Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Seminaar Report of Phishing VIII Sem


Published on

From this ppt you can know about the basic of phishing with having some cases that tracked by the Indian police & also there are some section related to the Phishing.
I think this will be a good ppt for u.........suggestion will be invited on "" thankx for the downloading this & feel free to share your ideas.

  • Be the first to comment

Seminaar Report of Phishing VIII Sem

  1. 1. Narendra SinghInformation TechnologyRoll no. 029 (09EARIT032)6/18/2013 1Phishing: A Simple way to make fool
  2. 2. • It is the act of tricking someone into giving confidentialinformation (like passwords and credit card information)on a fake web page or email form pretending to comefrom a legitimate company (like their bank).• The word „Phishing‟ initially emerged in 1990s. The earlyhackers often use „ph‟ to replace „f‟ to produce new wordsinthe hacker‟s community, since they usually hack byphones.6/18/2013 2
  3. 3. • A message is sent from thePhishers to the user.• A user provides confidentialinformation to a Phishingserver.• The Phishers obtains theconfidential information fromthe server.• The confidential informationis used to impersonate theuser.• The Phishers obtains illicitmonetary gain.6/18/2013 3
  4. 4. • Link Manipulation• Website Forgery• Spam• Key Logger• Session Hacking• Phishing through Search Engines• Phone Phishing6/18/2013 4
  5. 5. • Rs. 13 lakh imposed on ICICI Bank for phishing scamICICI Bank has been fined with Rs. 12.85 lakh on account of a phishing fraud.This has been the first case filed under the Information Technology Act. TamilNadu IT secretary directed ICICI Bank to pay Rs 12.85 lakh to an Abu Dhabi-based NRI(Umashankar Sivasubramaniam) within 60 days for the losssuffered by him due to a phishing fraud.The petition was filed by Umashankar Sivasubramaniam, who had receiveda mail in September 2007 from the bank which asked him to provide hisusername and password or his account would be closed. After the reply to thismail he witnessed a transfer of Rs 6.46 lakh from his account to that of acompany which withdrew Rs 4.6 lakh from an ICICI branch in Mumbai andretained the balance in its account. ICICI defends itself saying that it is theresponsibility of the customer to be conscious while giving out any kind ofpersonal information on the web. Internet banking needs to be done verycarefully after full scrutiny by the customer. Internet banking is not a riskyproposition if the customer is conscious enough.6/18/2013 5
  6. 6. Dec 2011, BANGALORESix months ago, Asha , a consultant for NGOs, got a rudeshock. Her husband received an e-mail from her, stating shewas in a financial crisis and needed help. A bank accountnumber was also provided. She couldnt log into either of here-mail accounts.Her accounts had been hacked . By afternoon, the couplewas flooded with calls of concern. Some persons evendepositedmoney in the account number mentioned. This is the now-increasingly common modus operandi of cyber criminals.6/18/2013 6
  7. 7. How accounts are hacked?First, the cyber criminals send a phishing mail that lookslike an alert from the service provider. Once the accountholder replies, the hacker gets all the details he needs tocompromise the account and change the password.What they do after that?After the account is hacked, the phishers simply browse thecontacts list and send a common mail. They either say theyare stuck in a far-off place without cash or have plunged in adeep financial crisis. They seek assistance from therecipients. Though most persons call up and check, some ina hurry deposit cash in the account mentioned. This iswithdrawn by the hacker6/18/2013 7
  8. 8. How to retrieve the account?Most service providers ask for an alternative e-mail IDbefore opening an account. The account owner can logonto this, go to `abuse and lodge a complaint about thehack. Account is usually restored within 24 hours.What was the actions taken against them?They got punishment of 2year Jail under the act of IPC420.6/18/2013 8
  9. 9. Recently, the users of the Google email services,“Gmail” purportedly received a legal notice from the Gmailteam which wanted users to refurbish their account name,password, occupation, birth date and country of residencewith a warning that users who did not update their detailswithin 7 days of receiving the warning would lose theiraccount permanently. However, the spokesperson of theGoogle denied any such legal notice coming from them andstated it to be a phishing attack designed to collect personalinformation, called „spoofing‟ or „password phishing‟.6/18/2013 9
  10. 10. 6/18/2013 10
  11. 11. 6/18/2013 11
  12. 12. • Penalty for damage to computer, computer system, etc.- Ifany person without permission of the owner or any otherperson who is incharge of a computer, computer systemor computer network,- accesses or secures access tosuch computer, computer system or computer network ,downloads, copies or extracts any data, computer database or information from such computer, computer systemor computer network including information or data held orstored in any removable storage medium.• damages or causes to be damaged any computer,computer system or computer network, data, computerdata base or any other programmes residing in suchcomputer, computer system or computer network;6/18/2013 12
  13. 13. • Section 66A of the IT Act is a relevant section whichpenalizes „sending false and offensive messages throughcommunication services‟.• Explanation — For the purpose of this section, terms“electronic mail” and “electronic mail message” means amessage or information created or transmitted or receivedon a computer, computer system, computer resource orcommunication device including attachments in text,images, audio, video and any other electronic record,which may be transmitted with the message.6/18/2013 13
  14. 14. • Any person who sends, by means of a computer resourceor a communication device :a) any information that is grossly offensive or has menacingcharacterb) any information which he knows to be false, but for thepurpose of causing annoyance, inconvenience, danger,obstruction, insult, injury, criminal intimidation, enmity,hatred or ill will, persistently by making use of suchcomputer resource or a communication device• Punishment - Imprisonment for a term which may extendto three years and with fine.6/18/2013 14
  15. 15. • Trust Of Authority• E-mail and webpages can look real• Use of the same top level domain• Use of the simplest and least confusing host name• Misleading e-mails• No check of source address• Non-availability of secure desktop tools• Lack of user awareness6/18/2013 15
  16. 16. • We should use Security Implications both long and shortterm.• Apply phishing filter in your browser setting.• Delete all emails and SMS from any stranger luring youwith billion dollar lottery prize, jobs in UK and huge wealth• Delete all emails/SMS/Phone calls that ask for yourpersonal information such as user name , passwords ,Pin, credit codes.• Delete all spam mail as they contain either virus orspyware enable spam filters in your mail boxes• Self awareness is the biggest tool against any kind ofcyber crime.
  17. 17. ••• Jaishankar, K. (2004). ―International perspectives oncrime and justice‖ p. 541-556.• Bocjj P. (2006). ―The dark side of the Internet: protectingyourself and your family from online criminals.‖ 2nd ed,green wood publishing group, pp. 159-161.• 17
  18. 18. 6/18/2013 18