5. Contents:
Definition
Introduction
Type of Phishing
Causes of Phishing
How to notice Phishing
Example of Phishing
Prevention Method
Conclusion
6. Phreaking + Fishing = Phishing
- Phreaking = making phone calls for free back in 70’s
- Fishing = Use bait to lure the target
Phishing in 1995
Target: AOL users
Purpose: getting account passwords for free time
Threat level: low
Techniques: Similar names ( www.ao1.com for www.aol.com ), social
engineering
Phishing in 2001
Target: Ebayers and major banks
Purpose: getting credit card numbers, accounts
Threat level: medium
Techniques: Same in 1995, keylogger
Phishing in 2007
Target: Paypal, banks, ebay
Purpose: bank accounts
Threat level: high
Techniques: browser vulnerabilities, link obfuscation
History of Phishing
7. Definition
It is the act of tricking someone into giving
confidential information (like passwords and
credit card information) on a fake web page.
8. Introduction
Phishing is way of fraudulenty acquiring sensitive
information using social engineering
It tries to trick with official looking message
•Credit card
•Bank account
•Facebook id/pw
•Paypal
some phishing emails also contain malicious or
unwanted software that can track your activities o
slow your computer
It is comparatively different from SPAM
11. Phishing
Fraudsters
Build fake
site
Send out thousands
Of Phishing E-mails
With link to fake website
Victims click on links in
E-mail believing it is
Legitimate. They enter
personal information
Fraudsters compile The
stolen data and shell it
Online or use it them selves
13. Artists also use Uniform Resource Locators(URLs)
that resemble the name of a well-known company
or
web-site but are slightly altered by adding, omitting
or transposing letters.
For example, the URL www.microsoft.com could appear
instead as:
www.micosoft.com
www.mircosoft.com
www.verify-microsoft.com
14.
15.
16.
17. “Be alert for spam message”
Don’t open any links in suspicious emails, instant
messages, or chat room messages
18. “Only communicate personal info. Over secure web site”
Secure website are indicated by a lock on the browser’s
status bar or the prefix
“Https::// ” instead of “Http://”
20. “Avoid using email on public computers”
Information from an email is temporarily stored on
computer’s local disk and can be retrieved by another
user if it is not properly deleted
21. “Do not click anything in pop-up window”
If your browser has a pop-u blocker , enable it.
Do not Copy any website addresses from a pop-up
window into your computer.
22. “Use security programs to protect your computer”
Use a spam filter , Anti-spyware program , Anti-virus
program and a firewall. These can be obtained from
a software retailer or the internet.
23. “Check your credit report and financial statement regularly”
Make sure that no unauthorized transaction have been
made and that all item on your credit report are correct.
24.
25. TYPE OF PHISHING
o Deceptive Phishing
o Malware-Based Phishing
o Man in the Middle Phishing
o Search engine Phishing
26. Deceptive Phishing
Sending a deceptive email, in bulk, with a “call to
action that demands the recipient click on a link.
27. Malware-Based Phishing
Malware stands for malicious software,
Malware is used to generically describe any
malicious software regardless of its technical
category
28. Man in the Middle Phishing
An attack where attacker gets between the
Sender and receiver of information
(Session Phishing)
29. Search engine Phishing
Create web pages for fake products, get
the pages indexed by search engines,
and wait for users to enter their
confidential information as part of an
order, sign-up, or balance transfer.
30. Causes of Phishing
Misleading e-mails
No check of source address
Vulnerability in browsers
No strong authentication at websites of
banks and financial institutions
Limited use of digital signatures
Non-availability of secure desktop tools
Lack of user awareness
Vulnerability in applications
… and more
31. Existing System
1) Detect and block the phishing
websites in time
2) Enhance the secure of the websites
3) Block the Phishing e-mails by
various spam filter
4) Install online anti-phishing software
in user’s computers
32. Proposed System
1. Classification of the hyperlink in the
phishing e-mail
2. Link guard algorithm
3. Link guard implemented client
4. Feasibility study