SlideShare a Scribd company logo

Phishing Seminar By M Nadeem Qazi(MnQazi) pptx

Download as PPTX, PDF
M
M Nadeem Qazi

This is the presentation of phishing seminar.pptx. created and published by m nadeem qazi(mnqazi). This is perfect for those student who wants to help in creating their presentation on the topic of Phishing or hacking.

Presentations & Public Speaking
1 of 29
INTEGRAL UNIVERSITY LUCKNOW Seminar On
2INTEGRAL UNIVERSITY LUCKNOW4/23/2017 4:48 PM Definition It is the act of tricking someone into giving confidential information (like passwords and credit card information) on a fake web page or email form pretending to come from a legitimate company (like their bank). For example: Sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. 2
3INTEGRAL UNIVERSITY LUCKNOW Examples 3
4INTEGRAL UNIVERSITY LUCKNOW Examples 4
5INTEGRAL UNIVERSITY LUCKNOW Examples 5
6INTEGRAL UNIVERSITY LUCKNOW Types of Phishing  Deceptive - Sending a deceptive email, in bulk, with a “call to action” that demands the recipient click on a link. 6
7INTEGRAL UNIVERSITY LUCKNOW Types of Phishing  Malware-Based - Running malicious software on the user’s machine. Various forms of malware-based phishing are:  Key Loggers & Screen Loggers  Session Hijackers  Web Trojans  Data Theft 7
8INTEGRAL UNIVERSITY LUCKNOW Types of Phishing  DNS-Based - Phishing that interferes with the integrity of the lookup process for a domain name. Forms of DNS-based phishing are:  Hosts file poisoning  Polluting user’s DNS cache  Proxy server compromise 8
9INTEGRAL UNIVERSITY LUCKNOW Types of Phishing  Content-Injection – Inserting malicious content into legitimate site. Three primary types of content-injection phishing:  Hackers can compromise a server through a security vulnerability and replace or augment the legitimate content with malicious content.  Malicious content can be inserted into a site through a cross-site scripting vulnerability.  Malicious actions can be performed on a site through a SQL injection vulnerability. 9
10INTEGRAL UNIVERSITY LUCKNOW Types of Phishing  Man-in-the-Middle Phishing - Phisher positions himself between the user and the legitimate site. 1 0
11INTEGRAL UNIVERSITY LUCKNOW Types of Phishing  Search Engine Phishing - Create web pages for fake products, get the pages indexed by search engines, and wait for users to enter their confidential information as part of an order, sign-up, or balance transfer. 1 1
12INTEGRAL UNIVERSITY LUCKNOW Causes of Phishing  Misleading e-mails  No check of source address  Vulnerability in browsers  No strong authentication at websites of banks and financial institutions  Limited use of digital signatures  Non-availability of secure desktop tools  Lack of user awareness  Vulnerability in applications  … and more 1 2
13INTEGRAL UNIVERSITY LUCKNOW Effects of Phishing  Internet fraud  Identity theft  Financial loss to the original institutions  Difficulties in Law Enforcement Investigations  Erosion of Public Trust in the Internet. 1 3
14INTEGRAL UNIVERSITY LUCKNOW Industries affected Major industries affected are:  Financial Services  ISPs  Online retailers 1 4
15INTEGRAL UNIVERSITY LUCKNOW Phishing Trends 1 5
16INTEGRAL UNIVERSITY LUCKNOW Phishing Trends 1 6
17INTEGRAL UNIVERSITY LUCKNOW How to combat phishing?  Educate application users  Think before you open  Never click on the links in an email , message boards or mailing lists  Never submit credentials on forms embedded in emails  Inspect the address bar and SSL certificate  Never open suspicious emails  Ensure that the web browser has the latest security patch applied  Install latest anti-virus packages  Destroy any hard copy of sensitive information  Verify the accounts and transactions regularly  Report the scam via phone or email. 1 7
18INTEGRAL UNIVERSITY LUCKNOW How to combat phishing?  Formulate and enforce Best practices  Authorization controls and access privileges for systems, databases and applications.  Access to any information should be based on need-to-know principle  Segregation of duties.  Media should be disposed only after erasing sensitive information. 1 8
19INTEGRAL UNIVERSITY LUCKNOW How to combat phishing? Reinforce application development / maintenance processes: 1. Web page personalization  Using two pages to authenticate the users.  Using Client-side persistent cookies. 1 9
20INTEGRAL UNIVERSITY LUCKNOW How to combat phishing? 2. Content Validation  Never inherently trust the submitted data  Never present the submitted data back to an application user without sanitizing the same  Always sanitize data before processing or storing  Check the HTTP referrer header 2 0
21INTEGRAL UNIVERSITY LUCKNOW How to combat phishing? 3. Session Handling  Make session identifiers long, complicated and difficult to guess.  Set expiry time limits for the SessionID’s and should be checked for every client request.  Application should be capable of revoking active SessionID’s and not recycle the same SessionID.  Any attempt the invalid SessionID should be redirected to the login page.  Never accept session information within a URL.  Protect the session via SSL.  Session data should be submitted as a POST.  After authenticating, a new SessionID should be used (HTTP & HTTPS).  Never let the users choose the SessionID. 2 1
22INTEGRAL UNIVERSITY LUCKNOW How to combat phishing? 4. URL Qualification  Do not reference redirection URL in the browser’s URL  Always maintain a valid approved list of redirection url’s  Never allow customers to supply their own URL’s  Never allow IP addresses to be user in URL information 2 2
23INTEGRAL UNIVERSITY LUCKNOW How to combat phishing? 5. Authentication Process  Ensure that a 2-phase login process is in place  Personalize the content  Design a strong token-based authentication 2 3
24INTEGRAL UNIVERSITY LUCKNOW How to combat phishing? 6. Transaction non-repudiation  To ensure authenticity and integrity of the transaction 2 4
25INTEGRAL UNIVERSITY LUCKNOW How to combat phishing? 7. Image Regulation  Image Cycling  Session-bound images 2 5
26INTEGRAL UNIVERSITY LUCKNOW Organizations  Anti-Phishing Working Group (APWG) The APWG has over 2300+ members from over 1500 companies & agencies worldwide. Member companies include leading security companies such as Symantec, McAfee and VeriSign. Financial Industry members include the ING Group,VISA, Mastercard and the American Bankers Association. 2 6
27INTEGRAL UNIVERSITY LUCKNOW What does all the above imply? It is better to be safer now than feel sorry later. 2 7
28INTEGRAL UNIVERSITY LUCKNOW 4/23/20
29INTEGRAL UNIVERSITY LUCKNOW Thank You! 2 9

Recommended

Phishing
PhishingPhishing
PhishingHK Khemnani
 
HACKING AND PHISHING
HACKING AND PHISHINGHACKING AND PHISHING
HACKING AND PHISHINGsanthuana sg
 
Phishing
PhishingPhishing
Phishingshivli0769
 
Spear phishing attacks
Spear phishing attacksSpear phishing attacks
Spear phishing attacksJorge Luis Sierra
 
Phishing
PhishingPhishing
PhishingSagar Rai
 
Phishing
PhishingPhishing
PhishingArpit Patel
 
Phishing detection & protection scheme
Phishing detection & protection schemePhishing detection & protection scheme
Phishing detection & protection schemeMussavir Shaikh
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation Nikolaos Georgitsopoulos
 

Recommended

Phishing
PhishingPhishing
PhishingHK Khemnani
 
HACKING AND PHISHING
HACKING AND PHISHINGHACKING AND PHISHING
HACKING AND PHISHINGsanthuana sg
 
Phishing
PhishingPhishing
Phishingshivli0769
 
Spear phishing attacks
Spear phishing attacksSpear phishing attacks
Spear phishing attacksJorge Luis Sierra
 
Phishing
PhishingPhishing
PhishingSagar Rai
 
Phishing
PhishingPhishing
PhishingArpit Patel
 
Phishing detection & protection scheme
Phishing detection & protection schemePhishing detection & protection scheme
Phishing detection & protection schemeMussavir Shaikh
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation Nikolaos Georgitsopoulos
 
Intro phishing
Intro phishingIntro phishing
Intro phishingSayali Dayama
 
Phishing
PhishingPhishing
PhishingAlka Falwaria
 
Detection of phishing websites
Detection of phishing websitesDetection of phishing websites
Detection of phishing websitesm srikanth
 
Phishing scams in banking ppt
Phishing scams in banking pptPhishing scams in banking ppt
Phishing scams in banking pptKrishma Sandesra
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniquesSushil Kumar
 
Anatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing AttackAnatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing AttackMark Mair
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanControlScan, Inc.
 
Phishing
PhishingPhishing
PhishingEsraa Yaseen
 
PHISHING PROTECTION
PHISHING PROTECTION PHISHING PROTECTION
PHISHING PROTECTIONKaterynaPetrova4
 
How To Catch a Phish: User Awareness and Training
How To Catch a Phish: User Awareness and TrainingHow To Catch a Phish: User Awareness and Training
How To Catch a Phish: User Awareness and TrainingLondon School of Cyber Security
 
Phishing Attacks: A Challenge Ahead
Phishing Attacks: A Challenge AheadPhishing Attacks: A Challenge Ahead
Phishing Attacks: A Challenge AheadeLearning Papers
 
Newbytes NullHyd
Newbytes NullHydNewbytes NullHyd
Newbytes NullHydn|u - The Open Security Community
 
Phishing
PhishingPhishing
PhishingKiran Patil
 
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks Er. Rahul Jain
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gbensonoo
 
Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldAvishek Datta
 
Heartbleed
HeartbleedHeartbleed
HeartbleedSusan Allor
 
Phishing demo
Phishing demoPhishing demo
Phishing demoJennifer Leone Thompson
 
Risks of E-commerce
Risks of E-commerceRisks of E-commerce
Risks of E-commerceanshutomar6
 
Detecting phishing websites using associative classification (2)
Detecting phishing websites using associative classification (2)Detecting phishing websites using associative classification (2)
Detecting phishing websites using associative classification (2)Alexander Decker
 
IRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET Journal
 
2.1 Web Vulnerabilities.pptx
2.1 Web Vulnerabilities.pptx2.1 Web Vulnerabilities.pptx
2.1 Web Vulnerabilities.pptxMiteshVyas16
 

More Related Content

What's hot

Detection of phishing websites
Detection of phishing websitesDetection of phishing websites
Detection of phishing websitesm srikanth
 
Phishing scams in banking ppt
Phishing scams in banking pptPhishing scams in banking ppt
Phishing scams in banking pptKrishma Sandesra
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniquesSushil Kumar
 
Anatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing AttackAnatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing AttackMark Mair
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanControlScan, Inc.
 
Phishing Attacks: A Challenge Ahead
Phishing Attacks: A Challenge AheadPhishing Attacks: A Challenge Ahead
Phishing Attacks: A Challenge AheadeLearning Papers
 
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks Er. Rahul Jain
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gbensonoo
 
Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldAvishek Datta
 
Risks of E-commerce
Risks of E-commerceRisks of E-commerce
Risks of E-commerceanshutomar6
 
Detecting phishing websites using associative classification (2)
Detecting phishing websites using associative classification (2)Detecting phishing websites using associative classification (2)
Detecting phishing websites using associative classification (2)Alexander Decker
 

What's hot (20)

Intro phishing
Intro phishingIntro phishing
Intro phishing
 
Phishing
PhishingPhishing
Phishing
 
Detection of phishing websites
Detection of phishing websitesDetection of phishing websites
Detection of phishing websites
 
Phishing scams in banking ppt
Phishing scams in banking pptPhishing scams in banking ppt
Phishing scams in banking ppt
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniques
 
Anatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing AttackAnatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing Attack
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
 
Phishing
PhishingPhishing
Phishing
 
PHISHING PROTECTION
PHISHING PROTECTION PHISHING PROTECTION
PHISHING PROTECTION
 
How To Catch a Phish: User Awareness and Training
How To Catch a Phish: User Awareness and TrainingHow To Catch a Phish: User Awareness and Training
How To Catch a Phish: User Awareness and Training
 
Phishing Attacks: A Challenge Ahead
Phishing Attacks: A Challenge AheadPhishing Attacks: A Challenge Ahead
Phishing Attacks: A Challenge Ahead
 
Newbytes NullHyd
Newbytes NullHydNewbytes NullHyd
Newbytes NullHyd
 
Phishing
PhishingPhishing
Phishing
 
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
 
Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark World
 
Heartbleed
HeartbleedHeartbleed
Heartbleed
 
Phishing demo
Phishing demoPhishing demo
Phishing demo
 
Risks of E-commerce
Risks of E-commerceRisks of E-commerce
Risks of E-commerce
 
Detecting phishing websites using associative classification (2)
Detecting phishing websites using associative classification (2)Detecting phishing websites using associative classification (2)
Detecting phishing websites using associative classification (2)
 

Similar to Phishing Seminar By M Nadeem Qazi(MnQazi) pptx

IRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET Journal
 
2.1 Web Vulnerabilities.pptx
2.1 Web Vulnerabilities.pptx2.1 Web Vulnerabilities.pptx
2.1 Web Vulnerabilities.pptxMiteshVyas16
 
phishingppt-160209144204.pdf
phishingppt-160209144204.pdfphishingppt-160209144204.pdf
phishingppt-160209144204.pdfvinayakjadhav94
 
Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsIRJET Journal
 
IRJET - PHISCAN : Phishing Detector Plugin using Machine Learning
IRJET - PHISCAN : Phishing Detector Plugin using Machine LearningIRJET - PHISCAN : Phishing Detector Plugin using Machine Learning
IRJET - PHISCAN : Phishing Detector Plugin using Machine LearningIRJET Journal
 
phishing-technology-730-J1A0e1Q.pptx
phishing-technology-730-J1A0e1Q.pptxphishing-technology-730-J1A0e1Q.pptx
phishing-technology-730-J1A0e1Q.pptxMaheshDhope1
 
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...IJCSEA Journal
 
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...IJCSEA Journal
 
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...IJCSEA Journal
 
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...IJCSEA Journal
 
cyber security presentation 1234567.pptx
cyber security presentation 1234567.pptxcyber security presentation 1234567.pptx
cyber security presentation 1234567.pptxprashanth73488
 
Phishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresPhishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresIRJET Journal
 
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...AwodiranOlumide
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commercemanigoyal112
 
Strong authentication implementation guide
Strong authentication implementation guideStrong authentication implementation guide
Strong authentication implementation guideNis
 

Similar to Phishing Seminar By M Nadeem Qazi(MnQazi) pptx (20)

IRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing Techniques
 
2.1 Web Vulnerabilities.pptx
2.1 Web Vulnerabilities.pptx2.1 Web Vulnerabilities.pptx
2.1 Web Vulnerabilities.pptx
 
phishingppt-160209144204.pdf
phishingppt-160209144204.pdfphishingppt-160209144204.pdf
phishingppt-160209144204.pdf
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing Tools
 
IRJET - PHISCAN : Phishing Detector Plugin using Machine Learning
IRJET - PHISCAN : Phishing Detector Plugin using Machine LearningIRJET - PHISCAN : Phishing Detector Plugin using Machine Learning
IRJET - PHISCAN : Phishing Detector Plugin using Machine Learning
 
phishing-technology-730-J1A0e1Q.pptx
phishing-technology-730-J1A0e1Q.pptxphishing-technology-730-J1A0e1Q.pptx
phishing-technology-730-J1A0e1Q.pptx
 
Cybersecurity Slides
Cybersecurity SlidesCybersecurity Slides
Cybersecurity Slides
 
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...
 
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...
 
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...
 
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...
 
cyber security presentation 1234567.pptx
cyber security presentation 1234567.pptxcyber security presentation 1234567.pptx
cyber security presentation 1234567.pptx
 
Phishing
PhishingPhishing
Phishing
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Phishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresPhishing: Analysis and Countermeasures
Phishing: Analysis and Countermeasures
 
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commerce
 
Strong authentication implementation guide
Strong authentication implementation guideStrong authentication implementation guide
Strong authentication implementation guide
 
Major Prc.pptx
Major Prc.pptxMajor Prc.pptx
Major Prc.pptx
 

Recently uploaded

Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...NETWAYS
 
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...NETWAYS
 
SBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSebastiano Panichella
 
call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@vikas rana
 
The 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software EngineeringThe 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software EngineeringSebastiano Panichella
 
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Work Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptxWork Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptxmavinoikein
 
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...NETWAYS
 
Simulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with AerialistSimulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with AerialistSebastiano Panichella
 
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...NETWAYS
 
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )Pooja Nehwal
 
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxGenesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxFamilyWorshipCenterD
 
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝soniya singh
 
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)Basil Achie
 
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Krijn Poppe
 
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...henrik385807
 
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Pooja Nehwal
 
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfOpen Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfhenrik385807
 
Philippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptPhilippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptssuser319dad
 

Recently uploaded (20)

Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
 
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
 
SBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation Track
 
call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@
 
The 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software EngineeringThe 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software Engineering
 
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Work Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptxWork Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptx
 
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
 
Simulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with AerialistSimulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with Aerialist
 
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
 
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
 
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
 
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxGenesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
 
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
 
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
 
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
 
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
 
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
 
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfOpen Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
 
Philippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptPhilippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.ppt
 

Phishing Seminar By M Nadeem Qazi(MnQazi) pptx

  • 2. 2INTEGRAL UNIVERSITY LUCKNOW4/23/2017 4:48 PM Definition It is the act of tricking someone into giving confidential information (like passwords and credit card information) on a fake web page or email form pretending to come from a legitimate company (like their bank). For example: Sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. 2
  • 6. 6INTEGRAL UNIVERSITY LUCKNOW Types of Phishing  Deceptive - Sending a deceptive email, in bulk, with a “call to action” that demands the recipient click on a link. 6
  • 7. 7INTEGRAL UNIVERSITY LUCKNOW Types of Phishing  Malware-Based - Running malicious software on the user’s machine. Various forms of malware-based phishing are:  Key Loggers & Screen Loggers  Session Hijackers  Web Trojans  Data Theft 7
  • 8. 8INTEGRAL UNIVERSITY LUCKNOW Types of Phishing  DNS-Based - Phishing that interferes with the integrity of the lookup process for a domain name. Forms of DNS-based phishing are:  Hosts file poisoning  Polluting user’s DNS cache  Proxy server compromise 8
  • 9. 9INTEGRAL UNIVERSITY LUCKNOW Types of Phishing  Content-Injection – Inserting malicious content into legitimate site. Three primary types of content-injection phishing:  Hackers can compromise a server through a security vulnerability and replace or augment the legitimate content with malicious content.  Malicious content can be inserted into a site through a cross-site scripting vulnerability.  Malicious actions can be performed on a site through a SQL injection vulnerability. 9
  • 10. 10INTEGRAL UNIVERSITY LUCKNOW Types of Phishing  Man-in-the-Middle Phishing - Phisher positions himself between the user and the legitimate site. 1 0
  • 11. 11INTEGRAL UNIVERSITY LUCKNOW Types of Phishing  Search Engine Phishing - Create web pages for fake products, get the pages indexed by search engines, and wait for users to enter their confidential information as part of an order, sign-up, or balance transfer. 1 1
  • 12. 12INTEGRAL UNIVERSITY LUCKNOW Causes of Phishing  Misleading e-mails  No check of source address  Vulnerability in browsers  No strong authentication at websites of banks and financial institutions  Limited use of digital signatures  Non-availability of secure desktop tools  Lack of user awareness  Vulnerability in applications  … and more 1 2
  • 13. 13INTEGRAL UNIVERSITY LUCKNOW Effects of Phishing  Internet fraud  Identity theft  Financial loss to the original institutions  Difficulties in Law Enforcement Investigations  Erosion of Public Trust in the Internet. 1 3
  • 14. 14INTEGRAL UNIVERSITY LUCKNOW Industries affected Major industries affected are:  Financial Services  ISPs  Online retailers 1 4
  • 17. 17INTEGRAL UNIVERSITY LUCKNOW How to combat phishing?  Educate application users  Think before you open  Never click on the links in an email , message boards or mailing lists  Never submit credentials on forms embedded in emails  Inspect the address bar and SSL certificate  Never open suspicious emails  Ensure that the web browser has the latest security patch applied  Install latest anti-virus packages  Destroy any hard copy of sensitive information  Verify the accounts and transactions regularly  Report the scam via phone or email. 1 7
  • 18. 18INTEGRAL UNIVERSITY LUCKNOW How to combat phishing?  Formulate and enforce Best practices  Authorization controls and access privileges for systems, databases and applications.  Access to any information should be based on need-to-know principle  Segregation of duties.  Media should be disposed only after erasing sensitive information. 1 8
  • 19. 19INTEGRAL UNIVERSITY LUCKNOW How to combat phishing? Reinforce application development / maintenance processes: 1. Web page personalization  Using two pages to authenticate the users.  Using Client-side persistent cookies. 1 9
  • 20. 20INTEGRAL UNIVERSITY LUCKNOW How to combat phishing? 2. Content Validation  Never inherently trust the submitted data  Never present the submitted data back to an application user without sanitizing the same  Always sanitize data before processing or storing  Check the HTTP referrer header 2 0
  • 21. 21INTEGRAL UNIVERSITY LUCKNOW How to combat phishing? 3. Session Handling  Make session identifiers long, complicated and difficult to guess.  Set expiry time limits for the SessionID’s and should be checked for every client request.  Application should be capable of revoking active SessionID’s and not recycle the same SessionID.  Any attempt the invalid SessionID should be redirected to the login page.  Never accept session information within a URL.  Protect the session via SSL.  Session data should be submitted as a POST.  After authenticating, a new SessionID should be used (HTTP & HTTPS).  Never let the users choose the SessionID. 2 1
  • 22. 22INTEGRAL UNIVERSITY LUCKNOW How to combat phishing? 4. URL Qualification  Do not reference redirection URL in the browser’s URL  Always maintain a valid approved list of redirection url’s  Never allow customers to supply their own URL’s  Never allow IP addresses to be user in URL information 2 2
  • 23. 23INTEGRAL UNIVERSITY LUCKNOW How to combat phishing? 5. Authentication Process  Ensure that a 2-phase login process is in place  Personalize the content  Design a strong token-based authentication 2 3
  • 24. 24INTEGRAL UNIVERSITY LUCKNOW How to combat phishing? 6. Transaction non-repudiation  To ensure authenticity and integrity of the transaction 2 4
  • 25. 25INTEGRAL UNIVERSITY LUCKNOW How to combat phishing? 7. Image Regulation  Image Cycling  Session-bound images 2 5
  • 26. 26INTEGRAL UNIVERSITY LUCKNOW Organizations  Anti-Phishing Working Group (APWG) The APWG has over 2300+ members from over 1500 companies & agencies worldwide. Member companies include leading security companies such as Symantec, McAfee and VeriSign. Financial Industry members include the ING Group,VISA, Mastercard and the American Bankers Association. 2 6
  • 27. 27INTEGRAL UNIVERSITY LUCKNOW What does all the above imply? It is better to be safer now than feel sorry later. 2 7