Your SlideShare is downloading. ×
0
Phishing & spamming
Phishing & spamming
Phishing & spamming
Phishing & spamming
Phishing & spamming
Phishing & spamming
Phishing & spamming
Phishing & spamming
Phishing & spamming
Phishing & spamming
Phishing & spamming
Phishing & spamming
Phishing & spamming
Phishing & spamming
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Phishing & spamming

224

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
224
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. PHISHING AND SPAMMING Submitted by : Kavis Pandey Department of Electronics, ETC 2 1004093 email: kavis.pandey@yahoo.co.in mob: 8984523393 1
  • 2. Phishing & Spamming  Phreaking + Fishing = Phishing -Phreaking = making phone calls for free in 70’s -Fishing = use bait to lure the target  Defn: act of obtaining username, passwords, credit card and other personal details by masquerading as a trustworthy entity in electronic comm.  Popular on social websites, auction sites, banks, online payment processors and most commonly in the inboxes of almost everyone’s email 2
  • 3. History & current status of phishing  First mentioned in the context of “AOHELL” – a     hacking tool for AOL users Recently, a popular case involved Chinese phishing campaign targeting US and South Korean’s gov military and political activities. In the past most popular phishing attack dates back to 1995 – phishers posed as AOL staffs and sent instant messages to victims to reveal their passwords Post 9/11 ID check scam Thousands of cases reported to customerfraudreporting.org in that period 3
  • 4. History & current status……..  Bank -56% , retailer - 14% , gov - 13% , spearphish 7% , payment processors - 5%, others - 5% …… targets of phishing attacks  Haiti earthquake scam  FIFA world cup 2010 scam  Tax rebate scams in UK  PiP scams 4
  • 5. Identifying a fraud  Name of the company mentioned as scam on        customerfraudreporting.org Email format matches one of the several mentioned on the above website The org. has no website and can’t be located on Google Email asks for personal info like account info, driver license no, passport no etc The email claims you’ve won a lottery in which you haven’t participated The prize promoters ask for a fee in advance The email addresses you as dear customer rather than using specific names and details To get the prize you might need to travel overseas at own cost 5
  • 6. Phishing Techniques  Email / Spam – emails sent to thousands asking for their personal       info Web based delivery – “Man in the middle”, hacker located b/w the website and user Instant messaging – user receives a msg with a link directing them to a fake website looking similar to a legitimate website Trojan hosts – invisible hackers trying to hack into the machine to extract personal info Link manipulation – phishers send a false link to a website. Key loggers – softwares used to identify inputs from keyboard Session hacking – “Session sniffing”, phishers exploit web session control mechanism to steal info 6
  • 7. Phishing Techniques  System reconfiguration – For eg, “Turn off your firewall to     run this software “ etc Content injection – phishers changes part of the content on a webpage luring the user to go to a page outside the legitimate website Phishing through search engines – users may be redirected to fake websites offering cheap products Phone phishing – phishers make calls to the user about exciting offers and products so as to reveal their details for buying the products Malware phishing – malware attached to spam emails and upon clicking these malwares may harm the system 7
  • 8. Why phishing works? 1. Lack of knowledge a) Lack of computer system knowledge b)Lack of knowledge of security indicators 2. Visual deception a) Visually deceptive text – “paypai” instead of “paypal”, using “1” instead of “l” , “o” instead of “0” etc , this is called typejacking. b)Images masking underlying text c)Images mimicking windows d)Windows masking underlying windows e)Deceptive look and feel 3. Bounded attention a)Lack on attention to security indicators b)Lack of attention to the absence of security indicators 8
  • 9. Anti - Phishing  Social responses – train people to recognize phishing attacks. People need to slightly modify their browsing habits in order to prevent being scammed.  Technical responses – use of anti phishing measures such as extensions or toolbars for browsers, anti phishing software  Helping to identify legitimate websites – complain about the fake websites. SFIO deals with internet frauds in India. There are also cyber cells where we can make complaints. 9
  • 10. Anti - Phishing  Secure connection – from 1990s to late 2000s Mozilla used padlocks as a symbol for secure connection, now certificates and “https” are also included.  Which site – check if the url of the website matches the site that you are looking for 10
  • 11. Anti Phishing  Who is the authority – The browser needs to state who the real authority is who is issuing the EV (Extended Validation) certificate for a website. The browser needs to have a root list of trusted CAs (Certification Authorities).  Fundamental flaws in security model of secure browsing – (a) users tend to overlook the security indicators (b) users have learned to bypass most of the warnings and treat through all the warnings with same disdain, resulting in a “click through disdain” (c) gaining security authentication are very costly for websites resulting in negligence (d) threat models tend to re-invent themselves as much faster pace  Browsers alerting users of fraudulent websites – IE7, Mozilla Firefox 2.0 onwards uses Google’s anti-phishing software, Chrome, Safari 3.2, Opera 9.1 uses live blacklist from Phishtank and GeoTrust as well as live whitelist from GeoTrust  Augmenting Password Log-ins – avoid being logged on for continuous periods even when not using the services, using virtual keyboards is safer when entering passwords 11
  • 12. Anti - Phishing  Eliminating Phishing Emails – use specialized filters to eliminate phishing emails, keep your inboxes free from spams  Monitoring and takedown – contribute by reporting to both volunteer and industry groups such as PhishTank, report to cyber cells and help them takedown the guilty  Transaction verification and signing – steps are implemented to connect mobile phones with internet accounts. It informs the users when transactions are being made or any other security issues.  Legal Responses : there is pride in being an evidence against a crime, support legal cases against cyber crimes and help punish the guilty 12
  • 13. Conclusion  Con artists have been there in the society for centuries but      with web & internet they get access to a larger group of people They live on our mistakes Final technical solution to phishing involves major changes in internet infrastructure. These changes are beyond any one institution However, there are steps that can be deployed It is all up to US Be cautious, be careful Stop Phishing 13
  • 14. Thank you for your patience and attention . Comments and Questions. 14

×