ByS.Y.HUSSAIN V.SRINIVAS NARSARAOPETA ENGINEERING COLLEGE NARSARAOPET
What is Phishing ? • In computing, phishing is a criminal activity using social engineering techniques. • Phishers attempt to fraudulently acquire sensitiveinformation, such as passwords and credit card details,by masquerading as a trustworthy person or business in an electronic communication.
PayPal phishingIn an example PayPal phish (right), spelling mistakes in theemail and the presence of an IP address in the link (visiblein the tooltip under the yellow box) are both clues that thisis a phishing attempt.
Phishing as Instant MessagesYahoos free instant-messaging service is being targeted by phishersattempting to steal usernames, passwords and other personal informations.According to the company, attackers are sending members a messagecontaining a link to a fake Web site.The fake site looks like an official Yahoo site and asks the user to log inby entering a Yahoo ID and password.The scam is convincing because the original message seems to arrivefrom someone on the victims friends list.
Phishing Damage•The damage caused by phishing ranges from loss of accessto email to substantial financial loss.• There are also fears that identity thieves can add suchinformation to that they have gained through phishing simplyby accessing public records.• The phishers may use a persons details to create fakeaccounts in a victims name, ruin a victims credit, or evenprevent victims from accessing their own accounts.
How To Detect Phishing ?• Anti-phishing software is available that may identifyphishing contents on websites, act as a toolbar thatdisplays the real domain name for the visited website, orspot phishing attempts in email.• Many organizations have introduced a feature calledchallenge questions, which ask the user for informationthat should be known only to the user and the bank.• Sites have also added verification tools that allow usersto see a secret image that the user selected in advance;if the image does not appear, then the site is notlegitimate.
Prevention• Misspelled words – many emails originate from outside the U.S. and therefore are grammatically horrible• “Dear Valued Customer” – if the email came from a legitimate business it would most likely contain your entire nameAccuracy can be very high if desired.• Beware of the @ sign – it is most likely a big tip-off to a suspicious URL link Ease of use makes it a good choice for many projects.
ConclusionPhishing is only going to get worse before they getbetter, so it’s important to familiarize yourself withthese fraud schemes before you get taken advantageof. Also, as mentioned in this presentation, your spamblockers, anti-virus software, and internet browsercan go along way in preventing fraud.