SlideShare a Scribd company logo

Chapter-5.pptx

Download as PPTX, PDF
S
ShreyaKushwaha28

cyber

Education
1 of 22
Phishing and Identity Theft
Objectives • Learn about Phishing and its related techniques. • Understand different methods of Phishing. • Learn about Identity Theft and understand ID theft. • Understand myths and facts about ID theft. • Understand different types of ID thefts. • Learn about different techniques of ID theft. • Get an overview of 3P’s of cybercrime (Phishing, Pharming and Phoraging). • Understand about Spear Phishing. • Overview of Whaling.
Introduction • Phishing has become a universal phenomenon and a major threat worldwide that affect not only individuals but also all industries and businesses that have an online presence and do online transactions over the internet. • The statistics about phishing attacks/scams proves phishing to be a dangerous enemy among all the methods because prime objective this attack is ID theft.
Facts about Phishing • According to world phishing map available at www.avira.com most phishing attacks are on the rise of Asia, Europe and North America. • Facebook, HSBC, Paypal and Bank of America are most targeted organization in phishing attacks. • US, India and China are the most targeted countries. • Total 3650 non-English (Italian an Chinese) sites are recorded in the month of may 2009. • The most used TLDs in phishing websites during the month of May 2009 were “.com”, “.net” and “.org” . • Financial organizations, payment services and auction websites are ranked as most targeted industries. • Port 80 is found most popular followed by port 443 and 8080.
Phishing • The word phishing comes from the analogy that internet scammers are using E-Mail lures to fish for passwords and financial data from the sea of Internet users. • It is criminally fraudulent process of attempting to acquire sensitive information such as username, password and credit card details by hiding as trustworthy entity in an electronic communication.
…cont. • Phishing is a type of deception designed to steal your identity. • In phishing technique user tries to get the user disclose valuable personal data- such as credit card numbers, password, account data and other information by convicting the user to provide it under false pretenses. • E-Mail is the popular medium used in the phishing attacks and such E-Mails are also called Spam's.
Spam E-Mail • Spam E-Mail are also know as junk mails. • Botnets, networks of virus infected computers are used to send about 80% of spam. Types of Spam mail are: – Unsolicited bulk E-Mail – Unsolicited commercial E-Mail
SPAMBOTS • Spambot is an automated computer program and/or a script developed, mostly into C language to send SPAM mails. • SPAPMBOTS gather E-Mail ids from the internet, build mailing lists to send unsolicited mails.
CANSPAM • The CANSPAM act of 2003 was signed in US. • The CAN-SPAM act is commonly referred to as You can Spam. In particular, it does not require E-Mailers to get permission before they send marketing messages.
Tricks used for Phishing • Name of legitimate organization: Here phishers may use a legitimate company’s name and incorporate the look and feel of its website into the spam E-Mail. • “From” a real employee: Real name of an official, who actually works for an organization, will actually appear in the from line or the text of the message.
Tricks used for Phishing • URLs that “look right” : The E-Mail might contain a URL which seems to be legitimate website wherein use can enter the information the phisher would like to steal. However actually the website will be a quickly cobbled – a spoofed website that looks like the real website.
Tricks used for Phishing • Urgent Message: Creating a fear to trigger a response is very common in phishing attack- the E-Mail warn that failure to respond will result in longer having access the account. Few examples used by phishers to attract the user are: – Verify your account – You have won the lottery – If you don’t respond in 48 hours your account will be closed.
How to prevent from Phishing • Share Personal E-Mail address with limited persons. • Never reply a SPAM mail. • Use alternate E-Mail address to register for any personal or shopping website. • Don’t forward any mail from unknown recipient.
Methods of Phishing • Dragnet • Rod and reel • Lobsterpot • Gillnet
Dragnet • This method involves the use of spammed E-Mail, bearing inaccurate corporate identification (e.g. corporate names, logos and trademark) which are addressed to a large group of people. • Dragner phishers do not identify specific prospective victims in advance. Instead they rely on false information included in the E-Mail to trigger an immediate response by victims- typically clicking on links on the body of E-Mail to take the victims to the web sites or pop up windows where they are requested to enter bank or credit card details.
Rod and reel • In this method, phishers identify specific victims in advance, and convey false information to them to prompt their disclosure of personal and financial data. • For example on a phony web page, availability of similar item for a better price is displayed and upon visiting the webpage, victims were asked to enter personal information.
Lobsterpot • This method focuses on use of spoofed web site. It consists of creating of bogus/phony website. • This attack is also known as content injection phishing. The attacker uses a weblink into an E-Mail message to make it look more legitimate and actually take the victim to a phony scam site.
Gillnet • In this technique phishers introduce malicious code into E-Mails and websites. • They can for example misuse browser functionality by injecting aggressive content into another site’s pop window. • In some cases, the malicious code will change setting in users system so that users who want to visit legitimate banking websites will be redirected to a look alike phishing site.
Phishing Techniques • URL manipulation: URLs are the weblinks that direct the users to a specific website.For example instead of www.abcbank.com URL is provided as www.abcbank1.com. • Filter: This technique use graphics instead of text to prevent from netting such E- Mails by anti phishing filters.
Phishing Techniques • Website Forgery: In this technique the phisher directs the netizens to the website designed and developed by him, by altering the browser address bar through java script commands • Flash Phishing: Anti phishing toolbar are installed/enabled to help checking the webpage content for signs of phishing
Phishing Techniques • Social Phishing: Phishers entice the netizens to reveal sensitive data by other means for example: – By sending a mail where ask user to call them back because there was a security breach. – The phone number provided in the mail is false number – Phishers speak with the victim in the similar fashion as bank employee.
Phishing Techniques • Phone Phishing: This is known as Mishing, where phisher can use a fake caller ID data to make it appear that the call is received from a trusted organization to entice the user to reveal their personal information.

Recommended

Phishing
PhishingPhishing
PhishingSagar Rai
 
Spam & Phishing
Spam & PhishingSpam & Phishing
Spam & PhishingGrittyCC
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 
Phis
PhisPhis
PhisPresentaionslive.blogspot.com
 
Phishing
PhishingPhishing
PhishingAlka Falwaria
 
Phishing
PhishingPhishing
PhishingCarla Morales Vásquez
 
Tittl e
Tittl eTittl e
Tittl eKayhellKecoh
 
CYBER SECURITY _ PHISHING
CYBER SECURITY _ PHISHINGCYBER SECURITY _ PHISHING
CYBER SECURITY _ PHISHINGAnkushKumarSingh12
 

Recommended

Phishing
PhishingPhishing
PhishingSagar Rai
 
Spam & Phishing
Spam & PhishingSpam & Phishing
Spam & PhishingGrittyCC
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 
Phis
PhisPhis
PhisPresentaionslive.blogspot.com
 
Phishing
PhishingPhishing
PhishingAlka Falwaria
 
Phishing
PhishingPhishing
PhishingCarla Morales Vásquez
 
Tittl e
Tittl eTittl e
Tittl eKayhellKecoh
 
CYBER SECURITY _ PHISHING
CYBER SECURITY _ PHISHINGCYBER SECURITY _ PHISHING
CYBER SECURITY _ PHISHINGAnkushKumarSingh12
 
edu 3 ppt.pptx
edu 3 ppt.pptxedu 3 ppt.pptx
edu 3 ppt.pptxArchaWashington
 
Ict Phishing (Present)
Ict Phishing (Present)Ict Phishing (Present)
Ict Phishing (Present)aleeya91
 
part 3 cyber crimes
part 3 cyber crimes part 3 cyber crimes
part 3 cyber crimes Bharati Vidyapeeth New Law College,Pune
 
Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldAvishek Datta
 
IB Fraud
IB FraudIB Fraud
IB FraudMd. Shazzad Hossain CISA, CISM, CRISC, MBA (Fin)
 
PHISHING PROJECT REPORT
PHISHING PROJECT REPORTPHISHING PROJECT REPORT
PHISHING PROJECT REPORTvineetkathan
 
Phishing 101 General Course
Phishing 101 General CoursePhishing 101 General Course
Phishing 101 General CourseAaron Keating
 
Phishing
PhishingPhishing
PhishingAjit Yadav
 
Cyber Crime & Precautions
Cyber Crime & PrecautionsCyber Crime & Precautions
Cyber Crime & PrecautionsTalwant Singh
 
A delightful way to teach kids about computers
A delightful way to teach kids about computersA delightful way to teach kids about computers
A delightful way to teach kids about computers806670
 
Phishing scams in banking ppt
Phishing scams in banking pptPhishing scams in banking ppt
Phishing scams in banking pptKrishma Sandesra
 
Phishing technology
Phishing technologyPhishing technology
Phishing technologyPreeti Papneja
 
How To Keep the Grinch From Ruining Your Cyber Monday
How To Keep the Grinch From Ruining Your Cyber MondayHow To Keep the Grinch From Ruining Your Cyber Monday
How To Keep the Grinch From Ruining Your Cyber MondayMichele Chubirka
 
Phishing technology
Phishing technologyPhishing technology
Phishing technologyPreeti Papneja
 
Phishing technology
Phishing technologyPhishing technology
Phishing technologyPreeti Papneja
 
E business internet fraud
E business internet fraudE business internet fraud
E business internet fraudRadiant Minds
 
Cyber crime ppt
Cyber crime pptCyber crime ppt
Cyber crime pptNazish Jamali
 
Introduction to phishing
Introduction to phishingIntroduction to phishing
Introduction to phishingRaviteja Chowdary Adusumalli
 
phishing technique.pptx
phishing technique.pptxphishing technique.pptx
phishing technique.pptxECE6054PRIYADHARSHIN
 
Classifying Cybercrimes
Classifying CybercrimesClassifying Cybercrimes
Classifying Cybercrimessweta dargad
 
ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)Dr. Mazin Mohamed alkathiri
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 

More Related Content

Similar to Chapter-5.pptx

Ict Phishing (Present)
Ict Phishing (Present)Ict Phishing (Present)
Ict Phishing (Present)aleeya91
 
Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldAvishek Datta
 
PHISHING PROJECT REPORT
PHISHING PROJECT REPORTPHISHING PROJECT REPORT
PHISHING PROJECT REPORTvineetkathan
 
Phishing 101 General Course
Phishing 101 General CoursePhishing 101 General Course
Phishing 101 General CourseAaron Keating
 
Cyber Crime & Precautions
Cyber Crime & PrecautionsCyber Crime & Precautions
Cyber Crime & PrecautionsTalwant Singh
 
A delightful way to teach kids about computers
A delightful way to teach kids about computersA delightful way to teach kids about computers
A delightful way to teach kids about computers806670
 
Phishing scams in banking ppt
Phishing scams in banking pptPhishing scams in banking ppt
Phishing scams in banking pptKrishma Sandesra
 
How To Keep the Grinch From Ruining Your Cyber Monday
How To Keep the Grinch From Ruining Your Cyber MondayHow To Keep the Grinch From Ruining Your Cyber Monday
How To Keep the Grinch From Ruining Your Cyber MondayMichele Chubirka
 
E business internet fraud
E business internet fraudE business internet fraud
E business internet fraudRadiant Minds
 
Classifying Cybercrimes
Classifying CybercrimesClassifying Cybercrimes
Classifying Cybercrimessweta dargad
 

Similar to Chapter-5.pptx (20)

edu 3 ppt.pptx
edu 3 ppt.pptxedu 3 ppt.pptx
edu 3 ppt.pptx
 
Ict Phishing (Present)
Ict Phishing (Present)Ict Phishing (Present)
Ict Phishing (Present)
 
part 3 cyber crimes
part 3 cyber crimes part 3 cyber crimes
part 3 cyber crimes
 
Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark World
 
IB Fraud
IB FraudIB Fraud
IB Fraud
 
PHISHING PROJECT REPORT
PHISHING PROJECT REPORTPHISHING PROJECT REPORT
PHISHING PROJECT REPORT
 
Phishing 101 General Course
Phishing 101 General CoursePhishing 101 General Course
Phishing 101 General Course
 
Phishing
PhishingPhishing
Phishing
 
Cyber Crime & Precautions
Cyber Crime & PrecautionsCyber Crime & Precautions
Cyber Crime & Precautions
 
A delightful way to teach kids about computers
A delightful way to teach kids about computersA delightful way to teach kids about computers
A delightful way to teach kids about computers
 
Phishing scams in banking ppt
Phishing scams in banking pptPhishing scams in banking ppt
Phishing scams in banking ppt
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
How To Keep the Grinch From Ruining Your Cyber Monday
How To Keep the Grinch From Ruining Your Cyber MondayHow To Keep the Grinch From Ruining Your Cyber Monday
How To Keep the Grinch From Ruining Your Cyber Monday
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
E business internet fraud
E business internet fraudE business internet fraud
E business internet fraud
 
Cyber crime ppt
Cyber crime pptCyber crime ppt
Cyber crime ppt
 
Introduction to phishing
Introduction to phishingIntroduction to phishing
Introduction to phishing
 
phishing technique.pptx
phishing technique.pptxphishing technique.pptx
phishing technique.pptx
 
Classifying Cybercrimes
Classifying CybercrimesClassifying Cybercrimes
Classifying Cybercrimes
 

Recently uploaded

Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxAvyJaneVismanos
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaVirag Sontakke
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitolTechU
 
Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...jaredbarbolino94
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupJonathanParaisoCruz
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 

Recently uploaded (20)

ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptx
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of India
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptx
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized Group
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 

Chapter-5.pptx

  • 2. Objectives • Learn about Phishing and its related techniques. • Understand different methods of Phishing. • Learn about Identity Theft and understand ID theft. • Understand myths and facts about ID theft. • Understand different types of ID thefts. • Learn about different techniques of ID theft. • Get an overview of 3P’s of cybercrime (Phishing, Pharming and Phoraging). • Understand about Spear Phishing. • Overview of Whaling.
  • 3. Introduction • Phishing has become a universal phenomenon and a major threat worldwide that affect not only individuals but also all industries and businesses that have an online presence and do online transactions over the internet. • The statistics about phishing attacks/scams proves phishing to be a dangerous enemy among all the methods because prime objective this attack is ID theft.
  • 4. Facts about Phishing • According to world phishing map available at www.avira.com most phishing attacks are on the rise of Asia, Europe and North America. • Facebook, HSBC, Paypal and Bank of America are most targeted organization in phishing attacks. • US, India and China are the most targeted countries. • Total 3650 non-English (Italian an Chinese) sites are recorded in the month of may 2009. • The most used TLDs in phishing websites during the month of May 2009 were “.com”, “.net” and “.org” . • Financial organizations, payment services and auction websites are ranked as most targeted industries. • Port 80 is found most popular followed by port 443 and 8080.
  • 5. Phishing • The word phishing comes from the analogy that internet scammers are using E-Mail lures to fish for passwords and financial data from the sea of Internet users. • It is criminally fraudulent process of attempting to acquire sensitive information such as username, password and credit card details by hiding as trustworthy entity in an electronic communication.
  • 6. …cont. • Phishing is a type of deception designed to steal your identity. • In phishing technique user tries to get the user disclose valuable personal data- such as credit card numbers, password, account data and other information by convicting the user to provide it under false pretenses. • E-Mail is the popular medium used in the phishing attacks and such E-Mails are also called Spam's.
  • 7. Spam E-Mail • Spam E-Mail are also know as junk mails. • Botnets, networks of virus infected computers are used to send about 80% of spam. Types of Spam mail are: – Unsolicited bulk E-Mail – Unsolicited commercial E-Mail
  • 8. SPAMBOTS • Spambot is an automated computer program and/or a script developed, mostly into C language to send SPAM mails. • SPAPMBOTS gather E-Mail ids from the internet, build mailing lists to send unsolicited mails.
  • 9. CANSPAM • The CANSPAM act of 2003 was signed in US. • The CAN-SPAM act is commonly referred to as You can Spam. In particular, it does not require E-Mailers to get permission before they send marketing messages.
  • 10. Tricks used for Phishing • Name of legitimate organization: Here phishers may use a legitimate company’s name and incorporate the look and feel of its website into the spam E-Mail. • “From” a real employee: Real name of an official, who actually works for an organization, will actually appear in the from line or the text of the message.
  • 11. Tricks used for Phishing • URLs that “look right” : The E-Mail might contain a URL which seems to be legitimate website wherein use can enter the information the phisher would like to steal. However actually the website will be a quickly cobbled – a spoofed website that looks like the real website.
  • 12. Tricks used for Phishing • Urgent Message: Creating a fear to trigger a response is very common in phishing attack- the E-Mail warn that failure to respond will result in longer having access the account. Few examples used by phishers to attract the user are: – Verify your account – You have won the lottery – If you don’t respond in 48 hours your account will be closed.
  • 13. How to prevent from Phishing • Share Personal E-Mail address with limited persons. • Never reply a SPAM mail. • Use alternate E-Mail address to register for any personal or shopping website. • Don’t forward any mail from unknown recipient.
  • 14. Methods of Phishing • Dragnet • Rod and reel • Lobsterpot • Gillnet
  • 15. Dragnet • This method involves the use of spammed E-Mail, bearing inaccurate corporate identification (e.g. corporate names, logos and trademark) which are addressed to a large group of people. • Dragner phishers do not identify specific prospective victims in advance. Instead they rely on false information included in the E-Mail to trigger an immediate response by victims- typically clicking on links on the body of E-Mail to take the victims to the web sites or pop up windows where they are requested to enter bank or credit card details.
  • 16. Rod and reel • In this method, phishers identify specific victims in advance, and convey false information to them to prompt their disclosure of personal and financial data. • For example on a phony web page, availability of similar item for a better price is displayed and upon visiting the webpage, victims were asked to enter personal information.
  • 17. Lobsterpot • This method focuses on use of spoofed web site. It consists of creating of bogus/phony website. • This attack is also known as content injection phishing. The attacker uses a weblink into an E-Mail message to make it look more legitimate and actually take the victim to a phony scam site.
  • 18. Gillnet • In this technique phishers introduce malicious code into E-Mails and websites. • They can for example misuse browser functionality by injecting aggressive content into another site’s pop window. • In some cases, the malicious code will change setting in users system so that users who want to visit legitimate banking websites will be redirected to a look alike phishing site.
  • 19. Phishing Techniques • URL manipulation: URLs are the weblinks that direct the users to a specific website.For example instead of www.abcbank.com URL is provided as www.abcbank1.com. • Filter: This technique use graphics instead of text to prevent from netting such E- Mails by anti phishing filters.
  • 20. Phishing Techniques • Website Forgery: In this technique the phisher directs the netizens to the website designed and developed by him, by altering the browser address bar through java script commands • Flash Phishing: Anti phishing toolbar are installed/enabled to help checking the webpage content for signs of phishing
  • 21. Phishing Techniques • Social Phishing: Phishers entice the netizens to reveal sensitive data by other means for example: – By sending a mail where ask user to call them back because there was a security breach. – The phone number provided in the mail is false number – Phishers speak with the victim in the similar fashion as bank employee.
  • 22. Phishing Techniques • Phone Phishing: This is known as Mishing, where phisher can use a fake caller ID data to make it appear that the call is received from a trusted organization to entice the user to reveal their personal information.