The document explains phishing, a method for obtaining sensitive information by impersonating trustworthy entities through electronic communications. It details various phishing techniques such as spear phishing, clone phishing, and whaling, as well as the damages caused and countermeasures including social, technical, and legal approaches. The conclusion emphasizes the importance for future software engineers to understand and implement security measures against phishing in their systems.

1. Beware of this if you want to protect yourself from being stolen.

2. What is phishing?
• Phishing is a way of attempting to acquire
information such as usernames, passwords,
and credit card details by masquerading as a
trustworthy entity in an electronic
communication.

3. Popular Phishing Techniques
• Spear Phishing
• Clone Phishing
• Whaling
• Link Manipulation
• Filter Evasion
• Website Forgery
• Phone Phishing
• Tabnabbing
• Evil Twins

4. Spear Phishing
• Phishing attempts directed at specific
individuals or companies have been termed
Spear Phishing.
• The Spear Phisher thrives on familiarity.
• Personalized Salutations.

5. Spear Phishing Illustration

6. Clone Phishing
• Content of original mail (including link) copied
to create false or duplicate email.
• The attachment or Link within the email is
replaced.
• This technique could be used as a pivot.

7. Clone Phishing Illustration

8. Whaling
• Phishing attacks have been directed specifically at
senior executives and other high profile targets
within businesses is known as Whaling.
• The infected Site will ask the following:
a. Enter confidential company information and
passwords.
b. Provide financial details or enter them when
making a payment for a fake software download.

9. Link Manipulation
• Misspelled URLs or the use of sub-domains
• Make the displayed text for a link (the text
between the <A> tags).

10. Link Manipulation Illustration

11. Filter Evasion
• Use of Images instead of Texts to fool filters.
• These filters use OCR (Optical Character
Recognition) to optically scan the image and
filter it.

12. Filter Evasion Illustration

13. Website Forgery
• Some phishing scams
use JavaScript commands in order to alter
the address bar.
• Use of Flash Based websites (Flashing).

14. Website Forgery Illustration

15. Phone Phishing
• Messages that claimed to be from a bank told
users to dial a phone number regarding
problems with their bank accounts.
• Vishing (voice phishing) sometimes uses fake
caller-ID data to give the appearance that calls
come from a trusted organization

16. Phone Phishing Illustration

17. Tab-Nabbing
• It takes advantage of tabbed browsing, which
opens multiple tabs, that users use and
silently redirects the user to the affected site.
• It doesn’t take you directly to the fraudulent
site, but instead the phishers load their fake
pages on one of the tabs.

18. Tab Nabbing Illustration

19. Evil Twins
• Evil Twin is a phishing technique that is hard
to detect. A phisher creates a fake wireless
network that looks similar to a legitimate
public network that may be found in public
places such as airports, hotels or coffee shops.
• Whenever someone logs on to the bogus
network, fraudsters try to capture their
passwords and/or credit card information.

20. Damages Caused by Phishing
• Monetary
• Data
• Business
• Time

21. Anti Phishing
• There are several different techniques to
combat Phishing like social, technological,
legal approaches, etc.
• Some of the techniques are discussed in the
next slides.

22. Social Responses to Counter Phishing
• Awareness
• Education
• Anti-Phishing Working Groups
• Organizing Forums
• Discussion Platforms

23. Technical Responses to Counter Phishing
• Helping to Identify Legitimate Websites
• Secure Connection
• Browsers Alerting Users to Fraudulent
Websites
• Augmenting Passwords
• Eliminating Phishing Mails
• Monitoring and Takedown
• Transaction Verifying and Signing

24. Legal Responses
Information Technology Act 2000 has
provisions to combat Phishing through the
following articles in our Constitution:
• Section 66
• Section 66A
• Section 66C
• Section 66D

25. Examples of Phishing in India
• Pharmaceutical Company
• RBI Phishing Scam
• Income Tax Department Phishing Scam
• ICC World Cup 2011
• Google Inc.

26. Modus Operandi of Bank Phishers
• Creating fake websites hosted at offshore servers.
• Changing of contact numbers in the database of
the Bank.
• After the Phisher gains access to the victim’s
account, he may perform one of the following:
– Transfer money from the victim’s account to a
beneficiary’s account
– Recharge Mobile Phones
– Make Purchases online permissible by net banking
facility.

27. Modus Operandi of Bank Phishers Continued
• The Beneficiary Account is fake and made
using fake documents.
• Closing account after completion of fraud.
• Use of Proxy IP Addresses by Phishers to fool
Investigative Agencies.

28. Conclusion
As a future software engineer, it is imperative
that we know about Phishing because in
future we will be developing different systems
and websites on our own and we must
implement different security measures for
protection against Phishing. This
documentation has taught me a lot about
creating some of those force fields.

29. Thank You for watching this
presentation!
Any questions are most welcome!