Beware of this if you want to protect yourself from being stolen.
What is phishing?
• Phishing is a way of attempting to acquire
information such as usernames, passwords,
and credit card details by masquerading as a
trustworthy entity in an electronic
• Content of original mail (including link) copied
to create false or duplicate email.
• The attachment or Link within the email is
• This technique could be used as a pivot.
• Phishing attacks have been directed specifically at
senior executives and other high profile targets
within businesses is known as Whaling.
• The infected Site will ask the following:
a. Enter confidential company information and
b. Provide financial details or enter them when
making a payment for a fake software download.
• Misspelled URLs or the use of sub-domains
• Make the displayed text for a link (the text
between the <A> tags).
• Messages that claimed to be from a bank told
users to dial a phone number regarding
problems with their bank accounts.
• Vishing (voice phishing) sometimes uses fake
caller-ID data to give the appearance that calls
come from a trusted organization
• It takes advantage of tabbed browsing, which
opens multiple tabs, that users use and
silently redirects the user to the affected site.
• It doesn’t take you directly to the fraudulent
site, but instead the phishers load their fake
pages on one of the tabs.
• Evil Twin is a phishing technique that is hard
to detect. A phisher creates a fake wireless
network that looks similar to a legitimate
public network that may be found in public
places such as airports, hotels or coffee shops.
• Whenever someone logs on to the bogus
network, fraudsters try to capture their
passwords and/or credit card information.
Damages Caused by Phishing
• There are several different techniques to
combat Phishing like social, technological,
legal approaches, etc.
• Some of the techniques are discussed in the
Social Responses to Counter Phishing
• Anti-Phishing Working Groups
• Organizing Forums
• Discussion Platforms
Technical Responses to Counter Phishing
• Helping to Identify Legitimate Websites
• Secure Connection
• Browsers Alerting Users to Fraudulent
• Augmenting Passwords
• Eliminating Phishing Mails
• Monitoring and Takedown
• Transaction Verifying and Signing
Information Technology Act 2000 has
provisions to combat Phishing through the
following articles in our Constitution:
• Section 66
• Section 66A
• Section 66C
• Section 66D
Examples of Phishing in India
• Pharmaceutical Company
• RBI Phishing Scam
• Income Tax Department Phishing Scam
• ICC World Cup 2011
• Google Inc.
Modus Operandi of Bank Phishers
• Creating fake websites hosted at offshore servers.
• Changing of contact numbers in the database of
• After the Phisher gains access to the victim’s
account, he may perform one of the following:
– Transfer money from the victim’s account to a
– Recharge Mobile Phones
– Make Purchases online permissible by net banking
Modus Operandi of Bank Phishers Continued
• The Beneficiary Account is fake and made
using fake documents.
• Closing account after completion of fraud.
• Use of Proxy IP Addresses by Phishers to fool
As a future software engineer, it is imperative
that we know about Phishing because in
future we will be developing different systems
and websites on our own and we must
implement different security measures for
protection against Phishing. This
documentation has taught me a lot about
creating some of those force fields.
Thank You for watching this
Any questions are most welcome!