SlideShare a Scribd company logo

The Battle Against Phishing:Dynamic Security Skins

Download as PPTX, PDF
R
Raj Kumar

The ppt of The Battle Against Phishing:Dynamic Security Skins.

Education
1 of 13
The Battle Against Phishing: Dynamic Security Skins
Contents  Introduction  Comparison To Spam  Security Properties  How To Avoid Phishing  Dynamic Security Skins  Security Analysis  Anti-Phishing Tools  References
Introduction  Phishing is a way of fraudulently acquiring sensitive information using social engineering and technical subterfuge  Pronounced "fishing“  The word has its Origin from two words “Password Harvesting” or fishing for Passwords  Phishing is an online form of pretexting, a kind of deception in which an attacker pretends to be someone else in order to obtain sensitive information from the victim  Also known as "brand spoofing“  Phishers are phishing artists
Conti…. .  It tries to trick users with official-looking messages  Credit card  Bank account  eBay  Paypal  Some phishing e-mails also contain malicious or unwanted software that can track your activities or slow your computer
Comparison To Spam  The purpose of a phishing message is to acquire sensitive information about a user. For doing so the message needs to deceive the intended recipient. So it doesn’t contains any useful information and hence falls under the category of spam.  A spam message tries to sell a product or service, whereas phishing message needs to look like it is from a legitimate organization.  Techniques applied to spam message cant be applied naively to phishing messages.
Security Properties  The limited human skills property.  The general purpose graphics property.  The golden arches property.  The unmotivated user property.  The barn door property.
Top 10
How To Avoid Phishing  DON’T CLICK THE LINK  Type the site name in your browser (such as www.paypal.com)  Never send sensitive account information by e-mail  Account numbers, SSN, passwords  Never give any password out to anyone  Verify any person who contacts you (phone or email).  If someone calls you on a sensitive topic, thank them, hang up and call them back using a number that you know is correct, like from your credit card or statement.
Dynamic Security Skins  Static Security Indicators :One solution is for the browser to display all “secure” windows in a way that is distinct from windows that are not secure. Most browsers do this today by displaying a closed lock icon on the status bar or by altering the location bar (e.g., Mozilla Firefox uses a yellow background for the address bar) to indicate SSL protected sites.  Customized Security Indicators: Another possibility is for the user to create a custom security indicator for each authenticated site, or one custom indicator to be used for all sites.  Automated Custom Security Indicators: We chose to automatically identify authenticated web pages and their content using randomly generated images.
Security Analysis  Leak of the Verifier  Leak of the Images  Man-in-the-Middle Attacks  Spoofing the Trusted Window  Spoofing the Visual Hashes
Anti-Phishing Tools  eBay Toolbar :The eBay Toolbar is a browser plug-in that eBay offers to its customers to help keep track of auction sites . The toolbar has a feature, called AccountGuard, which monitors web pages that users visit and provides a warning in the form of a colored tab on the toolbar.  SpoofGuard: SpoofGuard is an Internet Explorer browser plug-in that examines web pages and warns users when a certain page has a high probability of being a spoof.  Spoofstick: Spoofstick is a toolbar extension for Internet Explorer and Mozilla Firefox that provides basic information about the domain name of the website.
References  Loftesness, Scott, Responding to "Phishing" Attacks. 2004, Glenbrook Partners, http://www.glenbrook.com/opinions/phishing.htm  Litan, Avivah, Phishing Attack Victims Likely Targets for Identity Theft, in Gartner First Take FT-22-8873. 2004, Gartner Research  Anti-Phishing Working Group, Phishing Activity Trends Report March 2005, http://antiphishing.org/ APWG_Phishing_Activity_Report_March_2005.pdf
Thank You

Recommended

HACKING AND PHISHING
HACKING AND PHISHINGHACKING AND PHISHING
HACKING AND PHISHINGsanthuana sg
 
Spear phishing attacks
Spear phishing attacksSpear phishing attacks
Spear phishing attacksJorge Luis Sierra
 
Phishing
Phishing Phishing
Phishing Yash Bhatt
 
Phishing Attacks: A Challenge Ahead
Phishing Attacks: A Challenge AheadPhishing Attacks: A Challenge Ahead
Phishing Attacks: A Challenge AheadeLearning Papers
 
Phishing
PhishingPhishing
Phishingshivli0769
 
Detection of phishing websites
Detection of phishing websitesDetection of phishing websites
Detection of phishing websitesm srikanth
 
Duo MFA integration with CoinJar Bitcoin Wallet
Duo MFA integration with CoinJar Bitcoin WalletDuo MFA integration with CoinJar Bitcoin Wallet
Duo MFA integration with CoinJar Bitcoin WalletAmir Yunas
 
Hacking
HackingHacking
Hackingbrokenz_lung
 

Recommended

HACKING AND PHISHING
HACKING AND PHISHINGHACKING AND PHISHING
HACKING AND PHISHINGsanthuana sg
 
Spear phishing attacks
Spear phishing attacksSpear phishing attacks
Spear phishing attacksJorge Luis Sierra
 
Phishing
Phishing Phishing
Phishing Yash Bhatt
 
Phishing Attacks: A Challenge Ahead
Phishing Attacks: A Challenge AheadPhishing Attacks: A Challenge Ahead
Phishing Attacks: A Challenge AheadeLearning Papers
 
Phishing
PhishingPhishing
Phishingshivli0769
 
Detection of phishing websites
Detection of phishing websitesDetection of phishing websites
Detection of phishing websitesm srikanth
 
Duo MFA integration with CoinJar Bitcoin Wallet
Duo MFA integration with CoinJar Bitcoin WalletDuo MFA integration with CoinJar Bitcoin Wallet
Duo MFA integration with CoinJar Bitcoin WalletAmir Yunas
 
Hacking
HackingHacking
Hackingbrokenz_lung
 
Phishing
PhishingPhishing
PhishingKiran Patil
 
Web authentication & authorization
Web authentication & authorizationWeb authentication & authorization
Web authentication & authorizationAlexandru Pasaila
 
Joomla web application development vulnerabilities
Joomla web application development vulnerabilitiesJoomla web application development vulnerabilities
Joomla web application development vulnerabilitiesBlazeDream Technologies Pvt Ltd
 
Phishing Seminar By M Nadeem Qazi(MnQazi) pptx
Phishing Seminar By M Nadeem Qazi(MnQazi) pptxPhishing Seminar By M Nadeem Qazi(MnQazi) pptx
Phishing Seminar By M Nadeem Qazi(MnQazi) pptxM Nadeem Qazi
 
Identifying XSS Vulnerabilities
Identifying XSS VulnerabilitiesIdentifying XSS Vulnerabilities
Identifying XSS Vulnerabilitiesn|u - The Open Security Community
 
Deltecs Services for Vulnerability Assessment and penetration testing
Deltecs Services for Vulnerability Assessment and penetration testingDeltecs Services for Vulnerability Assessment and penetration testing
Deltecs Services for Vulnerability Assessment and penetration testingdivyeshkharade
 
website phishing by NR
website phishing by NRwebsite phishing by NR
website phishing by NRNARESH GUMMAGUTTA
 
Top 10 web server security flaws
Top 10 web server security flawsTop 10 web server security flaws
Top 10 web server security flawstobybear30
 
Phishing
PhishingPhishing
PhishingAmirHizwan
 
E-Banking Web Security
E-Banking Web SecurityE-Banking Web Security
E-Banking Web SecurityDragos Lungu
 
10 ways to protect your e commerce site from hacking & fraud
10 ways to protect your e commerce site from hacking & fraud10 ways to protect your e commerce site from hacking & fraud
10 ways to protect your e commerce site from hacking & fraudWebSitePulse
 
Phishing
PhishingPhishing
PhishingHK Khemnani
 
Most Common Application Level Attacks
Most Common Application Level AttacksMost Common Application Level Attacks
Most Common Application Level AttacksEC-Council
 
Guide to MFA
Guide to MFAGuide to MFA
Guide to MFAJack Forbes
 
Alert logic anatomy owasp infographic
Alert logic anatomy owasp infographicAlert logic anatomy owasp infographic
Alert logic anatomy owasp infographicCMR WORLD TECH
 
Auditing Archives: The Case of the Overly Helpful Front Desk Clerk
Auditing Archives: The Case of the Overly Helpful Front Desk ClerkAuditing Archives: The Case of the Overly Helpful Front Desk Clerk
Auditing Archives: The Case of the Overly Helpful Front Desk ClerkSecurityMetrics
 
Web server security challenges
Web server security challengesWeb server security challenges
Web server security challengesMartins Chibuike Onuoha
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securitylikhithabommineni
 
Password Cracking
Password Cracking Password Cracking
Password Cracking Sina Manavi
 
Internet Banking Attacks (Karel Miko)
Internet Banking Attacks (Karel Miko)Internet Banking Attacks (Karel Miko)
Internet Banking Attacks (Karel Miko)DCIT, a.s.
 
mobile security.pptx
mobile security.pptxmobile security.pptx
mobile security.pptxTapan Khilar
 
Phishing
PhishingPhishing
Phishinganjalika sinha
 

More Related Content

What's hot

Web authentication & authorization
Web authentication & authorizationWeb authentication & authorization
Web authentication & authorizationAlexandru Pasaila
 
Phishing Seminar By M Nadeem Qazi(MnQazi) pptx
Phishing Seminar By M Nadeem Qazi(MnQazi) pptxPhishing Seminar By M Nadeem Qazi(MnQazi) pptx
Phishing Seminar By M Nadeem Qazi(MnQazi) pptxM Nadeem Qazi
 
Deltecs Services for Vulnerability Assessment and penetration testing
Deltecs Services for Vulnerability Assessment and penetration testingDeltecs Services for Vulnerability Assessment and penetration testing
Deltecs Services for Vulnerability Assessment and penetration testingdivyeshkharade
 
Top 10 web server security flaws
Top 10 web server security flawsTop 10 web server security flaws
Top 10 web server security flawstobybear30
 
E-Banking Web Security
E-Banking Web SecurityE-Banking Web Security
E-Banking Web SecurityDragos Lungu
 
10 ways to protect your e commerce site from hacking & fraud
10 ways to protect your e commerce site from hacking & fraud10 ways to protect your e commerce site from hacking & fraud
10 ways to protect your e commerce site from hacking & fraudWebSitePulse
 
Most Common Application Level Attacks
Most Common Application Level AttacksMost Common Application Level Attacks
Most Common Application Level AttacksEC-Council
 
Alert logic anatomy owasp infographic
Alert logic anatomy owasp infographicAlert logic anatomy owasp infographic
Alert logic anatomy owasp infographicCMR WORLD TECH
 
Auditing Archives: The Case of the Overly Helpful Front Desk Clerk
Auditing Archives: The Case of the Overly Helpful Front Desk ClerkAuditing Archives: The Case of the Overly Helpful Front Desk Clerk
Auditing Archives: The Case of the Overly Helpful Front Desk ClerkSecurityMetrics
 
Password Cracking
Password Cracking Password Cracking
Password Cracking Sina Manavi
 
Internet Banking Attacks (Karel Miko)
Internet Banking Attacks (Karel Miko)Internet Banking Attacks (Karel Miko)
Internet Banking Attacks (Karel Miko)DCIT, a.s.
 

What's hot (20)

Phishing
PhishingPhishing
Phishing
 
Web authentication & authorization
Web authentication & authorizationWeb authentication & authorization
Web authentication & authorization
 
Joomla web application development vulnerabilities
Joomla web application development vulnerabilitiesJoomla web application development vulnerabilities
Joomla web application development vulnerabilities
 
Phishing Seminar By M Nadeem Qazi(MnQazi) pptx
Phishing Seminar By M Nadeem Qazi(MnQazi) pptxPhishing Seminar By M Nadeem Qazi(MnQazi) pptx
Phishing Seminar By M Nadeem Qazi(MnQazi) pptx
 
Identifying XSS Vulnerabilities
Identifying XSS VulnerabilitiesIdentifying XSS Vulnerabilities
Identifying XSS Vulnerabilities
 
Deltecs Services for Vulnerability Assessment and penetration testing
Deltecs Services for Vulnerability Assessment and penetration testingDeltecs Services for Vulnerability Assessment and penetration testing
Deltecs Services for Vulnerability Assessment and penetration testing
 
website phishing by NR
website phishing by NRwebsite phishing by NR
website phishing by NR
 
Top 10 web server security flaws
Top 10 web server security flawsTop 10 web server security flaws
Top 10 web server security flaws
 
Phishing
PhishingPhishing
Phishing
 
E-Banking Web Security
E-Banking Web SecurityE-Banking Web Security
E-Banking Web Security
 
10 ways to protect your e commerce site from hacking & fraud
10 ways to protect your e commerce site from hacking & fraud10 ways to protect your e commerce site from hacking & fraud
10 ways to protect your e commerce site from hacking & fraud
 
Phishing
PhishingPhishing
Phishing
 
Most Common Application Level Attacks
Most Common Application Level AttacksMost Common Application Level Attacks
Most Common Application Level Attacks
 
Guide to MFA
Guide to MFAGuide to MFA
Guide to MFA
 
Alert logic anatomy owasp infographic
Alert logic anatomy owasp infographicAlert logic anatomy owasp infographic
Alert logic anatomy owasp infographic
 
Auditing Archives: The Case of the Overly Helpful Front Desk Clerk
Auditing Archives: The Case of the Overly Helpful Front Desk ClerkAuditing Archives: The Case of the Overly Helpful Front Desk Clerk
Auditing Archives: The Case of the Overly Helpful Front Desk Clerk
 
Web server security challenges
Web server security challengesWeb server security challenges
Web server security challenges
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Password Cracking
Password Cracking Password Cracking
Password Cracking
 
Internet Banking Attacks (Karel Miko)
Internet Banking Attacks (Karel Miko)Internet Banking Attacks (Karel Miko)
Internet Banking Attacks (Karel Miko)
 

Similar to The Battle Against Phishing:Dynamic Security Skins

mobile security.pptx
mobile security.pptxmobile security.pptx
mobile security.pptxTapan Khilar
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internetRohan Bharadwaj
 
Security Awareness 101
Security Awareness 101Security Awareness 101
Security Awareness 101HaroldCo
 
fucking shit
fucking shitfucking shit
fucking shiteyalrav
 
How to identify unsafe websites
How to identify unsafe websitesHow to identify unsafe websites
How to identify unsafe websitesmaha5960
 
CSC103 Digital Security
CSC103 Digital SecurityCSC103 Digital Security
CSC103 Digital SecurityRichard Homa
 
social engineering attacks.docx
social engineering attacks.docxsocial engineering attacks.docx
social engineering attacks.docxMehwishAnsari11
 
Five habits that might be a cyber security risk
Five habits that might be a cyber security riskFive habits that might be a cyber security risk
Five habits that might be a cyber security riskK. A. M Lutfullah
 
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)Shivam Sahu
 
Cisco cybersecurity essentials chapter 3
Cisco cybersecurity essentials chapter 3Cisco cybersecurity essentials chapter 3
Cisco cybersecurity essentials chapter 3Mukesh Chinta
 
cyber security.pptx
cyber security.pptxcyber security.pptx
cyber security.pptxTapan Khilar
 
cyber security presentation 1234567.pptx
cyber security presentation 1234567.pptxcyber security presentation 1234567.pptx
cyber security presentation 1234567.pptxprashanth73488
 
Do security toolbars actually prevent phishing attacks
Do security toolbars actually prevent phishing attacksDo security toolbars actually prevent phishing attacks
Do security toolbars actually prevent phishing attacksPankaj Saharan
 
Unmasking Scam Websites: Ways to Safe Surfing
Unmasking Scam Websites: Ways to Safe SurfingUnmasking Scam Websites: Ways to Safe Surfing
Unmasking Scam Websites: Ways to Safe SurfingSoftwareDeals
 

Similar to The Battle Against Phishing:Dynamic Security Skins (20)

mobile security.pptx
mobile security.pptxmobile security.pptx
mobile security.pptx
 
Phishing
PhishingPhishing
Phishing
 
Phishing
PhishingPhishing
Phishing
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
 
Anti phishing
Anti phishingAnti phishing
Anti phishing
 
Security Awareness 101
Security Awareness 101Security Awareness 101
Security Awareness 101
 
fucking shit
fucking shitfucking shit
fucking shit
 
How to identify unsafe websites
How to identify unsafe websitesHow to identify unsafe websites
How to identify unsafe websites
 
CSC103 Digital Security
CSC103 Digital SecurityCSC103 Digital Security
CSC103 Digital Security
 
social engineering attacks.docx
social engineering attacks.docxsocial engineering attacks.docx
social engineering attacks.docx
 
Five habits that might be a cyber security risk
Five habits that might be a cyber security riskFive habits that might be a cyber security risk
Five habits that might be a cyber security risk
 
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
 
Cisco cybersecurity essentials chapter 3
Cisco cybersecurity essentials chapter 3Cisco cybersecurity essentials chapter 3
Cisco cybersecurity essentials chapter 3
 
cyber security.pptx
cyber security.pptxcyber security.pptx
cyber security.pptx
 
cyber security presentation 1234567.pptx
cyber security presentation 1234567.pptxcyber security presentation 1234567.pptx
cyber security presentation 1234567.pptx
 
Mobile security
Mobile securityMobile security
Mobile security
 
Do security toolbars actually prevent phishing attacks
Do security toolbars actually prevent phishing attacksDo security toolbars actually prevent phishing attacks
Do security toolbars actually prevent phishing attacks
 
PHISHING PROTECTION
PHISHING PROTECTION PHISHING PROTECTION
PHISHING PROTECTION
 
Unmasking Scam Websites: Ways to Safe Surfing
Unmasking Scam Websites: Ways to Safe SurfingUnmasking Scam Websites: Ways to Safe Surfing
Unmasking Scam Websites: Ways to Safe Surfing
 
Security Primer
Security PrimerSecurity Primer
Security Primer
 

Recently uploaded

1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 

Recently uploaded (20)

1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 

The Battle Against Phishing:Dynamic Security Skins

  • 1. The Battle Against Phishing: Dynamic Security Skins
  • 2. Contents  Introduction  Comparison To Spam  Security Properties  How To Avoid Phishing  Dynamic Security Skins  Security Analysis  Anti-Phishing Tools  References
  • 3. Introduction  Phishing is a way of fraudulently acquiring sensitive information using social engineering and technical subterfuge  Pronounced "fishing“  The word has its Origin from two words “Password Harvesting” or fishing for Passwords  Phishing is an online form of pretexting, a kind of deception in which an attacker pretends to be someone else in order to obtain sensitive information from the victim  Also known as "brand spoofing“  Phishers are phishing artists
  • 4. Conti…. .  It tries to trick users with official-looking messages  Credit card  Bank account  eBay  Paypal  Some phishing e-mails also contain malicious or unwanted software that can track your activities or slow your computer
  • 5. Comparison To Spam  The purpose of a phishing message is to acquire sensitive information about a user. For doing so the message needs to deceive the intended recipient. So it doesn’t contains any useful information and hence falls under the category of spam.  A spam message tries to sell a product or service, whereas phishing message needs to look like it is from a legitimate organization.  Techniques applied to spam message cant be applied naively to phishing messages.
  • 6. Security Properties  The limited human skills property.  The general purpose graphics property.  The golden arches property.  The unmotivated user property.  The barn door property.
  • 8. How To Avoid Phishing  DON’T CLICK THE LINK  Type the site name in your browser (such as www.paypal.com)  Never send sensitive account information by e-mail  Account numbers, SSN, passwords  Never give any password out to anyone  Verify any person who contacts you (phone or email).  If someone calls you on a sensitive topic, thank them, hang up and call them back using a number that you know is correct, like from your credit card or statement.
  • 9. Dynamic Security Skins  Static Security Indicators :One solution is for the browser to display all “secure” windows in a way that is distinct from windows that are not secure. Most browsers do this today by displaying a closed lock icon on the status bar or by altering the location bar (e.g., Mozilla Firefox uses a yellow background for the address bar) to indicate SSL protected sites.  Customized Security Indicators: Another possibility is for the user to create a custom security indicator for each authenticated site, or one custom indicator to be used for all sites.  Automated Custom Security Indicators: We chose to automatically identify authenticated web pages and their content using randomly generated images.
  • 10. Security Analysis  Leak of the Verifier  Leak of the Images  Man-in-the-Middle Attacks  Spoofing the Trusted Window  Spoofing the Visual Hashes
  • 11. Anti-Phishing Tools  eBay Toolbar :The eBay Toolbar is a browser plug-in that eBay offers to its customers to help keep track of auction sites . The toolbar has a feature, called AccountGuard, which monitors web pages that users visit and provides a warning in the form of a colored tab on the toolbar.  SpoofGuard: SpoofGuard is an Internet Explorer browser plug-in that examines web pages and warns users when a certain page has a high probability of being a spoof.  Spoofstick: Spoofstick is a toolbar extension for Internet Explorer and Mozilla Firefox that provides basic information about the domain name of the website.
  • 12. References  Loftesness, Scott, Responding to "Phishing" Attacks. 2004, Glenbrook Partners, http://www.glenbrook.com/opinions/phishing.htm  Litan, Avivah, Phishing Attack Victims Likely Targets for Identity Theft, in Gartner First Take FT-22-8873. 2004, Gartner Research  Anti-Phishing Working Group, Phishing Activity Trends Report March 2005, http://antiphishing.org/ APWG_Phishing_Activity_Report_March_2005.pdf