Phishing technology by chitta

•Download as PPTX, PDF•

4 likes•93 views

In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Phishing is a fraudulent e-mail that attempts to get you to divulge personal data that can then be used for illegitimate purposes. #rockstarchitta #mrchittaranjandas

Education

www.linkedin.com/mrchittaranjandas
Seminar
On
Phishing

CONTENT
• INTRODUCTION
• PHISHING TECHNIQUES
• PHISHING EXAMPLES
• TYPES OF PHISHING
• CAUSES OF PHISHING
• ANTI PHISHING
• EFFECTS OF PHISHING
• DEFEND AGAINST PHISHING ATTACKS
• CONCLUSION
• REFERENCE

INTRODUCTION
• PHISHING IS THE ACT OF ATTEMPTING TO ACQUIRE
INFORMATION SUCH AS USERNAME, PASSWORD
AND CREDIT CARD DETAILS AS A TRUSTWORTHY
ENTITY IN AN ELECTRONIC COMMUNICATION.
• COMMUNICATIONS PURPORTING TO BE FROM
POPULAR SOCIAL WEB SITES ,AUCTION SITES,
ONLINE PAYMENT PROCESS OR IT ADMINISTRATORS
ARE COMMONLY USED TO LURE THE
UNSUSPECTING PUBLIC .PHISHING EMAILS MAY
CONTAIN LINKS TO WEBSITES THAT ARE INFECTED
WITH MALWARE.

PHISHING TECHNIQUES
• LINK MANIPULATION
• FILTER EVASION
• WEBSITE FORGERY
• PHONE PHISHING

PHISHING EXAMPLES
• IN THIS EXAMPLE, TARGETED AT SOUTH TRUST BANK USERS,
THE PHISHER HAS USED AN IMAGE TO MAKE IT HARDER FOR
ANTI-PHISHING FILTERS TO DETECT BY SCANNING FOR TEXT
COMMONLY USED IN PHISHING EMAILS.

TYPES OF PHISHING
• DECEPTIVE - SENDING A DECEPTIVE EMAIL, IN BULK, WITH A
“CALL TO ACTION” THAT DEMANDS THE RECIPIENT CLICK ON A
LINK.
 MALWARE-BASED - RUNNING MALICIOUS SOFTWARE ON
THE USER’S MACHINE. VARIOUS FORMS OF MALWARE-BASED
PHISHING ARE:
 KEY LOGGERS & SCREEN LOGGERS
 SESSION HIJACKERS
 WEB TROJANS
 DATA THEFT

TYPES OF PHISHING
 DNS-BASED - PHISHING THAT INTERFERES WITH THE
INTEGRITY OF THE LOOKUP PROCESS FOR A DOMAIN NAME.
FORMS OF DNS-BASED PHISHING ARE:
 HOSTS FILE POISONING
 POLLUTING USER’S DNS CACHE
 PROXY SERVER COMPROMISE
 MAN-IN-THE-MIDDLE PHISHING - PHISHER
POSITIONS HIMSELF BETWEEN THE USER AND THE
LEGITIMATE SITE.

TYPES OF PHISHING
 CONTENT-INJECTION – INSERTING MALICIOUS CONTENT INTO LEGITIMATE SITE.
THREE PRIMARY TYPES OF CONTENT-INJECTION PHISHING:
 HACKERS CAN COMPROMISE A SERVER THROUGH A SECURITY VULNERABILITY AND
REPLACE OR AUGMENT THE LEGITIMATE CONTENT WITH MALICIOUS CONTENT.
 MALICIOUS CONTENT CAN BE INSERTED INTO A SITE THROUGH A CROSS-SITE
SCRIPTING VULNERABILITY.
 MALICIOUS ACTIONS CAN BE PERFORMED ON A SITE THROUGH A SQL INJECTION
VULNERABILITY.

CAUSES OF PHISHING
 MISLEADING E-MAILS
 NO CHECK OF SOURCE ADDRESS
 VULNERABILITY IN BROWSERS
 NO STRONG AUTHENTICATION AT WEBSITES OF BANKS AND
FINANCIAL INSTITUTIONS
 LIMITED USE OF DIGITAL SIGNATURES
 NON-AVAILABILITY OF SECURE DESKTOP TOOLS
 LACK OF USER AWARENESS
 VULNERABILITY IN APPLICATIONS

ANTI PHISHING
• A. SOCIAL RESPONSES
• B. TECHNICAL APPROACHES
• 1. HELPING TO IDENTIFY LEGITIMATE WEBSITES.
• 2. BROWSERS ALERTING USERS TO FRAUDULENT
WEBSITES.
• 3. ELIMINATING PHISHING MAIL.
• 4. MONITORING AND TAKEDOWN.
• C. LEGAL APPROACHES

EFFECTS OF PHISHING
 INTERNET FRAUD
 IDENTITY THEFT
 FINANCIAL LOSS TO THE ORIGINAL
INSTITUTIONS
 DIFFICULTIES IN LAW ENFORCEMENT
INVESTIGATIONS
 EROSION OF PUBLIC TRUST IN THE INTERNET.

DEFEND AGAINST PHISHING
ATTACKS
• PREVENTING A PHISHING ATTACK BEFORE IT BEGINS
• DETECTING A PHISHING ATTACK
• PREVENTING THE DELIVERY OF PHISHING MESSAGES
• PREVENTING DECEPTION IN PHISHING MESSAGES AND
SITES
• COUNTER MEASURES
• INTERFERING WITH THE USE OF COMPROMISED
INFORMATION

CONCLUSION
• NO SINGLE TECHNOLOGY WILL COMPLETELY STOP
PHISHING.
• HOWEVER, A COMBINATION OF GOOD ORGANIZATION
AND PRACTICE, PROPER APPLICATION OF CURRENT
TECHNOLOGIES, AND IMPROVEMENTS IN SECURITY
TECHNOLOGY HAS THE POTENTIAL TO DRASTICALLY
REDUCE THE PREVALENCE OF PHISHING AND THE
LOSSES SUFFERED FROM IT.

REFERENCE
• WWW.FACEBOOK.COM/ROCKSTARCHITTA
• WWW.TWITTER.COM/ROCKSTARCHITTA
• WWW.INSTAGRAM.COM/ROCKSTARCHITTA
• WWW.LINKEDIN.COM/MRCHITTARANJANDAS

What's hot

Phishing TechnologyAvishekMondal15

PhishingSagar Rai

Email phishing and countermeasuresJorge Sebastiao

Phishing techniquesSushil Kumar

Phishing - A modern web attackKarthik

Phishing Scams: 8 Helpful Tips to Keep You SafeCheapSSLsecurity

PhishingArchit Mohanty

Phishing attacks pptAryan Ragu

Phishing AttacksJagan Mohan

What is Phishing and How can you Avoid it?Quick Heal Technologies Ltd.

Phishing pptSanjay Kumar

Phishinganjalika sinha

Phishing Presentation Nikolaos Georgitsopoulos

How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanControlScan, Inc.

Phishing detection & protection schemeMussavir Shaikh

P H I S H I N Gbensonoo

Phishing & PharmingDevendra Yadav

Phishing Seminar By M Nadeem Qazi(MnQazi) pptxM Nadeem Qazi

Phishing Attack Awareness and Preventionsonalikharade3

Phishing Incident Response PlaybookNaushad CEH, CHFI, MTA, ITIL

What's hot (20)

Phishing Technology

Phishing

Email phishing and countermeasures

Phishing techniques

Phishing - A modern web attack

Phishing Scams: 8 Helpful Tips to Keep You Safe

Phishing

Phishing attacks ppt

Phishing Attacks

What is Phishing and How can you Avoid it?

Phishing ppt

Phishing

Phishing Presentation

How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan

Phishing detection & protection scheme

P H I S H I N G

Phishing & Pharming

Phishing Seminar By M Nadeem Qazi(MnQazi) pptx

Phishing Attack Awareness and Prevention

Phishing Incident Response Playbook

Similar to Phishing technology by chitta

phishing-technology-730-J1A0e1Q.pptxMaheshDhope1

phishingppt-160209144204.pdfvinayakjadhav94

CYBER SECURITY _ PHISHINGAnkushKumarSingh12

Security issues in e commercesadaf tst

Cyber ThreatsJettySudeepthi

Phishing: Analysis and CountermeasuresIRJET Journal

Social engineering Abdelhamid Limami

NIS-CH 1-PART 1 (1).pptxchandutidake

Cyber Crime and Prevention TipsTayyab Farooq

Edu 3 arya. s 24 Cyber privacy ARYAS87

Phishing--The Entire Story of a Dark WorldAvishek Datta

Panama-Paper-LeakAdv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]

Panama Papers Leak and Precautions Law firms should takeAdv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]

Updated Cyber Security and Fraud Prevention Tools TacticsBen Graybar

How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017SurfWatch Labs

Social engineeringVelayutham Selvaraj

Protecting Your Business from Cybercrime - Cybersecurity 101David J Rosenthal

Websecurity fundamentals for beginnersSamvel Gevorgyan

PhishingSreekanth Narendran

Info Session on Cybersecurity & Cybersecurity Study JamsGDSCCVR

Similar to Phishing technology by chitta (20)

phishing-technology-730-J1A0e1Q.pptx

phishingppt-160209144204.pdf

CYBER SECURITY _ PHISHING

Security issues in e commerce

Cyber Threats

Phishing: Analysis and Countermeasures

Social engineering

NIS-CH 1-PART 1 (1).pptx

Cyber Crime and Prevention Tips

Edu 3 arya. s 24 Cyber privacy

Phishing--The Entire Story of a Dark World

Panama-Paper-Leak

Panama Papers Leak and Precautions Law firms should take

Updated Cyber Security and Fraud Prevention Tools Tactics

How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017

Social engineering

Protecting Your Business from Cybercrime - Cybersecurity 101

Websecurity fundamentals for beginners

Phishing

Info Session on Cybersecurity & Cybersecurity Study Jams

Recently uploaded

Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD

Staff of Color (SOC) Retention Efforts DDSDDavid Douglas School District

The basics of sentences session 2pptx copy.pptxheathfieldcps1

URLs and Routing in the Odoo 17 Website AppCeline George

Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching

Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron

BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy

Introduction to AI in Higher Education_draft.pptxpboyjonauth

Crayon Activity Handout For the Crayon AUnboundStockton

TataKelola dan KamSiber Kecerdasan Buatan v022.pdfSarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F

Measures of Central Tendency: Mean, Median and ModeThiyagu K

Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton

Alper Gobel In Media Res Media ComponentInMediaRes1

Mastering the Unannounced Regulatory InspectionSafetyChain Software

Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1

Concept of Vouching. B.Com(Hons) /B.CompdfUmakantAnnand

How to Make a Pirate ship Primary Education.pptxmanuelaromero2013

“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr

18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a

APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management

Recently uploaded (20)

Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...

Staff of Color (SOC) Retention Efforts DDSD

The basics of sentences session 2pptx copy.pptx

URLs and Routing in the Odoo 17 Website App

Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...

Q4-W6-Restating Informational Text Grade 3

BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf

Introduction to AI in Higher Education_draft.pptx

Crayon Activity Handout For the Crayon A

TataKelola dan KamSiber Kecerdasan Buatan v022.pdf

Measures of Central Tendency: Mean, Median and Mode

Science 7 - LAND and SEA BREEZE and its Characteristics

Alper Gobel In Media Res Media Component

Mastering the Unannounced Regulatory Inspection

Employee wellbeing at the workplace.pptx

Concept of Vouching. B.Com(Hons) /B.Compdf

How to Make a Pirate ship Primary Education.pptx

“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...

18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf

APM Welcome, APM North West Network Conference, Synergies Across Sectors

Phishing technology by chitta

1. www.linkedin.com/mrchittaranjandas Seminar On Phishing

2. CONTENT • INTRODUCTION • PHISHING TECHNIQUES • PHISHING EXAMPLES • TYPES OF PHISHING • CAUSES OF PHISHING • ANTI PHISHING • EFFECTS OF PHISHING • DEFEND AGAINST PHISHING ATTACKS • CONCLUSION • REFERENCE

3. INTRODUCTION • PHISHING IS THE ACT OF ATTEMPTING TO ACQUIRE INFORMATION SUCH AS USERNAME, PASSWORD AND CREDIT CARD DETAILS AS A TRUSTWORTHY ENTITY IN AN ELECTRONIC COMMUNICATION. • COMMUNICATIONS PURPORTING TO BE FROM POPULAR SOCIAL WEB SITES ,AUCTION SITES, ONLINE PAYMENT PROCESS OR IT ADMINISTRATORS ARE COMMONLY USED TO LURE THE UNSUSPECTING PUBLIC .PHISHING EMAILS MAY CONTAIN LINKS TO WEBSITES THAT ARE INFECTED WITH MALWARE.

4. PHISHING TECHNIQUES • LINK MANIPULATION • FILTER EVASION • WEBSITE FORGERY • PHONE PHISHING

5. PHISHING EXAMPLES • IN THIS EXAMPLE, TARGETED AT SOUTH TRUST BANK USERS, THE PHISHER HAS USED AN IMAGE TO MAKE IT HARDER FOR ANTI-PHISHING FILTERS TO DETECT BY SCANNING FOR TEXT COMMONLY USED IN PHISHING EMAILS.

6. PHISHING EXAMPLES

7. TYPES OF PHISHING • DECEPTIVE - SENDING A DECEPTIVE EMAIL, IN BULK, WITH A “CALL TO ACTION” THAT DEMANDS THE RECIPIENT CLICK ON A LINK.  MALWARE-BASED - RUNNING MALICIOUS SOFTWARE ON THE USER’S MACHINE. VARIOUS FORMS OF MALWARE-BASED PHISHING ARE:  KEY LOGGERS & SCREEN LOGGERS  SESSION HIJACKERS  WEB TROJANS  DATA THEFT

8. TYPES OF PHISHING  DNS-BASED - PHISHING THAT INTERFERES WITH THE INTEGRITY OF THE LOOKUP PROCESS FOR A DOMAIN NAME. FORMS OF DNS-BASED PHISHING ARE:  HOSTS FILE POISONING  POLLUTING USER’S DNS CACHE  PROXY SERVER COMPROMISE  MAN-IN-THE-MIDDLE PHISHING - PHISHER POSITIONS HIMSELF BETWEEN THE USER AND THE LEGITIMATE SITE.

9. TYPES OF PHISHING  CONTENT-INJECTION – INSERTING MALICIOUS CONTENT INTO LEGITIMATE SITE. THREE PRIMARY TYPES OF CONTENT-INJECTION PHISHING:  HACKERS CAN COMPROMISE A SERVER THROUGH A SECURITY VULNERABILITY AND REPLACE OR AUGMENT THE LEGITIMATE CONTENT WITH MALICIOUS CONTENT.  MALICIOUS CONTENT CAN BE INSERTED INTO A SITE THROUGH A CROSS-SITE SCRIPTING VULNERABILITY.  MALICIOUS ACTIONS CAN BE PERFORMED ON A SITE THROUGH A SQL INJECTION VULNERABILITY.

10. CAUSES OF PHISHING  MISLEADING E-MAILS  NO CHECK OF SOURCE ADDRESS  VULNERABILITY IN BROWSERS  NO STRONG AUTHENTICATION AT WEBSITES OF BANKS AND FINANCIAL INSTITUTIONS  LIMITED USE OF DIGITAL SIGNATURES  NON-AVAILABILITY OF SECURE DESKTOP TOOLS  LACK OF USER AWARENESS  VULNERABILITY IN APPLICATIONS

11. ANTI PHISHING • A. SOCIAL RESPONSES • B. TECHNICAL APPROACHES • 1. HELPING TO IDENTIFY LEGITIMATE WEBSITES. • 2. BROWSERS ALERTING USERS TO FRAUDULENT WEBSITES. • 3. ELIMINATING PHISHING MAIL. • 4. MONITORING AND TAKEDOWN. • C. LEGAL APPROACHES

12. EFFECTS OF PHISHING  INTERNET FRAUD  IDENTITY THEFT  FINANCIAL LOSS TO THE ORIGINAL INSTITUTIONS  DIFFICULTIES IN LAW ENFORCEMENT INVESTIGATIONS  EROSION OF PUBLIC TRUST IN THE INTERNET.

13. DEFEND AGAINST PHISHING ATTACKS • PREVENTING A PHISHING ATTACK BEFORE IT BEGINS • DETECTING A PHISHING ATTACK • PREVENTING THE DELIVERY OF PHISHING MESSAGES • PREVENTING DECEPTION IN PHISHING MESSAGES AND SITES • COUNTER MEASURES • INTERFERING WITH THE USE OF COMPROMISED INFORMATION

14. CONCLUSION • NO SINGLE TECHNOLOGY WILL COMPLETELY STOP PHISHING. • HOWEVER, A COMBINATION OF GOOD ORGANIZATION AND PRACTICE, PROPER APPLICATION OF CURRENT TECHNOLOGIES, AND IMPROVEMENTS IN SECURITY TECHNOLOGY HAS THE POTENTIAL TO DRASTICALLY REDUCE THE PREVALENCE OF PHISHING AND THE LOSSES SUFFERED FROM IT.

15. REFERENCE • WWW.FACEBOOK.COM/ROCKSTARCHITTA • WWW.TWITTER.COM/ROCKSTARCHITTA • WWW.INSTAGRAM.COM/ROCKSTARCHITTA • WWW.LINKEDIN.COM/MRCHITTARANJANDAS

16. THANKS

Phishing technology by chitta

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Phishing technology by chitta

Similar to Phishing technology by chitta (20)

Recently uploaded

Recently uploaded (20)

Phishing technology by chitta