Phishing & Pharming
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Phishing & Pharming

on

  • 4,269 views

Phishing & Pharming - stealing personal information over the Internet

Phishing & Pharming - stealing personal information over the Internet

Statistics

Views

Total Views
4,269
Views on SlideShare
4,260
Embed Views
9

Actions

Likes
0
Downloads
102
Comments
0

5 Embeds 9

http://www.slideshare.net 3
https://jujo00obo2o234ungd3t8qjfcjrs3o6k-a-sites-opensocial.googleusercontent.com 2
https://www.facebook.com 2
https://m.facebook.com&_=1389989161727 HTTP 1
http://www.slashdocs.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Phishing & Pharming Presentation Transcript

  • 1. Devendra Yadav 31/05/2007
  • 2. Introduction 1 Phishing Techniques 2 Pharming Techniques 3 Phishing Statistical Highlights 4 Phishing/Pharming Demo 5
  • 3.
    • In Computing both Phishing and Pharming are criminal activity
    • Both Phishing and Pharming are methods used to steal personal information over the Internet
          • User Id/Password
          • Credit Card Number
          • PIN
    • Phishing is typically carried out using email or an instant message, and often directs users to give details at a website
    • Pharming is a hacker's attack aiming to redirect a website's traffic to another (bogus) website.
  • 4.
    • Pharming is more dangerous than Phishing
    • In Phishing incorrect client request is sent and if user is little bit intelligent he/she can identify it very easily
    • In Pharming correct Client request is sent and that get redirected to wrong server. So identifying it is difficult for intelligent users also
  • 5. Technique -1 Link manipulation In this technique hackers manipulate links in such manner that it’s difficult for user to identify whether is page is served form correct website or fake website. Few of such techniques are 1. Misspelled URLs e.g. http://www.0rkut.com 2. Sub domains e.g. http://www.yourbank.com.example.com/ 3. Using “@” e.g. http://www.google.com@members.tripod.com/ Technique -2 Website forgery In this technique hackers alter the address bar 1. Hiding Address bar 2. Altering the content of Address bar using scripts 3. putting image with legitimate URL over address bar 1 2 4 3 Hacker Creates Fake website Send link of website to user using mail/instant messaging User opens link provided by Hacker User start sending/receiving information from Fake website Hacker 1 Fake website 2 4 3 User
  • 6.
    • In Pharming attackers try to redirect the user’s requests (web traffic) to a bogus website, for doing this commonly used techniques are:
      • Altering Host File
        • Host File location
        • %windir%/system32/drivers/etc/hosts (Windows)
        • /etc/hosts (Unix)
        • Sample Host file
      • Hijacking DNS Server/Local Network Router
  • 7. Web Server IP : 64.233.187.99 google.com 64.233.187.99 64.233.187.99 google.com 1 2 3 4 2 IP add. is not specified in Host file IP add. is specified in Host file DNS & Host File
  • 8.
    • Number of unique phishing reports received in April: 23656
    • Number of unique phishing sites received in April: 55643
    • Number of brands hijacked by phishing campaigns in April: 172
    • Country hosting the most phishing websites in April: United States
    • No hostname just IP address: 6 %
    • Percentage of sites not using port 80: 1.5 %
    • Average time online for site: 3.8 days
    • Longest time online for site: 27 days
    Source: APWG(http://www.antiphishing.org)
  • 9. Source: APWG(http://www.antiphishing.org)
  • 10.
    • United State 28.44%
    • France 26.9%
    • Republic of Korea 21.05%,
    • Romania 2.04%
    • China 1.9%
    • Germany 1.9%
    • Russia 1.75%
    • United Kingdom 1.46%
    • Turkey 1.46%,
    • Netherlands 1.17%.
    Source: APWG(http://www.antiphishing.org)
  • 11.
    • Live Phishing URLs
        • http://website.lineone.net/~farrago/cia/phish/ebay2.htm
        • http://www.popsite-almere.nl/fotos/nieuws/data/www.anz.com/anzbank/ANZ/Bankmain.htm
        • http://posssit.freehostia.com/bancoposta.online.it/bpol/poste//login-privati1.html
        • http://www.safe-surf.org/cgi-bin/cgiproxy/nph-proxy.pl/000100A/http/www.myspace.com/
        • http://halifax-online-co-uk.idiotica.co.uk/_mem_/formslogin.asp/
        • http://session-7393533.nationalcity.com.userpro.tw/corporate/onlineservices/TreasuryMgmt/
  • 12. Thank You !