SlideShare a Scribd company logo

Phishing

Download as PPT, PDF
Alka Falwaria
Alka Falwaria
Technology
1 of 28
PHISHING
CONTENTS :- Introduction Types of phishing Examples of phishing Techniques of phishing Prevention methods
FISHING
PHISHING
PHISHING PHREAKING FISHING FREAKPHONE
Phishing is an attempt to fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.
Types of phishing Spear phishing Clone phishing Whaling phishing
Characteristics of phishing emails
1. Disguised hyperlinks and sender address- • Appear similar as the genuine institution site. • Sender address of the email also appears as originated from the targeted company.
2. Email consists of a clickable image : • Scam emails arrive as a clickable image file containing fraud request for information. • Clicking anywhere within the email will cause the bogus website to open.
3. Content appears genuine Scam email include logos, styling, contact and copyright information. identical to those used by the targeted institution.
4. Unsolicited requests for sensitive information : • Emails asks to click a link and provide sensitive personal information . • It is highly unlikely that a legitimate institution would request sensitive information in such a way.
5. Generic Greetings • Scam mails are sent in bulk to many recipients and use generic greetings such as "Dear account holder" or "Dear [targeted institution] customer".
Phishing Techniques
Email/Spam • Sending mails that look trustworthy to user • Send the same email to millions of users, requesting them to fill in personal details • Messages have an urgent note • Click on a link which is embedded in your email.
Example of Phishing Email
“Man in the Middle” - attack • Attackers situate between the customer and the real web-based application • The attacker's server then proxies all communications between the customer and the real web-based application server
Link Manipulation By manipulating the links for example www.facb00k.com Instead of www.facebook.com Misspelled URLs or sub domains are common tricks used by Attacker
Key loggers Key loggers are designed to monitor all the key strokes
Content Injection  Inserting malicious content into legitimate site.  Three primary types of content-injection phishing:  Hackers can compromise a server through a security vulnerability and replace or augment the legitimate content with malicious content.  Malicious content can be inserted into a site through a cross-site scripting vulnerability.  Malicious actions can be performed on a site through a SQL injection vulnerability.
Malware-Based Phishing • In this method, phishers used malicious software to attack on the user machine. • This phishing attack spreads due to social engineering or security vulnerabilities. • In social engineering, the user is convinced to open an attachment that attracts the user regarding some important information and download it containing malwares. • Exploiting the security vulnerabilities by injecting worms and viruses is another form of malware based phishing.
Trojan Horse • Trojan is a program that gives complete access of host computer to phishers after being installed at the host computer. • Phishers will make the user to install the trojan software which helps in email propagating and hosting fraudulent websites.
Beast (A Trojan horse software)
Mobile Phishing • Mobile Phishing is a social engineering technique where the attack is invited via mobile texting rather than email. • An attacker targets mobile phone users with a phishing attack for the purpose of soliciting account passwords or sensitive information from the user. • The user is enticed to provide information or go to a compromised web site via text message.
Prevention Against Phishing Attack • Never respond to emails that request personal financial information • Visit bank’s websites by typing the URL into the address bar • Keep a regular check on your accounts • Be cautious with emails and personal data
• Keep your computer secure • Use anti-spam software • Use anti-spyware software • Use the Microsoft Baseline Security Analyser (MBSA) • Use Firewall
Continued… • Protect against DNS pharming attacks • Check the website you are visiting is secure • Use backup system images • Get educated about phishing prevention attack • Always report suspicious activity
It is better to be safer now than feel sorry later. Thank you.

Recommended

Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing Attacks
SysCloud
 
Phishing
PhishingPhishing
Phishing
Sagar Rai
 
Phishing attack
Phishing attackPhishing attack
Phishing attack
Raghav Chhabra
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?
Quick Heal Technologies Ltd.
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Security
anjuselina
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing Attacks
Jagan Mohan
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on Phishing
Pankaj Yadav
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasures
Jorge Sebastiao
 

Recommended

Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing Attacks
SysCloud
 
Phishing
PhishingPhishing
Phishing
Sagar Rai
 
Phishing attack
Phishing attackPhishing attack
Phishing attack
Raghav Chhabra
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?
Quick Heal Technologies Ltd.
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Security
anjuselina
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing Attacks
Jagan Mohan
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on Phishing
Pankaj Yadav
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasures
Jorge Sebastiao
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
Sachin Saini
 
Phishing
PhishingPhishing
Phishing
SaurabhKantSahu1
 
Phishing
PhishingPhishing
Phishing
SouganthikaSankaresw
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation
Nikolaos Georgitsopoulos
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
shindept123
 
Phishing Attack : A big Threat
Phishing Attack : A big ThreatPhishing Attack : A big Threat
Phishing Attack : A big Threat
sourav newatia
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharks
Nalneesh Gaur
 
Phishing
PhishingPhishing
Phishing
anjalika sinha
 
Social engineering
Social engineeringSocial engineering
Social engineering
ankushmohanty
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
Preeti Papneja
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks ppt
Aryan Ragu
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You Safe
CheapSSLsecurity
 
Phishing Attack Awareness and Prevention
Phishing Attack Awareness and PreventionPhishing Attack Awareness and Prevention
Phishing Attack Awareness and Prevention
sonalikharade3
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
bensonoo
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
ControlScan, Inc.
 
Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)
Cyber Security Infotech
 
Phishing
PhishingPhishing
Phishing
HHSome
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
pooja_doshi
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attack
Pankaj Dubey
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015
Hovhannes Aghajanyan
 
Phishing 101 General Course
Phishing 101 General CoursePhishing 101 General Course
Phishing 101 General Course
Aaron Keating
 
edu 3 ppt.pptx
edu 3 ppt.pptxedu 3 ppt.pptx
edu 3 ppt.pptx
ArchaWashington
 

More Related Content

What's hot

Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks ppt
Aryan Ragu
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
pooja_doshi
 

What's hot (20)

Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
 
Phishing
PhishingPhishing
Phishing
 
Phishing
PhishingPhishing
Phishing
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Phishing Attack : A big Threat
Phishing Attack : A big ThreatPhishing Attack : A big Threat
Phishing Attack : A big Threat
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharks
 
Phishing
PhishingPhishing
Phishing
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks ppt
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You Safe
 
Phishing Attack Awareness and Prevention
Phishing Attack Awareness and PreventionPhishing Attack Awareness and Prevention
Phishing Attack Awareness and Prevention
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
 
Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)
 
Phishing
PhishingPhishing
Phishing
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attack
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015
 

Similar to Phishing

phishingppt-160209144204.pdf
phishingppt-160209144204.pdfphishingppt-160209144204.pdf
phishingppt-160209144204.pdf
vinayakjadhav94
 
phishing.pptx
phishing.pptxphishing.pptx
phishing.pptx
ReenuMariaBinoy1
 

Similar to Phishing (20)

Phishing 101 General Course
Phishing 101 General CoursePhishing 101 General Course
Phishing 101 General Course
 
edu 3 ppt.pptx
edu 3 ppt.pptxedu 3 ppt.pptx
edu 3 ppt.pptx
 
Chapter-5.pptx
Chapter-5.pptxChapter-5.pptx
Chapter-5.pptx
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Spam & Phishing
Spam & PhishingSpam & Phishing
Spam & Phishing
 
Pp8
Pp8Pp8
Pp8
 
Phishing
PhishingPhishing
Phishing
 
Phishing
PhishingPhishing
Phishing
 
phishing-technology-730-J1A0e1Q.pptx
phishing-technology-730-J1A0e1Q.pptxphishing-technology-730-J1A0e1Q.pptx
phishing-technology-730-J1A0e1Q.pptx
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
 
Unit iii: Common Hacking Techniques
Unit iii: Common Hacking TechniquesUnit iii: Common Hacking Techniques
Unit iii: Common Hacking Techniques
 
phishing facts be aware and do not take the bait
phishing facts be aware and do not take the baitphishing facts be aware and do not take the bait
phishing facts be aware and do not take the bait
 
Phis
PhisPhis
Phis
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
phishingppt-160209144204.pdf
phishingppt-160209144204.pdfphishingppt-160209144204.pdf
phishingppt-160209144204.pdf
 
phishing.pptx
phishing.pptxphishing.pptx
phishing.pptx
 
Cyber crime & security
Cyber crime & securityCyber crime & security
Cyber crime & security
 
Phishing
PhishingPhishing
Phishing
 
Tittl e
Tittl eTittl e
Tittl e
 

Recently uploaded

Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
ScyllaDB
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
CzechDreamin
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering Teams
UXDXConf
 
Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdf
Syngulon
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
UXDXConf
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
UXDXConf
 
Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAK
UXDXConf
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
Femke de Vroome
 

Recently uploaded (20)

Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering Teams
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdf
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
 
THE BEST IPTV in GERMANY for 2024: IPTVreel
THE BEST IPTV in GERMANY for 2024: IPTVreelTHE BEST IPTV in GERMANY for 2024: IPTVreel
THE BEST IPTV in GERMANY for 2024: IPTVreel
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
 
Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAK
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
 

Phishing

  • 2. CONTENTS :- Introduction Types of phishing Examples of phishing Techniques of phishing Prevention methods
  • 6. Phishing is an attempt to fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.
  • 7. Types of phishing Spear phishing Clone phishing Whaling phishing
  • 9. 1. Disguised hyperlinks and sender address- • Appear similar as the genuine institution site. • Sender address of the email also appears as originated from the targeted company.
  • 10. 2. Email consists of a clickable image : • Scam emails arrive as a clickable image file containing fraud request for information. • Clicking anywhere within the email will cause the bogus website to open.
  • 11. 3. Content appears genuine Scam email include logos, styling, contact and copyright information. identical to those used by the targeted institution.
  • 12. 4. Unsolicited requests for sensitive information : • Emails asks to click a link and provide sensitive personal information . • It is highly unlikely that a legitimate institution would request sensitive information in such a way.
  • 13. 5. Generic Greetings • Scam mails are sent in bulk to many recipients and use generic greetings such as "Dear account holder" or "Dear [targeted institution] customer".
  • 15. Email/Spam • Sending mails that look trustworthy to user • Send the same email to millions of users, requesting them to fill in personal details • Messages have an urgent note • Click on a link which is embedded in your email.
  • 17. “Man in the Middle” - attack • Attackers situate between the customer and the real web-based application • The attacker's server then proxies all communications between the customer and the real web-based application server
  • 18. Link Manipulation By manipulating the links for example www.facb00k.com Instead of www.facebook.com Misspelled URLs or sub domains are common tricks used by Attacker
  • 19. Key loggers Key loggers are designed to monitor all the key strokes
  • 20. Content Injection  Inserting malicious content into legitimate site.  Three primary types of content-injection phishing:  Hackers can compromise a server through a security vulnerability and replace or augment the legitimate content with malicious content.  Malicious content can be inserted into a site through a cross-site scripting vulnerability.  Malicious actions can be performed on a site through a SQL injection vulnerability.
  • 21. Malware-Based Phishing • In this method, phishers used malicious software to attack on the user machine. • This phishing attack spreads due to social engineering or security vulnerabilities. • In social engineering, the user is convinced to open an attachment that attracts the user regarding some important information and download it containing malwares. • Exploiting the security vulnerabilities by injecting worms and viruses is another form of malware based phishing.
  • 22. Trojan Horse • Trojan is a program that gives complete access of host computer to phishers after being installed at the host computer. • Phishers will make the user to install the trojan software which helps in email propagating and hosting fraudulent websites.
  • 24. Mobile Phishing • Mobile Phishing is a social engineering technique where the attack is invited via mobile texting rather than email. • An attacker targets mobile phone users with a phishing attack for the purpose of soliciting account passwords or sensitive information from the user. • The user is enticed to provide information or go to a compromised web site via text message.
  • 25. Prevention Against Phishing Attack • Never respond to emails that request personal financial information • Visit bank’s websites by typing the URL into the address bar • Keep a regular check on your accounts • Be cautious with emails and personal data
  • 26. • Keep your computer secure • Use anti-spam software • Use anti-spyware software • Use the Microsoft Baseline Security Analyser (MBSA) • Use Firewall
  • 27. Continued… • Protect against DNS pharming attacks • Check the website you are visiting is secure • Use backup system images • Get educated about phishing prevention attack • Always report suspicious activity
  • 28. It is better to be safer now than feel sorry later. Thank you.