What is ‘Phishing’ ?Phishing is the act of attempting to acquirevaluable information such as usernames,passwords, credit cards details, account data,etc by pretending as a trustworthy entity in anelectronic communication.
History of PhishingPhreaking + Fishing = Phishing Phreaking = Making phone calls for free back in70’s. Fishing = Use bait to lure the target.Phishing in 1995 Target : AOL users (America Online Users) Purpose : Getting account passwords. Threat level : Low. Techniques : Similar name, social engineering.
History Of Phishing (cont.) Phishing in 2001 Target : Ebayers and major banks. Purpose : Getting credit card numbers, accounts. Threat level : Medium. Techniques : Same in 1995. Phishing in 2007 Target : Paypal, banks, ebay. Purpose : Bank accounts. Threat level : High. Techniques : Browser vulnerabilities.
Why they Phish?Phishing is like playing the odds - simple to do and high gain for little work. - no real knowledge necessary - 4.5 people out of 10 fall for it.Most is for financial gain - Money - Account information. - Identity theft. Some do it to spread malicious programs that in turncarry out others attacks.
Techniques of PhishingSpear Phishing.Clone Phishing.Whaling.Link Manipulation.Filter Evasion.Website Forgery.Phone Phishing.
Targets and Victims…Phishers are mainly targeting the customers ofbanks and online payment services.The others sectors are :-Health care.Lotteries/ Contests.Money transfer.Worlds events.Employment opportunities.
Damaged caused by Phishing…20,00,000 emails are sent.5% get to the end user – 1,00,000.5% click on the phishing link – 5,000.2% enter data into the phishing site – 100.$1,200 from each person who enters data.Potential reward - $1,20,000. In 2005, The David Levi phishing gang fromUK was caught. It operated for 12 months with 6members and made over $3,60,000 from 160people using an Ebay Phishing Scam.
How to detect Phishing?Bad Grammar.Generic Salutations.Account Information request / threats fromcompanies we don’t use.Hovering over links/ long URL service.Unknown senders.
Anti – Phishing Steps3P’s – Proclaim, Protect, Pursue. Proclaim in all correspondence the use of anofficial mark.Protect all messages, web pages with the mark.Pursue all imposters
Possible SolutionKeep the browser updated.Keep the anti-virus updated.Use a firewall and keep it turned on.Use digitally signed documents only.Never respond to an email asking for personalinformation.Never click on a link on the email. Retype theaddress in a new window.
Presented By:- SAYANTAN SUR BCA(H) – 2 THANK YOU