2. CONTE
NT
• Introduction
• Examples of Phishing attacks
• Common Phishing Techniques
• Causes ofPhishing
• Effects ofPhishing
• Protection against Phishing
• Conclusion
• Reference
3. INTRODUCTION
▰ A phishing attack is a methodof tricking
users intounknowinglyprovidingpersonal
and financial informationorsending funds
toattackers.
▰ Themost common formis touseemailto
providea linktowhatappears tobe a
legitimatesite butis actuallya malicious
site controlledbytheattacker
.
3
4. “The fraudulent practice of
sending
4
emails purporting to be from
reputable
companies in order to induce
individuals to reveal personal
information, such as passwords
and credit card numbers.
As per Oxford dictionary
“Phishing” is:
5. EXAMPLES OFPHISHING ATTACKS
▰ RBI(Reserve Bank of India) phishing
scam
▻Users received an email, disguised
as originating from the RBI, which
promised them a prize money of
10Lakhs within 48
hours.
▰ Google under phishing attacks
▻Users received a legal notice which
wanted them to refurbish their personal
information with a warning that users
who did not update their details within
30 days would lose their account 5
6. COMMON PHISHINGTECHNIQUES
▰ Deceptivephishing
▻Emailmessages claiming tocome from
recognized sources ask youtoverifyyour
account,re-enterinformationormake a
payment.
▰ Malware-basedphishing
▻Malwarecan bepresentas an email
attachmentora downloadable filefroma
website fora particularissue.
6
7. COMMON PHISHING TECHNIQUES(Contd..)
▰ DNS based phishing(“Pharming”)
▻Fraudsters hijack a website’s domain
name and use itto direct users to an
impostersite.
▰ Man-in-the-middlephishing
▻Hacker willbeinbetweentheuser andthe
website.Wheneveruser enterstheir
informationhackers willtakethe
informationwithoutcausing interruption
totheusers.
7
9. CAUSES OFPHISHING
▰ Unawareness amongpublic
▻Therehasbeenlack of awareness regardingthephishing attacks among the
common masses.
▰ Unawareness ofpolicy
▻Thefraudsters oftencount on victim’s unawareness of Bank/financial
institutionpolicies and procedures forcontacting customers, particularlyfor
issues relatingtoaccount maintenanceand fraudinvestigation.
▰ Technicalsophistication
▻URLobfuscation is used byphisherstomakephishing emailsandwebsites
om
appear morelegitimate.e.g. PayPals.com instead of
PayPal.c
9
10. EFFECTS OFPHISHING
Phishing is a seriouscrimeinthecyber world.Due toPhishing, theremaybe:
▰ Financialloss
▰ Dataloss
▰ Blacklisting ofinstitutions
▰ Introduction of malwareandviruses intoa PC oracomputersystem
▰ Illegal use of user’sdetails
▰ Misuse of yoursocial securitynumberetc
▰Thephisher can also takea user’s account details and open a newaccount on
thenameof theuser forfinancialgain.
10
11. PROTECTIONAGAINST PHISHING
▰ Two-factorauthentication
▻In this process youlogin witha
password anda secret codereceived
on yourmobile.
▰ HTTPS Protocol
▻HTTPS is a moresecure protocol
thanHTTP
. These websites are
equipped withSSL (secure socket
layer)thatcreates a securechannel
forinformationtransition. 11
13. PROTECTIONAGAINST PHISHING(Contd..)
▰ Anti-phishingtoolbar
▻These toolbars runquickchecks
on thesites thatyou arevisiting
and compare themtolists of
knownphishing sites.
▰ Firewalls
▻Firewalls check wherethetraffic
is coming from,whetheritis an
acceptable domainnameor
Internetprotocol. 13
14. CONCLUSION
Phishing will never be completely eradicated.
However
, a combinationof good organization and
practice, proper application
technologies, and improvements
of current
in security
technology has the potential to drastically reduce
the prevalence of phishing and the losses suffered
from it. User education remains the strongest and
at the same time, the weakest link to phishing
countermeasures.
14
15. REFERENCES
▰ Paper titled“AReviewon Phishing Attacks and Various AntiPhishing
Techniques”(InternationalJournal of ComputerApplications)
▰ Paper titled“Phishing Attacks and Defenses”(International Journal ofSecurity
and Its Applications Vol.10)
▰ https://en.wikipedia.org/wiki/Phishing
▰ https://www.tripwire.com/state-of-security/security-awareness
15
