PHISHING ORIGINS The first documented use of the word"phishing" took place in 1996. Most peoplebelieve it originated as an alternative spellingof "fishing," as in "to fish for information"
What is PHISHING“Phishing is an illegal activity using socialengineering techniques to fraudulentlysolicit sensitive information or installmalicious software.” Phishing attempts to obtain sensitive information such asusernames, passwords, personal information, militaryoperations details, financial information and so on. Phishing emails can also include malicious links orattachments.
Emotional Triggers Exploited byPhishing Greed Fear Heroism Desire to be liked Authority
Example Suppose you check your e-mail one day and find amessage from your bank. Youve gotten e-mail fromthem before, but this one seems suspicious,especially since it threatens to close your account ifyou dont reply immediately. This message and others like it are examplesof phishing, a method of online identity theft. In addition to stealing personal and financial data,phishers can infect computers with viruses.
Tools and Tactics Using IP addresses instead of domain names in hyperlinks thataddress the fake web site. Registering similar sounding DNS domains and setting up fake websites that closely mimic the domain name of the target web site. Embedding hyperlinks from the real target web site into the HTMLcontents of an email about the fake phishing web site, so that theusers web browser makes most of the HTTP connections to thereal web server and only a small number of connections to the fakeweb server.If the users email client software supports auto-rendering ofthe content, their client may attempt to connect automatically to thefake web server as soon as the email is read, and manual browsersmay not notice the small number of connections to a maliciousserver amongst the normal network activity to the real web site.
Effects of Phishing Identity theft Internet fraud Financial loss to the original institutions Difficulties in Law EnforcementInvestigations Erosion of Public Trust in the Internet.
STATISTICSIndustries most affected by phishing:oFinancialoPayment ServicesoGamingoRetailoSocial Networks
Types of Phishing Deceptive - Sending a deceptive email, in bulk, with a “call to action”that demands the recipient click on a link. Malware-Based - Running malicious software on the user’s machine. Content-Injection – Inserting malicious content into legitimate site. Man-in-the-Middle Phishing - Phisher positions himself between theuser and the legitimate site. Search Engine Phishing - Create web pages for fake products, getthe pages indexed by search engines, and wait for users to enter theirconfidential information as part of an order, sign-up, or balancetransfer.
Identifying a phishing scamPhishing scams tend to have commoncharacteristics which make them easy to identify. Spelling and punctuation errors. Include a redirect to malicious URL’s whichrequire you input usernames and passwords toaccess. Try to appear genuine by using legitimateoperational terms, key words, company logosand accurate personal information. Fake or unknown sender.
Identifying a phishingscam(ctd) Scare tactics to entice a target to provide personal informationor follow links. Sensational subject lines to entice targets to click on attachedlinks or provide personal information.
How to avoid a phishing scamProtect yourself from phishing scams: Think before you open Beware the unknown sender or sensational subject line. Be suspicious of any email with urgent requests forpersonal financial information Regularly check your bank, credit and debit cardstatements to ensure that all transactions are legitimate Install latest anti-virus packages Inspect the address bar and SSL certificate Digitally sign and encrypt emails where ever possible.
How to avoid a phishingscam(ctd) Do not follow links included in emails or textmessages, use a known good link instead. Do not follow links to unsubscribe from spam,simply mark as spam and delete.. You will never get a free iPad, don’t fill anythingout!
Anti-Phishing Working Group(anti-phishing.org ) The organization provides a forum to discuss phishingissues, define the scope of the phishing problem in termsof hard and soft costs, and share information and bestpractices for eliminating the problem. The APWG has over 2300+ members from over 1500companies & agencies worldwide. Member companiesinclude leading security companies such as○ Symantec○ McAfee○ Kaspersky Financial Industry members include○ VISA○ Mastercard○ American Bankers Association.