai
 
Phishing
PhishingPhishing
Phishinganjalika sinha
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanControlScan, Inc.
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing AttacksSysCloud
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
Phishing attack
Phishing attackPhishing attack
Phishing attackRaghav Chhabra
 
Phishing
PhishingPhishing
PhishingSouganthikaSankaresw
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Securityanjuselina
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks pptAryan Ragu
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gbensonoo
 
Anti phishing presentation
Anti phishing presentationAnti phishing presentation
Anti phishing presentationBokangMalunga
 
Anti phishing
Anti phishingAnti phishing
Anti phishingShethwala Ridhvesh
 
Phishing
PhishingPhishing
PhishingSaurabhKantSahu1
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security AwarenessSurya Bathulapalli
 
Phishing ppt
Phishing pptPhishing ppt
Phishing pptshindept123
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing AttacksJagan Mohan
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on PhishingPankaj Yadav
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringWilliam Gregorian
 
Phishing attack seminar presentation
Phishing attack seminar presentation Phishing attack seminar presentation
Phishing attack seminar presentation AniketPandit18
 
Phishing
PhishingPhishing
PhishingJayaseelan Vejayon
 
Phishing
PhishingPhishing
PhishingHHSome
 
PHISHING attack
PHISHING attack PHISHING attack
PHISHING attack Shubh Thakkar
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDmitriy Scherbina
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101mateenzero
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharksNalneesh Gaur
 
Phishing awareness
Phishing awarenessPhishing awareness
Phishing awarenessPhishingBox
 
Phishing 101 General Course
Phishing 101 General CoursePhishing 101 General Course
Phishing 101 General CourseAaron Keating
 
edu 3 ppt.pptx
edu 3 ppt.pptxedu 3 ppt.pptx
edu 3 ppt.pptxArchaWashington
 

More Related Content

What's hot

Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Securityanjuselina
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks pptAryan Ragu
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gbensonoo
 
Anti phishing presentation
Anti phishing presentationAnti phishing presentation
Anti phishing presentationBokangMalunga
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security AwarenessSurya Bathulapalli
 
Phishing ppt
Phishing pptPhishing ppt
Phishing pptshindept123
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing AttacksJagan Mohan
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on PhishingPankaj Yadav
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
Phishing attack seminar presentation
Phishing attack seminar presentation Phishing attack seminar presentation
Phishing attack seminar presentation AniketPandit18
 
Phishing
PhishingPhishing
PhishingHHSome
 
PHISHING attack
PHISHING attack PHISHING attack
PHISHING attack Shubh Thakkar
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDmitriy Scherbina
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101mateenzero
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharksNalneesh Gaur
 
Phishing awareness
Phishing awarenessPhishing awareness
Phishing awarenessPhishingBox
 

What's hot (20)

Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Security
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks ppt
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
 
Anti phishing presentation
Anti phishing presentationAnti phishing presentation
Anti phishing presentation
 
Anti phishing
Anti phishingAnti phishing
Anti phishing
 
Phishing
PhishingPhishing
Phishing
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing Attacks
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on Phishing
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Phishing attack seminar presentation
Phishing attack seminar presentation Phishing attack seminar presentation
Phishing attack seminar presentation
 
Phishing
PhishingPhishing
Phishing
 
Phishing
PhishingPhishing
Phishing
 
PHISHING attack
PHISHING attack PHISHING attack
PHISHING attack
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharks
 
Phishing awareness
Phishing awarenessPhishing awareness
Phishing awareness
 

Similar to Phishing

Phishing 101 General Course
Phishing 101 General CoursePhishing 101 General Course
Phishing 101 General CourseAaron Keating
 
Phishing technology
Phishing technologyPhishing technology
Phishing technologyPreeti Papneja
 
Phishing technology
Phishing technologyPhishing technology
Phishing technologyPreeti Papneja
 
Phishing technology
Phishing technologyPhishing technology
Phishing technologyPreeti Papneja
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 
Spam & Phishing
Spam & PhishingSpam & Phishing
Spam & PhishingGrittyCC
 
Pp8
Pp8Pp8
Pp8BAILEYP
 
phishing-technology-730-J1A0e1Q.pptx
phishing-technology-730-J1A0e1Q.pptxphishing-technology-730-J1A0e1Q.pptx
phishing-technology-730-J1A0e1Q.pptxMaheshDhope1
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internetRohan Bharadwaj
 
Unit iii: Common Hacking Techniques
Unit iii: Common Hacking TechniquesUnit iii: Common Hacking Techniques
Unit iii: Common Hacking TechniquesArnav Chowdhury
 
phishing facts be aware and do not take the bait
phishing facts be aware and do not take the baitphishing facts be aware and do not take the bait
phishing facts be aware and do not take the baitssuser64f8f8
 
phishingppt-160209144204.pdf
phishingppt-160209144204.pdfphishingppt-160209144204.pdf
phishingppt-160209144204.pdfvinayakjadhav94
 
Phishing ppt
Phishing pptPhishing ppt
Phishing pptSanjay Kumar
 
Cyber crime & security
Cyber crime & securityCyber crime & security
Cyber crime & securityAvani Patel
 

Similar to Phishing (20)

Phishing 101 General Course
Phishing 101 General CoursePhishing 101 General Course
Phishing 101 General Course
 
edu 3 ppt.pptx
edu 3 ppt.pptxedu 3 ppt.pptx
edu 3 ppt.pptx
 
Chapter-5.pptx
Chapter-5.pptxChapter-5.pptx
Chapter-5.pptx
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
 
Spam & Phishing
Spam & PhishingSpam & Phishing
Spam & Phishing
 
Pp8
Pp8Pp8
Pp8
 
Phishing
PhishingPhishing
Phishing
 
Phishing
PhishingPhishing
Phishing
 
phishing-technology-730-J1A0e1Q.pptx
phishing-technology-730-J1A0e1Q.pptxphishing-technology-730-J1A0e1Q.pptx
phishing-technology-730-J1A0e1Q.pptx
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
 
Unit iii: Common Hacking Techniques
Unit iii: Common Hacking TechniquesUnit iii: Common Hacking Techniques
Unit iii: Common Hacking Techniques
 
phishing facts be aware and do not take the bait
phishing facts be aware and do not take the baitphishing facts be aware and do not take the bait
phishing facts be aware and do not take the bait
 
Phis
PhisPhis
Phis
 
phishingppt-160209144204.pdf
phishingppt-160209144204.pdfphishingppt-160209144204.pdf
phishingppt-160209144204.pdf
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
phishing.pptx
phishing.pptxphishing.pptx
phishing.pptx
 
Cyber crime & security
Cyber crime & securityCyber crime & security
Cyber crime & security
 

Recently uploaded

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 

Recently uploaded (20)

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 

Phishing

  • 2. CONTENTS :- Introduction Types of phishing Examples of phishing Techniques of phishing Prevention methods
  • 6. Phishing is an attempt to fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.
  • 7. Types of phishing Spear phishing Clone phishing Whaling phishing
  • 9. 1. Disguised hyperlinks and sender address- • Appear similar as the genuine institution site. • Sender address of the email also appears as originated from the targeted company.
  • 10. 2. Email consists of a clickable image : • Scam emails arrive as a clickable image file containing fraud request for information. • Clicking anywhere within the email will cause the bogus website to open.
  • 11. 3. Content appears genuine Scam email include logos, styling, contact and copyright information. identical to those used by the targeted institution.
  • 12. 4. Unsolicited requests for sensitive information : • Emails asks to click a link and provide sensitive personal information . • It is highly unlikely that a legitimate institution would request sensitive information in such a way.
  • 13. 5. Generic Greetings • Scam mails are sent in bulk to many recipients and use generic greetings such as "Dear account holder" or "Dear [targeted institution] customer".
  • 15. Email/Spam • Sending mails that look trustworthy to user • Send the same email to millions of users, requesting them to fill in personal details • Messages have an urgent note • Click on a link which is embedded in your email.
  • 17. “Man in the Middle” - attack • Attackers situate between the customer and the real web-based application • The attacker's server then proxies all communications between the customer and the real web-based application server
  • 18. Link Manipulation By manipulating the links for example www.facb00k.com Instead of www.facebook.com Misspelled URLs or sub domains are common tricks used by Attacker
  • 19. Key loggers Key loggers are designed to monitor all the key strokes
  • 20. Content Injection  Inserting malicious content into legitimate site.  Three primary types of content-injection phishing:  Hackers can compromise a server through a security vulnerability and replace or augment the legitimate content with malicious content.  Malicious content can be inserted into a site through a cross-site scripting vulnerability.  Malicious actions can be performed on a site through a SQL injection vulnerability.
  • 21. Malware-Based Phishing • In this method, phishers used malicious software to attack on the user machine. • This phishing attack spreads due to social engineering or security vulnerabilities. • In social engineering, the user is convinced to open an attachment that attracts the user regarding some important information and download it containing malwares. • Exploiting the security vulnerabilities by injecting worms and viruses is another form of malware based phishing.
  • 22. Trojan Horse • Trojan is a program that gives complete access of host computer to phishers after being installed at the host computer. • Phishers will make the user to install the trojan software which helps in email propagating and hosting fraudulent websites.
  • 24. Mobile Phishing • Mobile Phishing is a social engineering technique where the attack is invited via mobile texting rather than email. • An attacker targets mobile phone users with a phishing attack for the purpose of soliciting account passwords or sensitive information from the user. • The user is enticed to provide information or go to a compromised web site via text message.
  • 25. Prevention Against Phishing Attack • Never respond to emails that request personal financial information • Visit bank’s websites by typing the URL into the address bar • Keep a regular check on your accounts • Be cautious with emails and personal data
  • 26. • Keep your computer secure • Use anti-spam software • Use anti-spyware software • Use the Microsoft Baseline Security Analyser (MBSA) • Use Firewall
  • 27. Continued… • Protect against DNS pharming attacks • Check the website you are visiting is secure • Use backup system images • Get educated about phishing prevention attack • Always report suspicious activity
  • 28. It is better to be safer now than feel sorry later. Thank you.