2.
Pronounced "fishing“
The word has its Origin from two words “Password
Harvesting” or fishing for Passwords
Phishing is an online form of pretexting, a kind of
deception in which an attacker pretends to be someone else
in order to obtain sensitive information from the victim
Also known as "brand spoofing “
3.
Phishing is a way of fraudulently acquiring sensitive
information using social engineering.
It tries to trick users with official-looking messages
◦ Credit card
◦ Bank account
◦ eBay
◦ Paypal
Some phishing e-mails also
contain malicious or unwanted
software that can track your
activities or slow your computer
4.
5. 1. Misleading e-mails
2. No check of source address
3. Vulnerability in browsers
4. No strong authentication at websites of
banks and financial institutions
5. Limited use of digital signatures
6. Non-availability of secure desktop tools
7. Lack of user awareness
8. Vulnerability in applications
6. 1. Internet fraud
2. Identity theft
3. Financial loss to the original
Institutions
4. Difficulties in Law Enforcement
Investigations
5. Erosion of Public Trust in the
Internet.
7. DON’T CLICK THE LINK
◦ Type the site name in your browser (such as
www.paypal.com)
Never send sensitive account information by
e-mail
◦ Account numbers, SSN, passwords
Never give any password out to anyone
Verify any person who contacts you (phone
or email).
◦ If someone calls you on a sensitive topic, thank
them, hang up and call them back using a
number that you know is correct, like from your
credit card or statement.
8.
9.
10. Dear Valued Member,
According to our terms of services, you will have to confirm your
e-mail by the following link, or your account will be suspended
for security reasons.
http://www.uc.edu/confirm.php?account=d.mich.mal@uc.edu
After following the instructions in the sheet, your account will
not be interrupted and will continue as normal.
Thanks for your attention to this request. We apologize for any
inconvenience.
Sincerely, Uc Abuse Department
http://www.nbmd.cn/Confirmation_Sheet.pif
11. Defend against phishing
attack
1. Preventing a phishing attack before it begins
2. Detecting a phishing attack
3. Preventing the delivery of phishing messages
4. Preventing deception in phishing messages and
sites
5. Counter measures
6. Interfering with the use of compromised
information
12. Conclusion
1. No single technology will completely stop phishing.
2. However, a combination of good organization and practice,
proper application of current technologies, and improvements
in security technology has the potential to drastically reduce the
prevalence of phishing and the losses suffered from it.