This document discusses phishing, which is a type of criminal activity where scammers try to acquire sensitive information like usernames, passwords, and credit card details by masquerading as a trustworthy entity. Phishing is dangerous because emails and websites can look very convincing. Statistics show that phishing attacks increased dramatically between 2005 and 2006, affecting millions of people and costing businesses billions. The document describes common phishing techniques like website forgery, voice phishing, and using images to evade detection. It concludes by providing tips to protect yourself such as using spam filters, anti-phishing browser tools, and not clicking links in emails.

1. PHISHINGNOT THE KIND OF FISHING YOU ARE USED
TO.
Presented by:-
Ankur Pandey, Ankush Singh
Akash Shukla, Akshada
Babar
Prachi

2. PHISHING DEFINITION
• A criminal activity using social engineering
techniques (a collection of techniques used to
manipulate people into performing actions or
divulging confidential information).
• Phishers attempt to fraudulently acquire
sensitive information, such as usernames,
passwords and credit card details, by
masquerading as a trustworthy entity in an
electronic communication.

3. WHY IS PHISHING SO
DANGEROUS?
• Emails and websites can be convincing or hard to distinguish from the real
company
• Uses pictures and websites from existing companies
• Can sometimes link to the real website to seem even more realistic
• Email address seems legitimate

4. • Over 28,000 unique phishing attacks reported in
Dec. 2006, about double the number from 2005
• Estimates suggest phishing affected 2 million US
citizens and cost businesses billions of dollars in
2008
• Additional losses due to consumer fears
Phishing: A Growing
Problem

5. PHISHING
STATISTICS

6. PHISHING – WEBSITE
FORGERY
• An attacker can even use a trusted website's own scripts against the victim.
• These types of attacks (known as cross-site scripting) are particularly problematic, because
they direct the user to sign in at their bank or service's own web page, where everything
from the web address to the security certificates appears correct.
• Some phishing scams use JavaScript commands
in order to alter the address bar. This is done either
by placing a picture of the legitimate entity's URL
over the address bar, or by closing the original
address bar and opening a new one containing
the legitimate URL.

7. PHONE (VOICE)
PHISHING
• Not all phishing attacks require a fake website.
• In an incident in 2006, messages that claimed to be
from a bank told users to dial a phone number regarding
problems with their bank accounts.
• Voice phishing sometimes uses fake caller-ID data to give the
appearance that the calls come from a trusted organization.

8. PHISHING - HOW TO PROTECT YOURSELF
• Users can take steps to avoid phishing attempts by slightly modifying their browsing habits.
• SPAM filters can also help by reducing the number of phishing emails that users receive in their
inboxes.
• Anti-phishing measures have been implemented as features embedded in browsers, as
extensions or toolbars for browsers, and as part of website login procedures.
• Anti-phishing measures have been implemented as features embedded in browsers, as
extensions or toolbars for browsers, and as part of website login procedures.
• Never click on the link on the email. Retype the address in a new window

9. PHISHING EXAMPLE
In this example, targeted at
South Trust Bank users, the
phisher has used an image to
make it harder for anti-
phishing filters to detect by
scanning for text commonly
used in phishing emails.

10. Thank
you .Stay Alert Be Safe