SlideShare a Scribd company logo

Phishing Presentation

Download as PPTX, PDF
Nikolaos Georgitsopoulos
Nikolaos Georgitsopoulos

-The project "Strengthening European Network Centres of Excellence in Cybercrime" (SENTER project, Reference No HOME/2014/ISFP/AG/7170) is funded by the European Commission under Internal Security Fund-Police 2014-2020 (ISFP). The main goal of the project is to create a single point of Reference for EU national Cybercrime Centres of Excellence (CoE) and develop further the Network of national CoE into well-defined and well-functioning community. More details here: http://www.senter-project.eu/

Internet
1 of 35
SENTER Project HELLENIC POLICE LIEUTENANT’S SCHOOL Presentation of Phishing Police Lieutenant Trainee Nikolaos Georgitsopoulos Hellenic Police Lieutenant’s School Greece Athens, 03 November 2017 Seminar Work for the Module “Internet Technologies”
2 Presentation of Phishing: Athens, 03 November 2017 Contents 1. Theoretical Part a) Cybercrime b) What is Phishing? c) Phishing Types d) Phishing and Online Banking Fraud e) Spear Phishing f) Technical measures (browser technologies, security software, etc.) available to detect phishing attempts 2. Practical Part a) Phishing simulation program b) The Phishing Campaign c) General guidelines for employees in order to avoid phishing
3 Cybercrime 1. Cybercrime consists of criminal acts that are committed online by using electronic communications networks and information systems. 2. It is a borderless problem that can be classified in three broad definitions: Crimes specific to the Internet, such as attacks against information systems (like phishing etc). Online fraud and forgery. Illegal online content. Presentation of Phishing: Athens, 03 November 2017
4 Types of cybercrime (a) • Illegal computer hacking and cracking; • Developing and/or spreading malicious code; • Spamming; • Ddos attacks; • Network intrusion; • Software piracy; Presentation of Phishing: Athens, 03 November 2017
5 Types of cybercrime (b) • Network-based or network-enabled crimes (such as phishing); • Intellectual property rights (IPR) crimes; • Distribution of child sexual abuse imagery; • Grooming of children for sexual purposes • Phreaking; • Conditional access piracy. Presentation of Phishing: Athens, 03 November 2017
6 What is Phishing? (a) • Phishing is a form of Cybercrime. • Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. • Phishing is the process of enticing people into visiting fraudulent websites and persuading them to enter identity information such as usernames, passwords etc. Presentation of Phishing: Athens, 03 November 2017
7 What is Phishing? (b) • Phishing, the act of stealing personal information via the internet for the purpose of committing financial fraud. • Rely on unsolicited communications by email, SMS or telephone. • The attacker purports to represent a third reliable party. • An attempt to convince the victim to divulge sensitive information, such as login credentials or payment details. Presentation of Phishing: Athens, 03 November 2017
8 Short History of Phishing (a) • Originated sometime around the year 1995. • Phreaks and hackers have always been closely linked. The “ph” spelling was used to link phishing scams with these underground communities. • Through the America Online (AOL) in 1996, instant messenger and email systems, they would send messages to users while posing as AOL employees. Presentation of Phishing: Athens, 03 November 2017
9 Short History of Phishing (b) • In late 2003, phishers registered dozens of domains that looked like legitimate sites like eBay and PayPal if you weren't paying attention. • They used email worm programs to send out spoofed emails to PayPal customers. • By the beginning of 2004, phishers were riding a huge wave of success that included attacks on banking sites and their customers. • Popup windows were used to acquire sensitive information from victims. Presentation of Phishing: Athens, 03 November 2017
10 Phishing Types 1. Spear phishing 2. Phone phishing-Vishing (Voice Phishing) 3. SMS phishing-Smishing 4. Clone phishing 5. Link manipulation 6. Filter evasion 7. Website forgery 8. Malvertising 9. Covert redirect Presentation of Phishing: Athens, 03 November 2017
11 Phishing and Online Banking Fraud (a) • Bank customers are popular targets of those who engage in phishing attacks. • Sending out thousands of spoof emails. • Criminals impersonate bank websites in order to get unsuspecting users to provide their login credentials. • At the first glance the fraudulent email looks reliable regarding its sender, form, and content and is thus almost indistinguishable from a real one. Presentation of Phishing: Athens, 03 November 2017
12 Phishing and Online Banking Fraud (b) • After that the faked website asks for personal data or access information from the user that is then used for fraudulent transactions. • The cybercriminal now has all the necessary information to steal the victim’s identity and have access to the bank account. • The phishers use the information they've gathered to make illegal purchases or otherwise commit fraud. Presentation of Phishing: Athens, 03 November 2017
13 The flow of information in a phishing attack Presentation of Phishing: Athens, 03 November 2017
14 Examples of malware used to conduct bank phishing scams 1. Bancos (2003) also identified as banker by some anti- virus companies. 2. Targeted Brazilian banks. 3. Bancos monitored internet explorer for specific bank urls and attempts to capture account information. 4. Overlay certain banking web pages with a fake one that captures the information directly from a user. Presentation of Phishing: Athens, 03 November 2017
15 Spear Phishing (a) • Spear phishing is a much more targeted attack. • The hacker knows which specific individual or organization they are after. • Research on the target in order to make the attack more personalized. • Spear-phishing attacks are much more targeted and involve duping particular individuals within a specific organization. Presentation of Phishing: Athens, 03 November 2017
16 Spear Phishing (b) • They send customized, credible emails that appear to come from a trusted source. • Enhancing their authenticity and legitimacy. • Increasing the probability of the individual complying with their request. • The recipient of the e-mail needs to be convinced. • The hacker will gain remote access or log their keystrokes and ultimately gain access to their PCs. Presentation of Phishing: Athens, 03 November 2017
17 An example of Spear Phishing: The CEO Fraud (a) • Target business companies and their employees trying to gain financial profit or intelligence profit by compromising business secrets or other information. • CEO fraud involves tricking someone into making a large wire transfer into what turns out to be a bogus account. • On a few occasions, however, checks are used instead of wire transfers. Presentation of Phishing: Athens, 03 November 2017
18 Presentation of Phishing: Athens, 03 November 2017 An example of Spear Phishing: The CEO Fraud (b)
19 1. A fraudster calls posing as a high ranking figure of the company (e.g. CEO or CFO). He appears to be the CEO or the CFO (Chief Financial Office). 2. That executive then requires from the employee an urgent transfer of funds confidential. 3. The fraudster invokes that this is a sensitive situation. 4. The fraudster pressures the employee not to follow the regular authorization procedures and bypass the security checks. 5. The fraudster gives the proper instructions to the employee on how to proceed. 6. The final step is the employee to transfer the funds to an account controlled by the fraudster. 7. The money is re-transferred to accounts in multiple jurisdictions. Presentation of Phishing: Athens, 03 November 2017 An example of Spear Phishing: The CEO Fraud (c)
20 Technical measures (browser technologies, security software, etc.) available to detect phishing attempts (a) • Anti-phishing software consists of computer programs that attempt to identify phishing content contained in websites and e-mail or block users from being tricked. • Web browsers comes with built-in anti-phishing and anti- malware protection services. • Password managers can also be used to help defend against phishing and protect sensitive data. • Filtering: anti-spam filters may be configured to identify specific known phishing messages and prevent them from reaching a user. Presentation of Phishing: Athens, 03 November 2017
21 Technical measures (browser technologies, security software, etc.) available to detect phishing attempts (b) • Authentication: determine whether the IP address of a transmitting mail transfer agent is authorized to send a message from the sender’s domain. • Signing: Cryptographic signing of email • Outgoing data monitoring: A browser plug-in such as a toolbar can store hashes of confidential information, and monitor outgoing information to detect confidential information being transmitted. • Data destination blacklisting: block data transmissions to specific IP addresses known to be associated with phishers. Presentation of Phishing: Athens, 03 November 2017
22 LUCY: A Phishing Simulation Program (a) • A customizable awareness program used by information security professionals in higher education and private industry. • An effective training program. • Allows organizations to simulate phishing e-mails. • Help identify which end users are more susceptible to such targeted e-mail attacks. • Engage in more focused training opportunities to help users recognize phishing attempts. Presentation of Phishing: Athens, 03 November 2017
23 LUCY: A Phishing Simulation Program (b) Presentation of Phishing: Athens, 03 November 2017 • Installed LUCY server through the virtual box • The server provides you with an IP address and a username and also a password.
24 LUCY: A Phishing Simulation Program (c) • The user needs to enter to Lucy login environment with the previous credentials. Presentation of Phishing: Athens, 03 November 2017
25 LUCY: A Phishing Simulation Program (d) Presentation of Phishing: Athens, 03 November 2017 Created a new phishing campaign. Two templates: 1. The first one was about a phishing e-mail coming from MasterCard. 2. The second one was informing the user that he had an encrypted message and he had to use his Microsoft account credentials.
26 LUCY: A Phishing Simulation Program (e) Add the recipients of the e-mails. I used all my functional e- mail accounts. Presentation of Phishing: Athens, 03 November 2017
27 LUCY: A Phishing Simulation Program (f) Launch my phishing attack Presentation of Phishing: Athens, 03 November 2017
28 LUCY: A Phishing Simulation Program (g) Checked my e-mails. Only in one of my four mail accounts I received the e-mail messages. Presentation of Phishing: Athens, 03 November 2017
29 LUCY: A Phishing Simulation Program (h) Presentation of Phishing: Athens, 03 November 2017
30 LUCY: A Phishing Simulation Program (j) The second mail was about a MasterCard service and asked from the user to change his password because there was a previous suspicious attempt. Presentation of Phishing: Athens, 03 November 2017
31 LUCY: A Phishing Simulation Program (k) Presentation of Phishing: Athens, 03 November 2017
32 LUCY: A Phishing Simulation Program (j) In conclusion the simulated phishing attack was partially successful because only two of the eight mails were delivered to the final recipients. The license doesn’t allow to see the collected data from this phishing attack. Presentation of Phishing: Athens, 03 November 2017
33 General guidelines for employees in order to avoid phishing, fraud scam and social engineering 1. Be AWARE of the risks and spread the information 2. Be careful when using social media 3. Avoid sharing sensitive information 4. Never open suspicious links or attachments received by e-mail 5. If you receive a call/email alerting you of a security breach, do not provide information right away or proceed with a transfer 6. Consult a colleague even if you were asked to use discretion. 7. Assigning responsibility 8. If a supplier informs you of a change in payment details, always contact him to confirm the new information 9. Strictly apply the security procedures in place for payments and procurement 10. Always contact the police in case of fraud attempts Presentation of Phishing: Athens, 03 November 2017
34 Conclusion 1. Phishing is a highly profitable activity for cybercriminals. 2. Phishing and its specific forms such as the spear phishing reveal that internet users may be vulnerable if they are not properly trained and do not know the immense dangers. 3. No single technology will completely stop phishing. 4. Good organization and practices, awareness training, proper application of current technologies, and improvements in security technology has the potential to drastically reduce the prevalence of phishing. Presentation of Phishing: Athens, 03 November 2017
Thank you for your attention! Hellenic Police Lieutenants’ School Address: Thrakomakedonon Av. 101, PO 13679 – Acharnes, Attiki - Greece Tel: +30 210-2424296, Fax : +30 210-2460964, E-mail: saea.policeacademy@hellenicpolice.gr, Website: www.hellenicpolice.gr

Recommended

Phishing
PhishingPhishing
PhishingAlka Falwaria
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks pptAryan Ragu
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing Attacks
SysCloud
 
Phishing
PhishingPhishing
Phishing
Sagar Rai
 
Phishing
PhishingPhishing
Phishing
SouganthikaSankaresw
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
bensonoo
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?
Quick Heal Technologies Ltd.
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasures
Jorge Sebastiao
 

Recommended

Phishing
PhishingPhishing
PhishingAlka Falwaria
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks pptAryan Ragu
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing Attacks
SysCloud
 
Phishing
PhishingPhishing
Phishing
Sagar Rai
 
Phishing
PhishingPhishing
Phishing
SouganthikaSankaresw
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
bensonoo
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?
Quick Heal Technologies Ltd.
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasures
Jorge Sebastiao
 
Phishing
PhishingPhishing
Phishing
anjalika sinha
 
Phishing attack
Phishing attackPhishing attack
Phishing attack
Raghav Chhabra
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
shindept123
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on Phishing
Pankaj Yadav
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing Attacks
Jagan Mohan
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniques
Sushil Kumar
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
shindept123
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Security
anjuselina
 
Phishing
PhishingPhishing
Phishing
SaurabhKantSahu1
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
ControlScan, Inc.
 
Phishing attack seminar presentation
Phishing attack seminar presentation Phishing attack seminar presentation
Phishing attack seminar presentation
AniketPandit18
 
Cybercrime the emerging threat
Cybercrime the emerging threatCybercrime the emerging threat
Cybercrime the emerging threat
ANKUR BAROT
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and Security
Chitra Mudunuru
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
Sanjay Kumar
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
Sachin Saini
 
Cyber security
Cyber securityCyber security
Cyber security
Manjushree Mashal
 
Cyber security
Cyber securityCyber security
Cyber security
Bhavin Shah
 
Phishing technology
Phishing technologyPhishing technology
Phishing technologyPreeti Papneja
 
presentation on cyber crime and security
presentation on cyber crime and securitypresentation on cyber crime and security
presentation on cyber crime and security
Alisha Korpal
 
PHISHING DETECTION
PHISHING DETECTIONPHISHING DETECTION
PHISHING DETECTIONumme ayesha
 
Phishing.pdf
Phishing.pdfPhishing.pdf
Phishing.pdf
MariGogokhia
 
Intelligent Phishing Website Detection and Prevention System by Using Link Gu...
Intelligent Phishing Website Detection and Prevention System by Using Link Gu...Intelligent Phishing Website Detection and Prevention System by Using Link Gu...
Intelligent Phishing Website Detection and Prevention System by Using Link Gu...
IOSR Journals
 

More Related Content

What's hot

Phishing
PhishingPhishing
Phishing
anjalika sinha
 
Phishing attack
Phishing attackPhishing attack
Phishing attack
Raghav Chhabra
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
shindept123
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on Phishing
Pankaj Yadav
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing Attacks
Jagan Mohan
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniques
Sushil Kumar
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
shindept123
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Security
anjuselina
 
Phishing
PhishingPhishing
Phishing
SaurabhKantSahu1
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
ControlScan, Inc.
 
Phishing attack seminar presentation
Phishing attack seminar presentation Phishing attack seminar presentation
Phishing attack seminar presentation
AniketPandit18
 
Cybercrime the emerging threat
Cybercrime the emerging threatCybercrime the emerging threat
Cybercrime the emerging threat
ANKUR BAROT
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and Security
Chitra Mudunuru
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
Sanjay Kumar
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
Sachin Saini
 
Cyber security
Cyber securityCyber security
Cyber security
Manjushree Mashal
 
Cyber security
Cyber securityCyber security
Cyber security
Bhavin Shah
 
presentation on cyber crime and security
presentation on cyber crime and securitypresentation on cyber crime and security
presentation on cyber crime and security
Alisha Korpal
 
PHISHING DETECTION
PHISHING DETECTIONPHISHING DETECTION
PHISHING DETECTIONumme ayesha
 

What's hot (20)

Phishing
PhishingPhishing
Phishing
 
Phishing attack
Phishing attackPhishing attack
Phishing attack
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on Phishing
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing Attacks
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniques
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Security
 
Phishing
PhishingPhishing
Phishing
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
 
Phishing attack seminar presentation
Phishing attack seminar presentation Phishing attack seminar presentation
Phishing attack seminar presentation
 
Cybercrime the emerging threat
Cybercrime the emerging threatCybercrime the emerging threat
Cybercrime the emerging threat
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and Security
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
presentation on cyber crime and security
presentation on cyber crime and securitypresentation on cyber crime and security
presentation on cyber crime and security
 
PHISHING DETECTION
PHISHING DETECTIONPHISHING DETECTION
PHISHING DETECTION
 

Similar to Phishing Presentation

Phishing.pdf
Phishing.pdfPhishing.pdf
Phishing.pdf
MariGogokhia
 
Intelligent Phishing Website Detection and Prevention System by Using Link Gu...
Intelligent Phishing Website Detection and Prevention System by Using Link Gu...Intelligent Phishing Website Detection and Prevention System by Using Link Gu...
Intelligent Phishing Website Detection and Prevention System by Using Link Gu...
IOSR Journals
 
Dealing with Fraud in E-Banking Sphere
Dealing with Fraud in E-Banking SphereDealing with Fraud in E-Banking Sphere
Dealing with Fraud in E-Banking Sphere
Goutama Bachtiar
 
Phishing & spamming
Phishing & spammingPhishing & spamming
Phishing & spammingKavis Pandey
 
phishingppt-160209144204.pdf
phishingppt-160209144204.pdfphishingppt-160209144204.pdf
phishingppt-160209144204.pdf
vinayakjadhav94
 
A Review on Antiphishing Framework
A Review on Antiphishing FrameworkA Review on Antiphishing Framework
A Review on Antiphishing Framework
IJAEMSJORNAL
 
Phishing Attack : A big Threat
Phishing Attack : A big ThreatPhishing Attack : A big Threat
Phishing Attack : A big Threat
sourav newatia
 
Phishing file pp
Phishing file ppPhishing file pp
Phishing file pp
PiryashineeVellasamy
 
phishing attack - man in the middle.pptx
phishing attack - man in the middle.pptxphishing attack - man in the middle.pptx
phishing attack - man in the middle.pptx
2021000444deepak
 
Anti phishing
Anti phishingAnti phishing
Anti phishing
Shethwala Ridhvesh
 
phishing-technology-730-J1A0e1Q.pptx
phishing-technology-730-J1A0e1Q.pptxphishing-technology-730-J1A0e1Q.pptx
phishing-technology-730-J1A0e1Q.pptx
MaheshDhope1
 
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
SurfWatch Labs
 
Phishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresPhishing: Analysis and Countermeasures
Phishing: Analysis and Countermeasures
IRJET Journal
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharks
Nalneesh Gaur
 
Email phishing: Text classification using natural language processing
Email phishing: Text classification using natural language processingEmail phishing: Text classification using natural language processing
Email phishing: Text classification using natural language processing
CSITiaesprime
 
Running head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docx
Running head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docxRunning head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docx
Running head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docx
wlynn1
 
Lesson iv on fraud awareness (cyber frauds)
Lesson iv on fraud awareness (cyber frauds)Lesson iv on fraud awareness (cyber frauds)
Lesson iv on fraud awareness (cyber frauds)
CA.Kolluru Narayanarao
 
Lesson iv on fraud awareness (cyber frauds)
Lesson iv on fraud awareness (cyber frauds)Lesson iv on fraud awareness (cyber frauds)
Lesson iv on fraud awareness (cyber frauds)
Kolluru N Rao
 

Similar to Phishing Presentation (20)

Phishing.pdf
Phishing.pdfPhishing.pdf
Phishing.pdf
 
Intelligent Phishing Website Detection and Prevention System by Using Link Gu...
Intelligent Phishing Website Detection and Prevention System by Using Link Gu...Intelligent Phishing Website Detection and Prevention System by Using Link Gu...
Intelligent Phishing Website Detection and Prevention System by Using Link Gu...
 
Dealing with Fraud in E-Banking Sphere
Dealing with Fraud in E-Banking SphereDealing with Fraud in E-Banking Sphere
Dealing with Fraud in E-Banking Sphere
 
Phishing & spamming
Phishing & spammingPhishing & spamming
Phishing & spamming
 
Seminar
SeminarSeminar
Seminar
 
phishingppt-160209144204.pdf
phishingppt-160209144204.pdfphishingppt-160209144204.pdf
phishingppt-160209144204.pdf
 
A Review on Antiphishing Framework
A Review on Antiphishing FrameworkA Review on Antiphishing Framework
A Review on Antiphishing Framework
 
Phishing Attack : A big Threat
Phishing Attack : A big ThreatPhishing Attack : A big Threat
Phishing Attack : A big Threat
 
Phishing file pp
Phishing file ppPhishing file pp
Phishing file pp
 
phishing attack - man in the middle.pptx
phishing attack - man in the middle.pptxphishing attack - man in the middle.pptx
phishing attack - man in the middle.pptx
 
Anti phishing
Anti phishingAnti phishing
Anti phishing
 
phishing-technology-730-J1A0e1Q.pptx
phishing-technology-730-J1A0e1Q.pptxphishing-technology-730-J1A0e1Q.pptx
phishing-technology-730-J1A0e1Q.pptx
 
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
 
Phishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresPhishing: Analysis and Countermeasures
Phishing: Analysis and Countermeasures
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharks
 
Email phishing: Text classification using natural language processing
Email phishing: Text classification using natural language processingEmail phishing: Text classification using natural language processing
Email phishing: Text classification using natural language processing
 
Running head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docx
Running head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docxRunning head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docx
Running head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docx
 
Chapter 3
Chapter 3Chapter 3
Chapter 3
 
Lesson iv on fraud awareness (cyber frauds)
Lesson iv on fraud awareness (cyber frauds)Lesson iv on fraud awareness (cyber frauds)
Lesson iv on fraud awareness (cyber frauds)
 
Lesson iv on fraud awareness (cyber frauds)
Lesson iv on fraud awareness (cyber frauds)Lesson iv on fraud awareness (cyber frauds)
Lesson iv on fraud awareness (cyber frauds)
 

More from Nikolaos Georgitsopoulos

It security koutepas-2018-05_02
It security koutepas-2018-05_02It security koutepas-2018-05_02
It security koutepas-2018-05_02
Nikolaos Georgitsopoulos
 
«Αρχή του Καταλογισμού σε ενοχή και απαγόρευση αντικειμενικής ευθύνης στο Ποι...
«Αρχή του Καταλογισμού σε ενοχή και απαγόρευση αντικειμενικής ευθύνης στο Ποι...«Αρχή του Καταλογισμού σε ενοχή και απαγόρευση αντικειμενικής ευθύνης στο Ποι...
«Αρχή του Καταλογισμού σε ενοχή και απαγόρευση αντικειμενικής ευθύνης στο Ποι...
Nikolaos Georgitsopoulos
 
Presentation democracy ethics vs. intelligencε security.
Presentation democracy ethics vs. intelligencε security.Presentation democracy ethics vs. intelligencε security.
Presentation democracy ethics vs. intelligencε security.
Nikolaos Georgitsopoulos
 
Police body worn cameras-6th Security Project Conference-16 March 2018, Athens
Police body worn cameras-6th Security Project Conference-16 March 2018, AthensPolice body worn cameras-6th Security Project Conference-16 March 2018, Athens
Police body worn cameras-6th Security Project Conference-16 March 2018, Athens
Nikolaos Georgitsopoulos
 
Summer school 2017 giannakoula _european agenda on security
Summer school 2017 giannakoula _european agenda on securitySummer school 2017 giannakoula _european agenda on security
Summer school 2017 giannakoula _european agenda on security
Nikolaos Georgitsopoulos
 
Money Laundering -Mark Pieth
Money Laundering -Mark PiethMoney Laundering -Mark Pieth
Money Laundering -Mark Pieth
Nikolaos Georgitsopoulos
 
Fighting corruption
Fighting corruptionFighting corruption
Fighting corruption
Nikolaos Georgitsopoulos
 
Police cooperation within the eu
Police cooperation within the euPolice cooperation within the eu
Police cooperation within the eu
Nikolaos Georgitsopoulos
 
Professor skiadas eu operational schemes on border control
Professor skiadas eu operational schemes on border controlProfessor skiadas eu operational schemes on border control
Professor skiadas eu operational schemes on border control
Nikolaos Georgitsopoulos
 
Professor chrysomallis institutional asfj
Professor chrysomallis institutional asfjProfessor chrysomallis institutional asfj
Professor chrysomallis institutional asfj
Nikolaos Georgitsopoulos
 
Asylum eu greece
Asylum eu greeceAsylum eu greece
Asylum eu greece
Nikolaos Georgitsopoulos
 
Afsj summer school 2 legal immigration
Afsj summer school 2 legal immigrationAfsj summer school 2 legal immigration
Afsj summer school 2 legal immigration
Nikolaos Georgitsopoulos
 
Afsj summer school 1 immigration paths
Afsj summer school 1 immigration pathsAfsj summer school 1 immigration paths
Afsj summer school 1 immigration paths
Nikolaos Georgitsopoulos
 
Cryptocurrencies Presentation- Smart Contracts
Cryptocurrencies Presentation- Smart ContractsCryptocurrencies Presentation- Smart Contracts
Cryptocurrencies Presentation- Smart Contracts
Nikolaos Georgitsopoulos
 
Afsj summer school 3 illegal immigration
Afsj summer school 3 illegal immigrationAfsj summer school 3 illegal immigration
Afsj summer school 3 illegal immigration
Nikolaos Georgitsopoulos
 
The eu on the borderline
The eu on the borderlineThe eu on the borderline
The eu on the borderline
Nikolaos Georgitsopoulos
 
Police Body Worn Cameras WAVE 2017 Presentation (in Greek)
Police Body Worn Cameras WAVE 2017 Presentation (in Greek)Police Body Worn Cameras WAVE 2017 Presentation (in Greek)
Police Body Worn Cameras WAVE 2017 Presentation (in Greek)
Nikolaos Georgitsopoulos
 

More from Nikolaos Georgitsopoulos (17)

It security koutepas-2018-05_02
It security koutepas-2018-05_02It security koutepas-2018-05_02
It security koutepas-2018-05_02
 
«Αρχή του Καταλογισμού σε ενοχή και απαγόρευση αντικειμενικής ευθύνης στο Ποι...
«Αρχή του Καταλογισμού σε ενοχή και απαγόρευση αντικειμενικής ευθύνης στο Ποι...«Αρχή του Καταλογισμού σε ενοχή και απαγόρευση αντικειμενικής ευθύνης στο Ποι...
«Αρχή του Καταλογισμού σε ενοχή και απαγόρευση αντικειμενικής ευθύνης στο Ποι...
 
Presentation democracy ethics vs. intelligencε security.
Presentation democracy ethics vs. intelligencε security.Presentation democracy ethics vs. intelligencε security.
Presentation democracy ethics vs. intelligencε security.
 
Police body worn cameras-6th Security Project Conference-16 March 2018, Athens
Police body worn cameras-6th Security Project Conference-16 March 2018, AthensPolice body worn cameras-6th Security Project Conference-16 March 2018, Athens
Police body worn cameras-6th Security Project Conference-16 March 2018, Athens
 
Summer school 2017 giannakoula _european agenda on security
Summer school 2017 giannakoula _european agenda on securitySummer school 2017 giannakoula _european agenda on security
Summer school 2017 giannakoula _european agenda on security
 
Money Laundering -Mark Pieth
Money Laundering -Mark PiethMoney Laundering -Mark Pieth
Money Laundering -Mark Pieth
 
Fighting corruption
Fighting corruptionFighting corruption
Fighting corruption
 
Police cooperation within the eu
Police cooperation within the euPolice cooperation within the eu
Police cooperation within the eu
 
Professor skiadas eu operational schemes on border control
Professor skiadas eu operational schemes on border controlProfessor skiadas eu operational schemes on border control
Professor skiadas eu operational schemes on border control
 
Professor chrysomallis institutional asfj
Professor chrysomallis institutional asfjProfessor chrysomallis institutional asfj
Professor chrysomallis institutional asfj
 
Asylum eu greece
Asylum eu greeceAsylum eu greece
Asylum eu greece
 
Afsj summer school 2 legal immigration
Afsj summer school 2 legal immigrationAfsj summer school 2 legal immigration
Afsj summer school 2 legal immigration
 
Afsj summer school 1 immigration paths
Afsj summer school 1 immigration pathsAfsj summer school 1 immigration paths
Afsj summer school 1 immigration paths
 
Cryptocurrencies Presentation- Smart Contracts
Cryptocurrencies Presentation- Smart ContractsCryptocurrencies Presentation- Smart Contracts
Cryptocurrencies Presentation- Smart Contracts
 
Afsj summer school 3 illegal immigration
Afsj summer school 3 illegal immigrationAfsj summer school 3 illegal immigration
Afsj summer school 3 illegal immigration
 
The eu on the borderline
The eu on the borderlineThe eu on the borderline
The eu on the borderline
 
Police Body Worn Cameras WAVE 2017 Presentation (in Greek)
Police Body Worn Cameras WAVE 2017 Presentation (in Greek)Police Body Worn Cameras WAVE 2017 Presentation (in Greek)
Police Body Worn Cameras WAVE 2017 Presentation (in Greek)
 

Recently uploaded

Comptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guideComptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guide
GTProductions1
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Brad Spiegel Macon GA
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
3ipehhoa
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
laozhuseo02
 
BASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptxBASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptx
natyesu
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
JeyaPerumal1
 
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptxInternet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
VivekSinghShekhawat2
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
Rogerio Filho
 
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
ufdana
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
keoku
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
laozhuseo02
 
This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!
nirahealhty
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Sanjeev Rampal
 
Latest trends in computer networking.pptx
Latest trends in computer networking.pptxLatest trends in computer networking.pptx
Latest trends in computer networking.pptx
JungkooksNonexistent
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
3ipehhoa
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
Arif0071
 
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
Javier Lasa
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
Gal Baras
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
eutxy
 

Recently uploaded (20)

Comptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guideComptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guide
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
 
BASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptxBASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptx
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
 
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptxInternet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
 
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
 
This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
 
Latest trends in computer networking.pptx
Latest trends in computer networking.pptxLatest trends in computer networking.pptx
Latest trends in computer networking.pptx
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
 
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
 

Phishing Presentation

  • 1. SENTER Project HELLENIC POLICE LIEUTENANT’S SCHOOL Presentation of Phishing Police Lieutenant Trainee Nikolaos Georgitsopoulos Hellenic Police Lieutenant’s School Greece Athens, 03 November 2017 Seminar Work for the Module “Internet Technologies”
  • 2. 2 Presentation of Phishing: Athens, 03 November 2017 Contents 1. Theoretical Part a) Cybercrime b) What is Phishing? c) Phishing Types d) Phishing and Online Banking Fraud e) Spear Phishing f) Technical measures (browser technologies, security software, etc.) available to detect phishing attempts 2. Practical Part a) Phishing simulation program b) The Phishing Campaign c) General guidelines for employees in order to avoid phishing
  • 3. 3 Cybercrime 1. Cybercrime consists of criminal acts that are committed online by using electronic communications networks and information systems. 2. It is a borderless problem that can be classified in three broad definitions: Crimes specific to the Internet, such as attacks against information systems (like phishing etc). Online fraud and forgery. Illegal online content. Presentation of Phishing: Athens, 03 November 2017
  • 4. 4 Types of cybercrime (a) • Illegal computer hacking and cracking; • Developing and/or spreading malicious code; • Spamming; • Ddos attacks; • Network intrusion; • Software piracy; Presentation of Phishing: Athens, 03 November 2017
  • 5. 5 Types of cybercrime (b) • Network-based or network-enabled crimes (such as phishing); • Intellectual property rights (IPR) crimes; • Distribution of child sexual abuse imagery; • Grooming of children for sexual purposes • Phreaking; • Conditional access piracy. Presentation of Phishing: Athens, 03 November 2017
  • 6. 6 What is Phishing? (a) • Phishing is a form of Cybercrime. • Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. • Phishing is the process of enticing people into visiting fraudulent websites and persuading them to enter identity information such as usernames, passwords etc. Presentation of Phishing: Athens, 03 November 2017
  • 7. 7 What is Phishing? (b) • Phishing, the act of stealing personal information via the internet for the purpose of committing financial fraud. • Rely on unsolicited communications by email, SMS or telephone. • The attacker purports to represent a third reliable party. • An attempt to convince the victim to divulge sensitive information, such as login credentials or payment details. Presentation of Phishing: Athens, 03 November 2017
  • 8. 8 Short History of Phishing (a) • Originated sometime around the year 1995. • Phreaks and hackers have always been closely linked. The “ph” spelling was used to link phishing scams with these underground communities. • Through the America Online (AOL) in 1996, instant messenger and email systems, they would send messages to users while posing as AOL employees. Presentation of Phishing: Athens, 03 November 2017
  • 9. 9 Short History of Phishing (b) • In late 2003, phishers registered dozens of domains that looked like legitimate sites like eBay and PayPal if you weren't paying attention. • They used email worm programs to send out spoofed emails to PayPal customers. • By the beginning of 2004, phishers were riding a huge wave of success that included attacks on banking sites and their customers. • Popup windows were used to acquire sensitive information from victims. Presentation of Phishing: Athens, 03 November 2017
  • 10. 10 Phishing Types 1. Spear phishing 2. Phone phishing-Vishing (Voice Phishing) 3. SMS phishing-Smishing 4. Clone phishing 5. Link manipulation 6. Filter evasion 7. Website forgery 8. Malvertising 9. Covert redirect Presentation of Phishing: Athens, 03 November 2017
  • 11. 11 Phishing and Online Banking Fraud (a) • Bank customers are popular targets of those who engage in phishing attacks. • Sending out thousands of spoof emails. • Criminals impersonate bank websites in order to get unsuspecting users to provide their login credentials. • At the first glance the fraudulent email looks reliable regarding its sender, form, and content and is thus almost indistinguishable from a real one. Presentation of Phishing: Athens, 03 November 2017
  • 12. 12 Phishing and Online Banking Fraud (b) • After that the faked website asks for personal data or access information from the user that is then used for fraudulent transactions. • The cybercriminal now has all the necessary information to steal the victim’s identity and have access to the bank account. • The phishers use the information they've gathered to make illegal purchases or otherwise commit fraud. Presentation of Phishing: Athens, 03 November 2017
  • 13. 13 The flow of information in a phishing attack Presentation of Phishing: Athens, 03 November 2017
  • 14. 14 Examples of malware used to conduct bank phishing scams 1. Bancos (2003) also identified as banker by some anti- virus companies. 2. Targeted Brazilian banks. 3. Bancos monitored internet explorer for specific bank urls and attempts to capture account information. 4. Overlay certain banking web pages with a fake one that captures the information directly from a user. Presentation of Phishing: Athens, 03 November 2017
  • 15. 15 Spear Phishing (a) • Spear phishing is a much more targeted attack. • The hacker knows which specific individual or organization they are after. • Research on the target in order to make the attack more personalized. • Spear-phishing attacks are much more targeted and involve duping particular individuals within a specific organization. Presentation of Phishing: Athens, 03 November 2017
  • 16. 16 Spear Phishing (b) • They send customized, credible emails that appear to come from a trusted source. • Enhancing their authenticity and legitimacy. • Increasing the probability of the individual complying with their request. • The recipient of the e-mail needs to be convinced. • The hacker will gain remote access or log their keystrokes and ultimately gain access to their PCs. Presentation of Phishing: Athens, 03 November 2017
  • 17. 17 An example of Spear Phishing: The CEO Fraud (a) • Target business companies and their employees trying to gain financial profit or intelligence profit by compromising business secrets or other information. • CEO fraud involves tricking someone into making a large wire transfer into what turns out to be a bogus account. • On a few occasions, however, checks are used instead of wire transfers. Presentation of Phishing: Athens, 03 November 2017
  • 18. 18 Presentation of Phishing: Athens, 03 November 2017 An example of Spear Phishing: The CEO Fraud (b)
  • 19. 19 1. A fraudster calls posing as a high ranking figure of the company (e.g. CEO or CFO). He appears to be the CEO or the CFO (Chief Financial Office). 2. That executive then requires from the employee an urgent transfer of funds confidential. 3. The fraudster invokes that this is a sensitive situation. 4. The fraudster pressures the employee not to follow the regular authorization procedures and bypass the security checks. 5. The fraudster gives the proper instructions to the employee on how to proceed. 6. The final step is the employee to transfer the funds to an account controlled by the fraudster. 7. The money is re-transferred to accounts in multiple jurisdictions. Presentation of Phishing: Athens, 03 November 2017 An example of Spear Phishing: The CEO Fraud (c)
  • 20. 20 Technical measures (browser technologies, security software, etc.) available to detect phishing attempts (a) • Anti-phishing software consists of computer programs that attempt to identify phishing content contained in websites and e-mail or block users from being tricked. • Web browsers comes with built-in anti-phishing and anti- malware protection services. • Password managers can also be used to help defend against phishing and protect sensitive data. • Filtering: anti-spam filters may be configured to identify specific known phishing messages and prevent them from reaching a user. Presentation of Phishing: Athens, 03 November 2017
  • 21. 21 Technical measures (browser technologies, security software, etc.) available to detect phishing attempts (b) • Authentication: determine whether the IP address of a transmitting mail transfer agent is authorized to send a message from the sender’s domain. • Signing: Cryptographic signing of email • Outgoing data monitoring: A browser plug-in such as a toolbar can store hashes of confidential information, and monitor outgoing information to detect confidential information being transmitted. • Data destination blacklisting: block data transmissions to specific IP addresses known to be associated with phishers. Presentation of Phishing: Athens, 03 November 2017
  • 22. 22 LUCY: A Phishing Simulation Program (a) • A customizable awareness program used by information security professionals in higher education and private industry. • An effective training program. • Allows organizations to simulate phishing e-mails. • Help identify which end users are more susceptible to such targeted e-mail attacks. • Engage in more focused training opportunities to help users recognize phishing attempts. Presentation of Phishing: Athens, 03 November 2017
  • 23. 23 LUCY: A Phishing Simulation Program (b) Presentation of Phishing: Athens, 03 November 2017 • Installed LUCY server through the virtual box • The server provides you with an IP address and a username and also a password.
  • 24. 24 LUCY: A Phishing Simulation Program (c) • The user needs to enter to Lucy login environment with the previous credentials. Presentation of Phishing: Athens, 03 November 2017
  • 25. 25 LUCY: A Phishing Simulation Program (d) Presentation of Phishing: Athens, 03 November 2017 Created a new phishing campaign. Two templates: 1. The first one was about a phishing e-mail coming from MasterCard. 2. The second one was informing the user that he had an encrypted message and he had to use his Microsoft account credentials.
  • 26. 26 LUCY: A Phishing Simulation Program (e) Add the recipients of the e-mails. I used all my functional e- mail accounts. Presentation of Phishing: Athens, 03 November 2017
  • 27. 27 LUCY: A Phishing Simulation Program (f) Launch my phishing attack Presentation of Phishing: Athens, 03 November 2017
  • 28. 28 LUCY: A Phishing Simulation Program (g) Checked my e-mails. Only in one of my four mail accounts I received the e-mail messages. Presentation of Phishing: Athens, 03 November 2017
  • 29. 29 LUCY: A Phishing Simulation Program (h) Presentation of Phishing: Athens, 03 November 2017
  • 30. 30 LUCY: A Phishing Simulation Program (j) The second mail was about a MasterCard service and asked from the user to change his password because there was a previous suspicious attempt. Presentation of Phishing: Athens, 03 November 2017
  • 31. 31 LUCY: A Phishing Simulation Program (k) Presentation of Phishing: Athens, 03 November 2017
  • 32. 32 LUCY: A Phishing Simulation Program (j) In conclusion the simulated phishing attack was partially successful because only two of the eight mails were delivered to the final recipients. The license doesn’t allow to see the collected data from this phishing attack. Presentation of Phishing: Athens, 03 November 2017
  • 33. 33 General guidelines for employees in order to avoid phishing, fraud scam and social engineering 1. Be AWARE of the risks and spread the information 2. Be careful when using social media 3. Avoid sharing sensitive information 4. Never open suspicious links or attachments received by e-mail 5. If you receive a call/email alerting you of a security breach, do not provide information right away or proceed with a transfer 6. Consult a colleague even if you were asked to use discretion. 7. Assigning responsibility 8. If a supplier informs you of a change in payment details, always contact him to confirm the new information 9. Strictly apply the security procedures in place for payments and procurement 10. Always contact the police in case of fraud attempts Presentation of Phishing: Athens, 03 November 2017
  • 34. 34 Conclusion 1. Phishing is a highly profitable activity for cybercriminals. 2. Phishing and its specific forms such as the spear phishing reveal that internet users may be vulnerable if they are not properly trained and do not know the immense dangers. 3. No single technology will completely stop phishing. 4. Good organization and practices, awareness training, proper application of current technologies, and improvements in security technology has the potential to drastically reduce the prevalence of phishing. Presentation of Phishing: Athens, 03 November 2017
  • 35. Thank you for your attention! Hellenic Police Lieutenants’ School Address: Thrakomakedonon Av. 101, PO 13679 – Acharnes, Attiki - Greece Tel: +30 210-2424296, Fax : +30 210-2460964, E-mail: saea.policeacademy@hellenicpolice.gr, Website: www.hellenicpolice.gr

Editor's Notes

  1. Good Moring. My name is Nikolaos Georgitsopoulos. For today the topic of my presentation will be Phishing.
  2. First we gonna see: This working paper presents phishing and its various forms. The work is divided into two parts. A theoretical one and second a practical one. The theoretical part presents all theoretical elements such as what phishing is, a brief history of it, how phishing works and some examples. After that it explained is a more specific form of phishing (spear) and analyzing it. The reader can then find information on technical measures in how to address this phenomenon. The practical part introduces the creation of a simulated phishing campaign through a dedicated software. The recipients of this simulated attack were identified and then designed for how to perform. Through a LUCY platform, we have been able to create such a campaign so that its users can assess the risks and threats that may be of interest to them in each branch of activity.
  3. In the bibliography there is not an agreed definition of cybercrime, the terms "cybercrime", "computer crime", "computer-related crime" or "high-tech crime" are often used interchangeably. In general, “cybercrime” is understood as "criminal acts committed using electronic communications networks and information systems or against such networks and systems", (Council of Europe, 2001). Cybercrime consists of criminal acts that are committed online by using electronic communications networks and information systems. It is a borderless problem that can be classified in three broad definitions, (European Commission, 2017): Crimes specific to the Internet, such as attacks against information systems or phishing (e.g. fake bank websites to solicit passwords enabling access to victims' bank accounts). Online fraud and forgery. Large-scale fraud can be committed online through instruments such as identity theft, phishing, spam and malicious code. Illegal online content, including child sexual abuse material, incitement to racial hatred, incitement to terrorist acts and glorification of violence, terrorism, racism and xenophobia.
  4. illegal computer hacking and cracking (the unauthorised access of computers, sometimes exploiting flaws in the system itself); developing and/or spreading malicious code (such as viruses and Trojans which do damage to computer operating systems or are used in other ways to commit cybercrimes or conventional crimes); spamming (sending out multiple emails, usually through a set of infected computers called a 'Botnet'); DDoS attacks ('Distributed Denial of Service’, a way of flooding a server with multiple requests that might then bring the website down); network intrusion (breaking into computer networks, often using hacking techniques and usually to steal information, sow viruses or attempt blackmail); software piracy (stealing commercial software);
  5. network-based or network-enabled crimes (such as phishing – an attempt to 'con' people through unsolicited emails – and identity theft), Intellectual Property Rights (IPR) crimes (for example illegal file-sharing of copyright-protected music and video, stealing confidential commercial information); distribution of child sexual abuse imagery; grooming of children for sexual purposes, e.g. through social network sites; phreaking (unauthorised use of telephone systems either to make free calls or increasingly as a form of anonymity for organised crime); conditional access piracy (for example the illegal decryption of satellite TV signals).
  6. In this chapter we are going to focus on definitions about phishing. According to a definition…
  7. Although the practice originated sometime around the year 1995, these types of scams were not commonly known by everyday people until nearly ten years later. There is also a good reason for the use of “ph” in place of the “f” in the spelling of the term. Some of the earliest hackers were known as phreaks. Phreaking refers to the exploration, experimenting and study of telecommunication systems. Phreaks and hackers have always been closely linked. The “ph” spelling was used to link phishing scams with these underground communities. Back when America Online (AOL) in 1996 was the number-one provider of Internet access, millions of people logged on to the service each day. Its popularity made it a natural choice for those who had less than pure motives. From the beginning, hackers and those who traded pirated software used the service to communicate with one another. This community was referred to as the warez community. It was this community that eventually made the first moves to conduct phishing attacks,
  8. Spear phishing Is an email-spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information. Clone phishing is a type of phishing attack whereby a legitimate, and previously delivered, email containing an attachment or link has had its content and recipient address(es) taken and used to create an almost identical or cloned email. Most methods of phishing use some form of technical deception designed to make a link in an email (and the spoofed website it leads to) appear to belong to the spoofed organization. Phishers have even started using images instead of text to make it harder for anti-phishing filters to detect text commonly used in phishing emails. Website forgery: the link to the website is crafted to carry out the attack, making it very difficult to spot without specialist knowledge. Malvertising is malicious advertising that contains active scripts designed to download malware or force unwanted content onto your computer. Covert redirect is a subtle method to perform phishing attacks that makes links appear legitimate, but actually redirect a victim to an attacker's website.
  9. According to Emigh, (2005) the simplified flow of information in a phishing attack is: A deceptive message is sent from the phisher to the user. A user provides confidential information to a phishing server (normally after some interaction with the server). The phisher obtains the confidential information from the server. The confidential information is used to impersonate the user. The phisher obtains illicit monetary gain.
  10. Cybercriminals make their research and they target business companies and their employees trying to gain financial profit or intelligence profit by compromising business secrets or other information. CEO fraud is another name for this scam and it usually involves tricking someone into making a large wire transfer into what turns out to be a bogus account On a few occasions, however, checks are used instead of wire transfers Two main modi operandi dominated on European law enforcement cases was, (Europol, 2017): 1. CEO (Chief Executive Office) fraud and 2. Mandate fraud
  11. Step 1: A fraudster calls posing as a high ranking figure of the company (e.g. CEO or CFO). He appears to be the CEO or the CFO (Chief Financial Office). This is a typical example of vishing. Step 2: That executive then requires from the employee an urgent transfer of funds. Additionally this transfer must be absolute confidential. Step 3: The fraudster invokes that this is a sensitive situation (e.g. tax control; merger; acquisition etc). Step 4: The fraudster pressures the employee not to follow the regular authorization procedures and bypass the security checks. Step 5: The fraudster gives the proper instructions to the employee on how to proceed. Instructions might also be given later by a third-person or via e-mail. Step 6: The final step is the employee to transfer the funds to an account controlled by the fraudster. The money is re-transferred to accounts in multiple jurisdictions.
  12. Step 1: A fraudster calls posing as a high ranking figure of the company (e.g. CEO or CFO). He appears to be the CEO or the CFO (Chief Financial Office). This is a typical example of vishing. Step 2: That executive then requires from the employee an urgent transfer of funds. Additionally this transfer must be absolute confidentiality. Step 3: The fraudster invokes that this is a sensitive situation (e.g. tax control; merger; acquisition etc). Step 4: The fraudster pressures the employee not to follow the regular authorization procedures and bypass the security checks. Step 5: The fraudster gives the proper instructions to the employee on how to proceed. Instructions might also be given later by a third-person or via e-mail. Step 6: The final step is the employee to transfer the funds to an account controlled by the fraudster. The money is re-transferred to accounts in multiple jurisdictions. Vishing: Phishing through VOIP and Telephone.
  13. Be AWARE of the risks and spread the information within your company. Be careful when using social media: by sharing information on your workplace and responsibilities you increase the risks of becoming a target. Avoid sharing sensitive information on the company’s hierarchy, security or procedures. Never open suspicious links or attachments received by e-mail. Be particularly careful when checking your personal mail boxes on the company’s computers. Always carefully check e-mail addresses when dealing with sensitive information/money transfers. Fraudsters often use copycat e-mails where only one character differs from the original. If you receive a suspicious e-mail or call, always inform your IT department; they are the ones in charge of such issues. They can check the content of suspicious mail and block the sender if necessary. In case of doubt on a transfer order, always consult a colleague even if you were asked to use discretion. If you receive a call/email alerting you of a security breach, do not provide information right away or proceed with a transfer. Always start by calling the person back using a phone number found in your own records or on the official website of the company; do not use the number provided to you in the mail or by the caller. If you were contacted by phone, call back using another phone (fraudsters use technology to remain online after you hang up). In case of doubt on a transfer order, always consult a colleague even if you were asked to use discretion. Consider assigning responsibility to an employee whom others can consult in case of doubt. If a supplier informs you of a change in payment details, always contact him to confirm the new information. Keep in mind that the e-mail/phone number provided on the invoice might have been modified. Strictly apply the security procedures in place for payments and procurement. Do not skip any steps and do not give in to pressure. Always contact the police in case of fraud attempts, even if you did not fall victim to the scam.
  14. Phishing is a highly profitable activity for cybercriminals. Phishing and its specific forms such as the spear phishing reveal that internet users may be vulnerable if they are not properly trained and do not know the immense dangers. No single technology will completely stop phishing. Good organization and practices, awareness training, proper application of current technologies, and improvements in security technology has the potential to drastically reduce the prevalence of phishing.