SlideShare a Scribd company logo

Phishing technology

Download as PPTX, PDF
Preeti Papneja
Preeti Papneja

The document provides an overview of phishing technology. It defines phishing as acquiring sensitive user information through deceptive messages, usually via email or websites. The summary explains how phishers create imitation websites to trick users into providing passwords, financial details, or other sensitive data. It also outlines common signs of phishing emails and recommends reporting any suspicious messages and not clicking links within unsolicited emails.

1 of 27
Phishing Technology Presented by Preety Papneja B.Tech (cs) 3rd yr
1.Introduction 2.What is Phishing 3.What might be the Phisher ask for 4.How does it Work 5.The simplified flow of information in a phishing attack 6. What should I be aware of when receiving a suspicious email? 7.What do I do if I get a phishing message? 8.What do I do if I am unsure about a fraudulent email message? 9.Why phishing is still popular 10.How to protect yourself from phishing 11. References
Phishing: Pronounced "fishing“ The word has its Origin from two words “Password Harvesting” or fishing for Passwords Phishing is an online form of pretexting, a kind of deception in which an attacker pretends to be someone else in order to obtain sensitive information from the victim Also known as "brand spoofing“ Phishers are phishing artists. The purpose of a phishing message is to acquire sensitive information about a user.
What is phishing Phishing refers to a person or a group of cyber- criminals who create an imitation or copy of an existing legitimate web page to trick users into providing sensitive personal information. Responding to “phishing” emails put your accounts at risk.
What might the phisher ask for? Your password Account number, card number, Pin, access code Personality identifiable information like your date of birth, Social Security number or address Confidential information like student records, financial records or technical information Phishers typically present a plausible scenario and often take advantage of the recipient’s fear, greed. They also often present a sense of urgency. Example include message that: Tell you that your account was misused by you and will be disabled Tell you your account was compromised and will be disabled
How does phishing Phishing attacks are most commonly work transmitted via email, but they are also transmitted via:  Instant Messaging  Social media website such as fb, MySpace and Twitter The communicational may:  Ask you to reply with specific information  Ask you to visit a web page, then ask you to share specific information  Ask you to call a phone number, which will ask you to share specific information
The Imbedded Web Address The next way phishing works is by redirecting the victim to a seemingly legitimate website from an email. The email may look like it has been sent from a bank, the Internal Revenue Service or an online financial service such as PayPal, escrow or an online financial rewards system. The website that the victim is redirected to appears in every way to be real. Upon entering usernames, passwords or any other vital information, it is not unlikely that the website appears to crash. This is because the phisher has what he needs and doesn’t want the victim to find out about the phony website.
The simplified flow of information in a phishing attack is: 1. A deceptive message is sent from the phisher to the user. 2. A user provides confidential information to a phishing server (normally after some interaction with the server). 3. The phisher obtain the confidential information from the server. 4. The confidential information is used to impersonate the user. 5. The phisher obtain illicit monetary gain. The discussion of technology countermeasures will center on ways to disrupt steps 1,2 and 4, as well as related technologies outside the information flow proper.
Look for the following clues: misspelled words, unprofessional tone, bad grammar, or other problems with the content. Other things to look for: they are asking you to verify your confidential information, will hold you liable if you don't respond, telling you that the account will be closed if you don't respond, etc. All these are signs of a phishing message.
Original website Phishing website
Report and forward the original email to the Information Security Office at security@utep.edu.Do not reply to the sender of the email. What do I do if I am unsure about a fraudulent email message? Following these steps to minimize your chances of becoming a victim of fraud: 1.Do not click on any links listed within the email message. 2.Do not open any attachments included in the email. 3.Forward the email message to The Information Security Office. 4.Review your credit card and bank statements, and your bills, for unauthorized charges or withdrawals. 5.Never enter personal information using a pop-up screen. Legitimate companies will provide secure web forms for you to fill out.
Phishing had been widely used at least half a decade ago but it still remains as one of the popular methods to scam internet users .Many of us might still be wondering why there are so many victims out there even though we had been taught from time to stay aware of a phishing scam. There are five reasons here why phishing is still a popular trick and below are the reasons. #1- it tricks the victim with fear: one of the most common method is to trick the victim by sending them an email and tell them that their internet banking account is being compromised and need to click on a link to resolve the issue. Once the user followed the link, the user will be redirected to some forged website that looks similar to the banking website which requires the user to input his/her username and password. Once that form is sent, all the data will be transmitted to the attacker controlled server.
#2-it tricks the victim with special interest: Some scammers use the scenario such as winning lottery or viewing adult material to create a temptation for the victim to click on a link that redirects to the phishing site. #3-it is not a rocket science technology: Phishing attacks involves creating a forged website and it might be difficult to certain people. However if it is compare to hacking a banking server, creating website is not that complicated. Therefore many novice or intermediate scammer will choose to use the phishing method over any other method in their hacking project. #4-it can be launched via many types of communication channel: phishing can happen not only by simply building a forged website and anticipate for the victim to come to you. It can also involve sending emails to lure them to the forged website.
Besides that, a phishing scam uses as well the manipulation of a URL and post it as a comment or forum to trick them to the forged website. Apart from using the computer knowledge to lure the victim, phishing can also be done via phone calls. The conclusion is this type of scam can be done via multiple channels and multiple techniques. #5-Compromising one account is not the end. After stealing one’s credentials is not the end, but it can be the beginning. Why is it so? Internet users nowadays have many online accounts for instance Facebook , Twitter, and LinkedIn. In common, most users will use the same username and password for each of the account so that remembering them is not an issue. Hence this can lead to the users’ credentials that had been stolen can be used as well for other accounts by the scammers.
How to Protect Yourself from Phishing The following 10 steps will help protect yourself. Whilst we have researched and made recommendations of software that will assist you, Fraud Watch International makes no warranties or guarantees about the products. 1. Never Click on Hyperlinks within emails Why? Hyperlinks within emails are often cloaked, or hidden. The text you see as a hyperlink may not be where the hyperlink takes you. Recommendation: If you are unsure of the source of the email, you should not click on hyperlinks within emails that are apparently from a legitimate company for personally sensitive
information Instead, directly type in the URL in the Internet browser address bar, or call the company on a contact number previously verified or known to be genuine. 2. Use Anti-SPAM Filter Software Why? Some studies have shown around 85% of all email sent is SPAM, with a majority fraudulent. This can be costly and time consuming to end users who receive them. Effective SPAM filters can reduce the number of fraudulent emails consumers are exposed to. 3. Use Anti-Virus Software Why? To protect against Trojan and worm attacks, anti-virus software can detect and delete virus files before they can attack a computer.
It is important to keep all anti-virus software up to date with vendor updates. These virus programs can search your computer and pass this information to fraudsters. 4. Use a Personal Firewall Why? Firewall's can monitor both incoming and outgoing Internet traffic from a computer. This can protect the computer from being hacked into, and a virus being planted, and can also block unauthorized programs from accessing the Internet, such as Trojans, worms and spyware.
5. Keep Software Updated (Operating Systems & Browsers) Why? Fraudsters and malicious computer hackers are continually finding vulnerabilities in software operating systems and Internet Browsers. Software vendors are constantly updating their software to fix these vulnerabilities and protect consumers. Recommendation: Always ensure operating and browser software is kept up to date using legitimate upgrades and patches issued by the software vendor. Visit your operating system vendors website for update information, and subscribe to any automatic updating service. 6. Always look for "https" and a padlock on a site that requests personal information Why? Information entered on an Internet Web Site can be intercepted by a third party. Web Sites that are secure protect against this activity
Recommendation: When submitting sensitive financial and personal information on the Internet, look for the locked padlock on the Internet browser's status bar or the “https://” at the start of the URL in the address bar. Although there is no guarantee of the site's legitimacy or security if they are present, the absence of these indicates that the web site is definitely not secure. 7. Keep your Computer clean from Spyware Why? Spyware & Adware are files that can be installed on your computer, even if you don't want them, without you knowing they are there! They allow companies to monitor your Internet browsing patterns, see what you purchase and even allow companies to inundate you with those annoying "pop up" ads! If you've downloaded some music, files or documents and suddenly started getting annoying ads popping up on your screen, you could definitely be infected with Spy Ware and/or Ad Ware!
8. Educate Yourself on Fraudulent Activity on the Internet Why? Internet Fraud methods are evolving at a rapid rate. Consumers need to be aware they are vulnerable as fraudsters are persuasive and convincing; many victims thought they were too smart to be scammed. Consumers should educate themselves on Internet Fraud, the trends and continual changes in fraudulent methods used. Fraud Watch International offers consumer education as a free service to the Internet community.
9. Check Your Credit Report Immediately, for Free! Why? If you have responded to a fraudulent email, you may be at risk of identity theft. A virus could have been implanted within the email, which may find and pass on sensitive personal information about you to fraudsters, or if you have provided fraudsters with any personal information, you may be at risk of Identity Theft. You should check your credit report, and subscribe to a credit report monitoring service, to be alerted if your personal information is used fraudulently.
10. Seek Advice - If you are unsure - ask us! Why? If unsure as to the legitimacy of an email, consumers should seek advice from the legitimate corporation using verified contact details. For other potentially fraudulent emails, consumers can seek advice from Fraud Watch International by forwarding the email with their questions to us. This is a free service to assist in the prevention of Internet Fraud. Recommendation: You can seek advice from Fraud Watch International by forwarding the email with your questions to scams@fraudwatchinternational.com .
www.identity-theft-scenarios.com/how-does-phishing- work.html www.microsoft.com/security/online-privacy/phishing- symptoms.aspx www.kbase.gfi.com/showarticle.asp?id=kbid002585 www.antiphishing.org www.phishing1122.blogspot.com www.planb-security.net www.londonancestor.com
Thank You

Recommended

Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing AttacksSysCloud
 
Phishing attack
Phishing attackPhishing attack
Phishing attackRaghav Chhabra
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation Nikolaos Georgitsopoulos
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on PhishingPankaj Yadav
 
Phishing
PhishingPhishing
PhishingSouganthikaSankaresw
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniquesSushil Kumar
 
Phishing
PhishingPhishing
PhishingAlka Falwaria
 

Recommended

Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing AttacksSysCloud
 
Phishing attack
Phishing attackPhishing attack
Phishing attackRaghav Chhabra
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation Nikolaos Georgitsopoulos
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on PhishingPankaj Yadav
 
Phishing
PhishingPhishing
PhishingSouganthikaSankaresw
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniquesSushil Kumar
 
Phishing
PhishingPhishing
PhishingAlka Falwaria
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharksNalneesh Gaur
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Securityanjuselina
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafeCheapSSLsecurity
 
Phishing Attack : A big Threat
Phishing Attack : A big ThreatPhishing Attack : A big Threat
Phishing Attack : A big Threatsourav newatia
 
Phishing
PhishingPhishing
PhishingSaurabhKantSahu1
 
PHISHING attack
PHISHING attack PHISHING attack
PHISHING attack Shubh Thakkar
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness TrainingJen Ruhman
 
phishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptxphishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptxvdgtkhdh
 
Phishing ppt
Phishing pptPhishing ppt
Phishing pptshindept123
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks pptAryan Ragu
 
Anti phishing presentation
Anti phishing presentationAnti phishing presentation
Anti phishing presentationBokangMalunga
 
Password Attack
Password Attack Password Attack
Password Attack Sina Manavi
 
Spear Phishing Attacks
Spear Phishing AttacksSpear Phishing Attacks
Spear Phishing Attacksn|u - The Open Security Community
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?Quick Heal Technologies Ltd.
 
Phishing technology
Phishing technologyPhishing technology
Phishing technologyharpinderkaur123
 
Phishing
PhishingPhishing
PhishingHHSome
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing AttacksJagan Mohan
 
Spam & Phishing
Spam & PhishingSpam & Phishing
Spam & PhishingGrittyCC
 
Introduction to Malware
Introduction to MalwareIntroduction to Malware
Introduction to Malwareamiable_indian
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gbensonoo
 
A presentation on Phishing
A presentation on PhishingA presentation on Phishing
A presentation on PhishingCreative Technology
 

More Related Content

What's hot

Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharksNalneesh Gaur
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Securityanjuselina
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafeCheapSSLsecurity
 
Phishing Attack : A big Threat
Phishing Attack : A big ThreatPhishing Attack : A big Threat
Phishing Attack : A big Threatsourav newatia
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness TrainingJen Ruhman
 
phishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptxphishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptxvdgtkhdh
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks pptAryan Ragu
 
Anti phishing presentation
Anti phishing presentationAnti phishing presentation
Anti phishing presentationBokangMalunga
 
Password Attack
Password Attack Password Attack
Password Attack Sina Manavi
 
Phishing
PhishingPhishing
PhishingHHSome
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing AttacksJagan Mohan
 
Spam & Phishing
Spam & PhishingSpam & Phishing
Spam & PhishingGrittyCC
 
Introduction to Malware
Introduction to MalwareIntroduction to Malware
Introduction to Malwareamiable_indian
 

What's hot (20)

Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharks
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Security
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You Safe
 
Phishing Attack : A big Threat
Phishing Attack : A big ThreatPhishing Attack : A big Threat
Phishing Attack : A big Threat
 
Phishing
PhishingPhishing
Phishing
 
PHISHING attack
PHISHING attack PHISHING attack
PHISHING attack
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness Training
 
phishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptxphishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptx
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks ppt
 
Anti phishing presentation
Anti phishing presentationAnti phishing presentation
Anti phishing presentation
 
Password Attack
Password Attack Password Attack
Password Attack
 
Spear Phishing Attacks
Spear Phishing AttacksSpear Phishing Attacks
Spear Phishing Attacks
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Phishing
PhishingPhishing
Phishing
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing Attacks
 
Spam & Phishing
Spam & PhishingSpam & Phishing
Spam & Phishing
 
Introduction to Malware
Introduction to MalwareIntroduction to Malware
Introduction to Malware
 

Viewers also liked

P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gbensonoo
 
PHISHING PROJECT REPORT
PHISHING PROJECT REPORTPHISHING PROJECT REPORT
PHISHING PROJECT REPORTvineetkathan
 
Phishing - A modern web attack
Phishing - A modern web attackPhishing - A modern web attack
Phishing - A modern web attackKarthik
 
Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldAvishek Datta
 
Phishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information HighwayPhishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information HighwayKevin Lim
 
Seminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII SemSeminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII SemNarendra Singh
 
Email of Doom: New phishing attacks that threaten your clients
Email of Doom: New phishing attacks that threaten your clientsEmail of Doom: New phishing attacks that threaten your clients
Email of Doom: New phishing attacks that threaten your clientsCalyptix Security
 
Maemo Introduction
Maemo IntroductionMaemo Introduction
Maemo Introductionjtukkine
 
Data Security For Compliance 2
Data Security For Compliance 2Data Security For Compliance 2
Data Security For Compliance 2Flaskdata.io
 

Viewers also liked (20)

P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
 
A presentation on Phishing
A presentation on PhishingA presentation on Phishing
A presentation on Phishing
 
Phishing
PhishingPhishing
Phishing
 
PHISHING PROJECT REPORT
PHISHING PROJECT REPORTPHISHING PROJECT REPORT
PHISHING PROJECT REPORT
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Intro phishing
Intro phishingIntro phishing
Intro phishing
 
Phishing - A modern web attack
Phishing - A modern web attackPhishing - A modern web attack
Phishing - A modern web attack
 
Phishing
PhishingPhishing
Phishing
 
Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark World
 
Introduction to phishing
Introduction to phishingIntroduction to phishing
Introduction to phishing
 
Phishing
PhishingPhishing
Phishing
 
Displaying Data
Displaying DataDisplaying Data
Displaying Data
 
Phishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information HighwayPhishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information Highway
 
phishing
phishingphishing
phishing
 
Seminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII SemSeminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII Sem
 
Phishing
PhishingPhishing
Phishing
 
Email of Doom: New phishing attacks that threaten your clients
Email of Doom: New phishing attacks that threaten your clientsEmail of Doom: New phishing attacks that threaten your clients
Email of Doom: New phishing attacks that threaten your clients
 
Phising
PhisingPhising
Phising
 
Maemo Introduction
Maemo IntroductionMaemo Introduction
Maemo Introduction
 
Data Security For Compliance 2
Data Security For Compliance 2Data Security For Compliance 2
Data Security For Compliance 2
 

Similar to Phishing technology

IS Presetation.pptx
IS Presetation.pptxIS Presetation.pptx
IS Presetation.pptxTanvir Amin
 
10 tips to prevent phishing attacks
10 tips to prevent phishing attacks10 tips to prevent phishing attacks
10 tips to prevent phishing attacksNamik Heydarov
 
December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10seadeloitte
 
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...Okan YILDIZ
 
OWASP_Presentation_FINAl. Cybercrime and cyber security awareness
OWASP_Presentation_FINAl. Cybercrime and cyber security awarenessOWASP_Presentation_FINAl. Cybercrime and cyber security awareness
OWASP_Presentation_FINAl. Cybercrime and cyber security awarenessMaherHamza9
 
Phishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdfPhishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdfEvs, Lahore
 
negative implications of IT
negative implications of ITnegative implications of IT
negative implications of ITMahdiRahmani15
 
IDENTIFYING CYBER THREATS NEAR YOU
IDENTIFYING CYBER THREATS NEAR YOUIDENTIFYING CYBER THREATS NEAR YOU
IDENTIFYING CYBER THREATS NEAR YOUBilly Warero
 
phishing facts be aware and do not take the bait
phishing facts be aware and do not take the baitphishing facts be aware and do not take the bait
phishing facts be aware and do not take the baitssuser64f8f8
 
ICT-phishing
ICT-phishingICT-phishing
ICT-phishingMH BS
 
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSLESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSlesteraporado16
 
phishing-awareness-powerpoint [Autosaved].pptx
phishing-awareness-powerpoint [Autosaved].pptxphishing-awareness-powerpoint [Autosaved].pptx
phishing-awareness-powerpoint [Autosaved].pptxErrorError22
 

Similar to Phishing technology (20)

IS Presetation.pptx
IS Presetation.pptxIS Presetation.pptx
IS Presetation.pptx
 
10 tips to prevent phishing attacks
10 tips to prevent phishing attacks10 tips to prevent phishing attacks
10 tips to prevent phishing attacks
 
Phishing
PhishingPhishing
Phishing
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10
 
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...
 
OWASP_Presentation_FINAl. Cybercrime and cyber security awareness
OWASP_Presentation_FINAl. Cybercrime and cyber security awarenessOWASP_Presentation_FINAl. Cybercrime and cyber security awareness
OWASP_Presentation_FINAl. Cybercrime and cyber security awareness
 
Phishing mails: Bonnes pratiques
Phishing mails: Bonnes pratiques Phishing mails: Bonnes pratiques
Phishing mails: Bonnes pratiques
 
Phishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdfPhishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdf
 
Security Awareness Training.pptx
Security Awareness Training.pptxSecurity Awareness Training.pptx
Security Awareness Training.pptx
 
negative implications of IT
negative implications of ITnegative implications of IT
negative implications of IT
 
Phishing 1 vp
Phishing 1 vpPhishing 1 vp
Phishing 1 vp
 
Computer 4 ict
Computer 4 ictComputer 4 ict
Computer 4 ict
 
IDENTIFYING CYBER THREATS NEAR YOU
IDENTIFYING CYBER THREATS NEAR YOUIDENTIFYING CYBER THREATS NEAR YOU
IDENTIFYING CYBER THREATS NEAR YOU
 
phishing facts be aware and do not take the bait
phishing facts be aware and do not take the baitphishing facts be aware and do not take the bait
phishing facts be aware and do not take the bait
 
ICT-phishing
ICT-phishingICT-phishing
ICT-phishing
 
Tittl e
Tittl eTittl e
Tittl e
 
Pp8
Pp8Pp8
Pp8
 
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSLESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
 
phishing-awareness-powerpoint [Autosaved].pptx
phishing-awareness-powerpoint [Autosaved].pptxphishing-awareness-powerpoint [Autosaved].pptx
phishing-awareness-powerpoint [Autosaved].pptx
 

Phishing technology

  • 1. Phishing Technology Presented by Preety Papneja B.Tech (cs) 3rd yr
  • 2. 1.Introduction 2.What is Phishing 3.What might be the Phisher ask for 4.How does it Work 5.The simplified flow of information in a phishing attack 6. What should I be aware of when receiving a suspicious email? 7.What do I do if I get a phishing message? 8.What do I do if I am unsure about a fraudulent email message? 9.Why phishing is still popular 10.How to protect yourself from phishing 11. References
  • 3. Phishing: Pronounced "fishing“ The word has its Origin from two words “Password Harvesting” or fishing for Passwords Phishing is an online form of pretexting, a kind of deception in which an attacker pretends to be someone else in order to obtain sensitive information from the victim Also known as "brand spoofing“ Phishers are phishing artists. The purpose of a phishing message is to acquire sensitive information about a user.
  • 4. What is phishing Phishing refers to a person or a group of cyber- criminals who create an imitation or copy of an existing legitimate web page to trick users into providing sensitive personal information. Responding to “phishing” emails put your accounts at risk.
  • 5. What might the phisher ask for? Your password Account number, card number, Pin, access code Personality identifiable information like your date of birth, Social Security number or address Confidential information like student records, financial records or technical information Phishers typically present a plausible scenario and often take advantage of the recipient’s fear, greed. They also often present a sense of urgency. Example include message that: Tell you that your account was misused by you and will be disabled Tell you your account was compromised and will be disabled
  • 6. How does phishing Phishing attacks are most commonly work transmitted via email, but they are also transmitted via:  Instant Messaging  Social media website such as fb, MySpace and Twitter The communicational may:  Ask you to reply with specific information  Ask you to visit a web page, then ask you to share specific information  Ask you to call a phone number, which will ask you to share specific information
  • 7. The Imbedded Web Address The next way phishing works is by redirecting the victim to a seemingly legitimate website from an email. The email may look like it has been sent from a bank, the Internal Revenue Service or an online financial service such as PayPal, escrow or an online financial rewards system. The website that the victim is redirected to appears in every way to be real. Upon entering usernames, passwords or any other vital information, it is not unlikely that the website appears to crash. This is because the phisher has what he needs and doesn’t want the victim to find out about the phony website.
  • 8. The simplified flow of information in a phishing attack is: 1. A deceptive message is sent from the phisher to the user. 2. A user provides confidential information to a phishing server (normally after some interaction with the server). 3. The phisher obtain the confidential information from the server. 4. The confidential information is used to impersonate the user. 5. The phisher obtain illicit monetary gain. The discussion of technology countermeasures will center on ways to disrupt steps 1,2 and 4, as well as related technologies outside the information flow proper.
  • 9.
  • 10.
  • 11.
  • 12. Look for the following clues: misspelled words, unprofessional tone, bad grammar, or other problems with the content. Other things to look for: they are asking you to verify your confidential information, will hold you liable if you don't respond, telling you that the account will be closed if you don't respond, etc. All these are signs of a phishing message.
  • 13. Original website Phishing website
  • 14. Report and forward the original email to the Information Security Office at security@utep.edu.Do not reply to the sender of the email. What do I do if I am unsure about a fraudulent email message? Following these steps to minimize your chances of becoming a victim of fraud: 1.Do not click on any links listed within the email message. 2.Do not open any attachments included in the email. 3.Forward the email message to The Information Security Office. 4.Review your credit card and bank statements, and your bills, for unauthorized charges or withdrawals. 5.Never enter personal information using a pop-up screen. Legitimate companies will provide secure web forms for you to fill out.
  • 15. Phishing had been widely used at least half a decade ago but it still remains as one of the popular methods to scam internet users .Many of us might still be wondering why there are so many victims out there even though we had been taught from time to stay aware of a phishing scam. There are five reasons here why phishing is still a popular trick and below are the reasons. #1- it tricks the victim with fear: one of the most common method is to trick the victim by sending them an email and tell them that their internet banking account is being compromised and need to click on a link to resolve the issue. Once the user followed the link, the user will be redirected to some forged website that looks similar to the banking website which requires the user to input his/her username and password. Once that form is sent, all the data will be transmitted to the attacker controlled server.
  • 16. #2-it tricks the victim with special interest: Some scammers use the scenario such as winning lottery or viewing adult material to create a temptation for the victim to click on a link that redirects to the phishing site. #3-it is not a rocket science technology: Phishing attacks involves creating a forged website and it might be difficult to certain people. However if it is compare to hacking a banking server, creating website is not that complicated. Therefore many novice or intermediate scammer will choose to use the phishing method over any other method in their hacking project. #4-it can be launched via many types of communication channel: phishing can happen not only by simply building a forged website and anticipate for the victim to come to you. It can also involve sending emails to lure them to the forged website.
  • 17. Besides that, a phishing scam uses as well the manipulation of a URL and post it as a comment or forum to trick them to the forged website. Apart from using the computer knowledge to lure the victim, phishing can also be done via phone calls. The conclusion is this type of scam can be done via multiple channels and multiple techniques. #5-Compromising one account is not the end. After stealing one’s credentials is not the end, but it can be the beginning. Why is it so? Internet users nowadays have many online accounts for instance Facebook , Twitter, and LinkedIn. In common, most users will use the same username and password for each of the account so that remembering them is not an issue. Hence this can lead to the users’ credentials that had been stolen can be used as well for other accounts by the scammers.
  • 18. How to Protect Yourself from Phishing The following 10 steps will help protect yourself. Whilst we have researched and made recommendations of software that will assist you, Fraud Watch International makes no warranties or guarantees about the products. 1. Never Click on Hyperlinks within emails Why? Hyperlinks within emails are often cloaked, or hidden. The text you see as a hyperlink may not be where the hyperlink takes you. Recommendation: If you are unsure of the source of the email, you should not click on hyperlinks within emails that are apparently from a legitimate company for personally sensitive
  • 19. information Instead, directly type in the URL in the Internet browser address bar, or call the company on a contact number previously verified or known to be genuine. 2. Use Anti-SPAM Filter Software Why? Some studies have shown around 85% of all email sent is SPAM, with a majority fraudulent. This can be costly and time consuming to end users who receive them. Effective SPAM filters can reduce the number of fraudulent emails consumers are exposed to. 3. Use Anti-Virus Software Why? To protect against Trojan and worm attacks, anti-virus software can detect and delete virus files before they can attack a computer.
  • 20. It is important to keep all anti-virus software up to date with vendor updates. These virus programs can search your computer and pass this information to fraudsters. 4. Use a Personal Firewall Why? Firewall's can monitor both incoming and outgoing Internet traffic from a computer. This can protect the computer from being hacked into, and a virus being planted, and can also block unauthorized programs from accessing the Internet, such as Trojans, worms and spyware.
  • 21. 5. Keep Software Updated (Operating Systems & Browsers) Why? Fraudsters and malicious computer hackers are continually finding vulnerabilities in software operating systems and Internet Browsers. Software vendors are constantly updating their software to fix these vulnerabilities and protect consumers. Recommendation: Always ensure operating and browser software is kept up to date using legitimate upgrades and patches issued by the software vendor. Visit your operating system vendors website for update information, and subscribe to any automatic updating service. 6. Always look for "https" and a padlock on a site that requests personal information Why? Information entered on an Internet Web Site can be intercepted by a third party. Web Sites that are secure protect against this activity
  • 22. Recommendation: When submitting sensitive financial and personal information on the Internet, look for the locked padlock on the Internet browser's status bar or the “https://” at the start of the URL in the address bar. Although there is no guarantee of the site's legitimacy or security if they are present, the absence of these indicates that the web site is definitely not secure. 7. Keep your Computer clean from Spyware Why? Spyware & Adware are files that can be installed on your computer, even if you don't want them, without you knowing they are there! They allow companies to monitor your Internet browsing patterns, see what you purchase and even allow companies to inundate you with those annoying "pop up" ads! If you've downloaded some music, files or documents and suddenly started getting annoying ads popping up on your screen, you could definitely be infected with Spy Ware and/or Ad Ware!
  • 23. 8. Educate Yourself on Fraudulent Activity on the Internet Why? Internet Fraud methods are evolving at a rapid rate. Consumers need to be aware they are vulnerable as fraudsters are persuasive and convincing; many victims thought they were too smart to be scammed. Consumers should educate themselves on Internet Fraud, the trends and continual changes in fraudulent methods used. Fraud Watch International offers consumer education as a free service to the Internet community.
  • 24. 9. Check Your Credit Report Immediately, for Free! Why? If you have responded to a fraudulent email, you may be at risk of identity theft. A virus could have been implanted within the email, which may find and pass on sensitive personal information about you to fraudsters, or if you have provided fraudsters with any personal information, you may be at risk of Identity Theft. You should check your credit report, and subscribe to a credit report monitoring service, to be alerted if your personal information is used fraudulently.
  • 25. 10. Seek Advice - If you are unsure - ask us! Why? If unsure as to the legitimacy of an email, consumers should seek advice from the legitimate corporation using verified contact details. For other potentially fraudulent emails, consumers can seek advice from Fraud Watch International by forwarding the email with their questions to us. This is a free service to assist in the prevention of Internet Fraud. Recommendation: You can seek advice from Fraud Watch International by forwarding the email with your questions to scams@fraudwatchinternational.com .