Scribd Logo
Upload

Welcome to Scribd!

  • Phishing

    Uploaded by

    Sabyasachi
    16K views25 pages
    Phishing is an online form of pretexting, a kind of deception in which an attacker pretends to be someone else in order to obtain sensitive information from the victim. Phishing message needs to look like it is from a legitimate organization. Techniques applied to spam message cant be applied naively to phishing messages.

    Original Description:

    Original Title

    Phishing ppt

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Phishing is an online form of pretexting, a kind of deception in which an attacker pretends to be someone else in order to obtain sensitive information from the victim. Phishing message needs to look like it is from a legitimate organization. Techniques applied to spam message cant be applied naively to phishing messages.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    16K views25 pages

    Phishing

    Uploaded by

    Sabyasachi
    Phishing is an online form of pretexting, a kind of deception in which an attacker pretends to be someone else in order to obtain sensitive information from the victim. Phishing message needs to look like it is from a legitimate organization. Techniques applied to spam message cant be applied naively to phishing messages.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 25

    PHISHING BASICS

    • Pronounced "fishing“
    • The word has its Origin from two words “Password
    Harvesting” or fishing for Passwords
    • Phishing is an online form of pretexting, a kind of
    deception in which an attacker pretends to be someone
    else in order to obtain sensitive information from the victim
    • Also known as "brand spoofing“
    • Phishers are phishing artists

    Dept. of I&CT, MIT, Manipal


    COMPARISON TO SPAM
    • The purpose of a phishing message is to acquire sensitive
    information about a user. For doing so the message needs
    to deceive the intended recipient.
    • So it doesn’t contains any useful information and hence
    falls under the category of spam.
    • A spam message tries to sell a product or service, whereas
    phishing message needs to look like it is from a legitimate
    organization.
    • Techniques applied to spam message cant be applied
    naively to phishing messages.

    Dept. of I&CT, MIT, Manipal


    ANATOMY OF PHISHING MESSAGE

    A raw phishing message can be split


    into two components:
    • Content
    • Headers

    Dept. of I&CT, MIT, Manipal


    ANATOMY OF PHISHING MESSAGE

    Sting

    Dept. of I&CT, MIT, Manipal


    CONTENT

    It is further subdivided into two parts:


    • Cover
    • Sting

    Dept. of I&CT, MIT, Manipal


    HEADERS

    It is further subdivided into two parts:


    • Mail clients
    • Mail relays

    Dept. of I&CT, MIT, Manipal


    WHY PHISHING ATTACK!

    Lack of Knowledge
    • computer system
    • security and security indicators
    • web fraud

    Visual Deception
    • Visually deceptive text
    • Images masking underlying text

    Dept. of I&CT, MIT, Manipal


    Lack of computer knowledge
    www.ebay-members-
    www.ebay.com security.com

    Dept. of I&CT, MIT, Manipal


    Lack of knowledge of security and
    security indicators

    Dept. of I&CT, MIT, Manipal


    Lack of knowledge of web-fraud

    Dept. of I&CT, MIT, Manipal


    Visually Deceptive Text

    Original website Phishing website

    Dept. of I&CT, MIT, Manipal


    Image Masking Underlying Text

    Dept. of I&CT, MIT, Manipal


    MANTRA OF PHISHERS

    Succ
    Decei attack Neglect
    t

    Configuration

    Dept. of I&CT, MIT, Manipal


    Legal Response
    • In the United State, Senator Patrick Leahy introduced the
    Anti-Phishing Act of 2005 in Congress on March 1, 2005.

    Dept. of I&CT, MIT, Manipal


    How to Avoid being a Phishing victim
    1. Never respond to requests for personal
    information via email. When in doubt, call
    the institution that claims to have sent you
    the email.
    E.g. “Dear Sir or Madam” rather than “Dear Dr.
    Phatak”
    2. If you suspect the message might not be
    authentic, don't use the links within the
    email to get to a web page.
    3. Never fill out forms in email messages that
    ask for confidential information

    Dept. of I&CT, MIT, Manipal


    How to Avoid being a Phishing victim…

    Dept. of I&CT, MIT, Manipal


    How to Avoid being a Phishing victim…

    4. Always ensure
    that you're using
    a secure website
    when submitting
    credit card or
    other sensitive
    information via
    your web browser
    • check the beginning of
    the Web address in your
    browsers address bar - it
    should be ‘https://’
    rather than just ‘http://’
    • look for the locked
    padlock icon on your

    Dept. of I&CT, MIT, Manipal


    How to Avoid being a Phishing victim…

    5. Regularly check your bank, credit and


    debit card statements to ensure that all
    transactions are legitimate and if anything
    is suspicious, contact your bank and all card
    issuers immediately
    6. Ensure that your browser and OS software
    is up-to-date and that latest security
    patches are applied

    Dept. of I&CT, MIT, Manipal


    How to Avoid being a Phishing victim…

    7. Verify the real


    address of a web
    site.
    • javascript:alert("The
    actual URL of this site
    has been verified as: "
    + location. protocol +
    "//" + location.
    hostname +"/");

    Dept. of I&CT, MIT, Manipal


    ANALYSIS OF A PHISHING DATABASE

    The Anti Phishing Working Group maintains a “Phishing


    Archive”
    • Certificate (digital certificate, public key certificate)
    • Certificate Authority (CA)
    • HTTPS
    • Secure Sockets Layer (SSL) and Transport Layer
    Security(TLS)

    Dept. of I&CT, MIT, Manipal


    MANTRA OF VICTIMS

    Un-
    F attack Solution
    act

    Myths

    Dept. of I&CT, MIT, Manipal


    REFERENCES
    1. Cannon, J.C. Privacy. Pearson Education, 2005.
    2. Hilley, Sarah. “Internet war: picking on the finance Sector-
    survey.” Computer Fraud & Security, October 2006.
    3. Bellowing, Steven. “Spamming, Phishing, Authentication and
    Privacy.” Inside Risks, December 2004
    4. Mulrean, Jennifer. “Phishing scams: How to avoid Getting
    hooked.” Dollar Wise.
    5. Hunter, Philip. “Microsoft declares war on phishers.” Computer
    Fraud & Security May 2006:
    6. Google. http://www.google.com
    7. Anti-Phishing Working Group. Phishing Activity Trends Report
    November 2005
    8. Anti-Phishing Working Group Phishing Archive.
    http://antiphishing.org/phishing_archive.htm
    9. Ba, S. & P. Pavlov. Evidence of the Effect of Trust Building
    Technology in Electronic Markets: Price Premiums and Buyer
    Behavior.

    Dept. of I&CT, MIT, Manipal


    Dept. of ICT, MIT, Manipal
    THANK YOU
    Dept. of I&CT, MIT, Manipal

    You might also like