SlideShare a Scribd company logo

Phishing technology

Download as PPTX, PDF
Preeti Papneja, profile picture
Preeti Papneja

The document provides an overview of phishing technology. It defines phishing as acquiring sensitive user information through deceptive messages, usually via email or websites. The summary explains how phishers create imitation websites to trick users into providing passwords, financial details, or other sensitive data. It also outlines common signs of phishing emails and recommends reporting any suspicious messages and not clicking links within unsolicited emails.

1 of 27
Downloaded 17 times
1
2
Most read
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
Phishing Technology Presented by Preeti Papneja B.Tech (cs) 3rd yr
1.Introduction 2.What is Phishing 3.What might be the Phisher ask for 4.How does it Work 5.The simplified flow of information in a phishing attack 6. What should I be aware of when receiving a suspicious email? 7.What do I do if I get a phishing message? 8.What do I do if I am unsure about a fraudulent email message? 9.Why phishing is still popular 10.How to protect yourself from phishing 11. References
Phishing: Pronounced "fishing“ The word has its Origin from two words “Password Harvesting” or fishing for Passwords Phishing is an online form of pretexting, a kind of deception in which an attacker pretends to be someone else in order to obtain sensitive information from the victim Also known as "brand spoofing“ Phishers are phishing artists. The purpose of a phishing message is to acquire sensitive information about a user.
What is phishing Phishing refers to a person or a group of cyber- criminals who create an imitation or copy of an existing legitimate web page to trick users into providing sensitive personal information. Responding to “phishing” emails put your accounts at risk.
What might the phisher ask for? Your password Account number, card number, Pin, access code Personality identifiable information like your date of birth, Social Security number or address Confidential information like student records, financial records or technical information Phishers typically present a plausible scenario and often take advantage of the recipient’s fear, greed. They also often present a sense of urgency. Example include message that: Tell you that your account was misused by you and will be disabled Tell you your account was compromised and will be disabled
How does phishing Phishing attacks are most commonly work transmitted via email, but they are also transmitted via:  Instant Messaging  Social media website such as fb, MySpace and Twitter The communicational may:  Ask you to reply with specific information  Ask you to visit a web page, then ask you to share specific information  Ask you to call a phone number, which will ask you to share specific information
The Imbedded Web Address The next way phishing works is by redirecting the victim to a seemingly legitimate website from an email. The email may look like it has been sent from a bank, the Internal Revenue Service or an online financial service such as PayPal, escrow or an online financial rewards system. The website that the victim is redirected to appears in every way to be real. Upon entering usernames, passwords or any other vital information, it is not unlikely that the website appears to crash. This is because the phisher has what he needs and doesn’t want the victim to find out about the phony website.
The simplified flow of information in a phishing attack is: 1. A deceptive message is sent from the phisher to the user. 2. A user provides confidential information to a phishing server (normally after some interaction with the server). 3. The phisher obtain the confidential information from the server. 4. The confidential information is used to impersonate the user. 5. The phisher obtain illicit monetary gain. The discussion of technology countermeasures will center on ways to disrupt steps 1,2 and 4, as well as related technologies outside the information flow proper.
Phishing technology
Phishing technology
Phishing technology
Look for the following clues: misspelled words, unprofessional tone, bad grammar, or other problems with the content. Other things to look for: they are asking you to verify your confidential information, will hold you liable if you don't respond, telling you that the account will be closed if you don't respond, etc. All these are signs of a phishing message.
Original website Phishing website
Report and forward the original email to the Information Security Office at security@utep.edu.Do not reply to the sender of the email. What do I do if I am unsure about a fraudulent email message? Following these steps to minimize your chances of becoming a victim of fraud: 1.Do not click on any links listed within the email message. 2.Do not open any attachments included in the email. 3.Forward the email message to The Information Security Office. 4.Review your credit card and bank statements, and your bills, for unauthorized charges or withdrawals. 5.Never enter personal information using a pop-up screen. Legitimate companies will provide secure web forms for you to fill out.
Phishing had been widely used at least half a decade ago but it still remains as one of the popular methods to scam internet users .Many of us might still be wondering why there are so many victims out there even though we had been taught from time to stay aware of a phishing scam. There are five reasons here why phishing is still a popular trick and below are the reasons. #1- it tricks the victim with fear: one of the most common method is to trick the victim by sending them an email and tell them that their internet banking account is being compromised and need to click on a link to resolve the issue. Once the user followed the link, the user will be redirected to some forged website that looks similar to the banking website which requires the user to input his/her username and password. Once that form is sent, all the data will be transmitted to the attacker controlled server.
#2-it tricks the victim with special interest: Some scammers use the scenario such as winning lottery or viewing adult material to create a temptation for the victim to click on a link that redirects to the phishing site. #3-it is not a rocket science technology: Phishing attacks involves creating a forged website and it might be difficult to certain people. However if it is compare to hacking a banking server, creating website is not that complicated. Therefore many novice or intermediate scammer will choose to use the phishing method over any other method in their hacking project. #4-it can be launched via many types of communication channel: phishing can happen not only by simply building a forged website and anticipate for the victim to come to you. It can also involve sending emails to lure them to the forged website.
Besides that, a phishing scam uses as well the manipulation of a URL and post it as a comment or forum to trick them to the forged website. Apart from using the computer knowledge to lure the victim, phishing can also be done via phone calls. The conclusion is this type of scam can be done via multiple channels and multiple techniques. #5-Compromising one account is not the end. After stealing one’s credentials is not the end, but it can be the beginning. Why is it so? Internet users nowadays have many online accounts for instance Facebook , Twitter, and LinkedIn. In common, most users will use the same username and password for each of the account so that remembering them is not an issue. Hence this can lead to the users’ credentials that had been stolen can be used as well for other accounts by the scammers.
How to Protect Yourself from Phishing The following 10 steps will help protect yourself. Whilst we have researched and made recommendations of software that will assist you, Fraud Watch International makes no warranties or guarantees about the products. 1. Never Click on Hyperlinks within emails Why? Hyperlinks within emails are often cloaked, or hidden. The text you see as a hyperlink may not be where the hyperlink takes you. Recommendation: If you are unsure of the source of the email, you should not click on hyperlinks within emails that are apparently from a legitimate company for personally sensitive
information Instead, directly type in the URL in the Internet browser address bar, or call the company on a contact number previously verified or known to be genuine. 2. Use Anti-SPAM Filter Software Why? Some studies have shown around 85% of all email sent is SPAM, with a majority fraudulent. This can be costly and time consuming to end users who receive them. Effective SPAM filters can reduce the number of fraudulent emails consumers are exposed to. 3. Use Anti-Virus Software Why? To protect against Trojan and worm attacks, anti-virus software can detect and delete virus files before they can attack a computer.
It is important to keep all anti-virus software up to date with vendor updates. These virus programs can search your computer and pass this information to fraudsters. 4. Use a Personal Firewall Why? Firewall's can monitor both incoming and outgoing Internet traffic from a computer. This can protect the computer from being hacked into, and a virus being planted, and can also block unauthorized programs from accessing the Internet, such as Trojans, worms and spyware.
5. Keep Software Updated (Operating Systems & Browsers) Why? Fraudsters and malicious computer hackers are continually finding vulnerabilities in software operating systems and Internet Browsers. Software vendors are constantly updating their software to fix these vulnerabilities and protect consumers. Recommendation: Always ensure operating and browser software is kept up to date using legitimate upgrades and patches issued by the software vendor. Visit your operating system vendors website for update information, and subscribe to any automatic updating service. 6. Always look for "https" and a padlock on a site that requests personal information Why? Information entered on an Internet Web Site can be intercepted by a third party. Web Sites that are secure protect against this activity
Recommendation: When submitting sensitive financial and personal information on the Internet, look for the locked padlock on the Internet browser's status bar or the “https://” at the start of the URL in the address bar. Although there is no guarantee of the site's legitimacy or security if they are present, the absence of these indicates that the web site is definitely not secure. 7. Keep your Computer clean from Spyware Why? Spyware & Adware are files that can be installed on your computer, even if you don't want them, without you knowing they are there! They allow companies to monitor your Internet browsing patterns, see what you purchase and even allow companies to inundate you with those annoying "pop up" ads! If you've downloaded some music, files or documents and suddenly started getting annoying ads popping up on your screen, you could definitely be infected with Spy Ware and/or Ad Ware!
8. Educate Yourself on Fraudulent Activity on the Internet Why? Internet Fraud methods are evolving at a rapid rate. Consumers need to be aware they are vulnerable as fraudsters are persuasive and convincing; many victims thought they were too smart to be scammed. Consumers should educate themselves on Internet Fraud, the trends and continual changes in fraudulent methods used. Fraud Watch International offers consumer education as a free service to the Internet community.
9. Check Your Credit Report Immediately, for Free! Why? If you have responded to a fraudulent email, you may be at risk of identity theft. A virus could have been implanted within the email, which may find and pass on sensitive personal information about you to fraudsters, or if you have provided fraudsters with any personal information, you may be at risk of Identity Theft. You should check your credit report, and subscribe to a credit report monitoring service, to be alerted if your personal information is used fraudulently.
10. Seek Advice - If you are unsure - ask us! Why? If unsure as to the legitimacy of an email, consumers should seek advice from the legitimate corporation using verified contact details. For other potentially fraudulent emails, consumers can seek advice from Fraud Watch International by forwarding the email with their questions to us. This is a free service to assist in the prevention of Internet Fraud. Recommendation: You can seek advice from Fraud Watch International by forwarding the email with your questions to scams@fraudwatchinternational.com .
www.identity-theft-scenarios.com/how-does-phishing- work.html www.microsoft.com/security/online-privacy/phishing- symptoms.aspx www.kbase.gfi.com/showarticle.asp?id=kbid002585 www.antiphishing.org www.phishing1122.blogspot.com www.planb-security.net www.londonancestor.com
Thank You

More Related Content

PPTX
Anti phishing
Shethwala Ridhvesh
 
PDF
Phishing exposed
tamfin
 
PPTX
PHISHING attack
Shubh Thakkar
 
PPT
Phishing-Updated
Jayaseelan Vejayon
 
PPTX
Phishing
SouganthikaSankaresw
 
PPT
Phishing
oitaoming
 
PPTX
Cyber crime
srishtig993
 
PPTX
Phishing attack
Raghav Chhabra
 
Anti phishing
Shethwala Ridhvesh
 
Phishing exposed
tamfin
 
PHISHING attack
Shubh Thakkar
 
Phishing-Updated
Jayaseelan Vejayon
 
Phishing
SouganthikaSankaresw
 
Phishing
oitaoming
 
Cyber crime
srishtig993
 
Phishing attack
Raghav Chhabra
 

What's hot (19)

PPTX
Cyber security tips in Banking in Nepal
Resham Acharya
 
PPT
Phishing
Syahida
 
PPTX
secure from Phishing Hacking and Keylogger
Abhishek Hirapara
 
PPTX
Phishing
Arpit Patel
 
PPTX
Phishing Attack : A big Threat
sourav newatia
 
PPT
P H I S H I N G
bensonoo
 
PDF
Edu 03 assingment
Aswani34
 
PDF
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
ControlScan, Inc.
 
PPT
Phishing attacks ppt
Aryan Ragu
 
PPT
Phishing & Pharming
Devendra Yadav
 
PDF
A Review on Antiphishing Framework
IJAEMSJORNAL
 
PPT
P H I S H I N G
chiewmingli
 
PDF
10 tips to prevent phishing attacks
Namik Heydarov
 
PPTX
The Difference between Pharming and Phishing
Mason Bird
 
ODP
phishing and pharming - evil twins
Nilantha Piyasiri
 
PPTX
S01.L06 - Internet Security
selcukca84
 
PPTX
Cyber Security (Hacking)
Dhrumit Patel
 
PPT
Social engineering
Harold Giddings
 
PDF
A guide to email spoofing
MattChapman50
 
Cyber security tips in Banking in Nepal
Resham Acharya
 
Phishing
Syahida
 
secure from Phishing Hacking and Keylogger
Abhishek Hirapara
 
Phishing
Arpit Patel
 
Phishing Attack : A big Threat
sourav newatia
 
P H I S H I N G
bensonoo
 
Edu 03 assingment
Aswani34
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
ControlScan, Inc.
 
Phishing attacks ppt
Aryan Ragu
 
Phishing & Pharming
Devendra Yadav
 
A Review on Antiphishing Framework
IJAEMSJORNAL
 
P H I S H I N G
chiewmingli
 
10 tips to prevent phishing attacks
Namik Heydarov
 
The Difference between Pharming and Phishing
Mason Bird
 
phishing and pharming - evil twins
Nilantha Piyasiri
 
S01.L06 - Internet Security
selcukca84
 
Cyber Security (Hacking)
Dhrumit Patel
 
Social engineering
Harold Giddings
 
A guide to email spoofing
MattChapman50
 
Ad

Similar to Phishing technology (20)

PPT
Phis
Presentaionslive.blogspot.com
 
PPTX
Phishing
Sagar Rai
 
PPTX
Phishing attack, with SSL Encryption and HTTPS Working
Sachin Saini
 
PDF
A Deep Dive into Phishing Techniques and Countermeasures.pdf
watchyourpocketbusin
 
PPTX
Phishing Scams: 8 Helpful Tips to Keep You Safe
CheapSSLsecurity
 
PPT
Computer 4 ict
guest1daf5af
 
PDF
Phishing 101: Part-1 Blog Welcome to this Phishing Blog Part1.
abhishekbacklink
 
PPT
Ict Phishing (Present)
aleeya91
 
PDF
What is a phishing attack
AariyaRathi
 
PPTX
IS Presetation.pptx
Tanvir Amin
 
PPT
Strategies to handle Phishing attacks
Sreejith.D. Menon
 
PPTX
Phishing
CWU Information Services Division
 
PPTX
Phishing
Syeda Javeria
 
PPTX
Phishing Technology
AvishekMondal15
 
PPT
Intro phishing
Sayali Dayama
 
PPTX
Phishing
Archit Mohanty
 
PPT
Internet Phishing El phishing es una forma de ciberdelincuencia en la que los...
i2422282
 
PDF
Phishing
Deepak Kumar (D3)
 
PPTX
Phishing
Esraa Yaseen
 
PPTX
What is Phishing - Kloudlearn
KloudLearn
 
Phis
Presentaionslive.blogspot.com
 
Phishing
Sagar Rai
 
Phishing attack, with SSL Encryption and HTTPS Working
Sachin Saini
 
A Deep Dive into Phishing Techniques and Countermeasures.pdf
watchyourpocketbusin
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
CheapSSLsecurity
 
Computer 4 ict
guest1daf5af
 
Phishing 101: Part-1 Blog Welcome to this Phishing Blog Part1.
abhishekbacklink
 
Ict Phishing (Present)
aleeya91
 
What is a phishing attack
AariyaRathi
 
IS Presetation.pptx
Tanvir Amin
 
Strategies to handle Phishing attacks
Sreejith.D. Menon
 
Phishing
CWU Information Services Division
 
Phishing
Syeda Javeria
 
Phishing Technology
AvishekMondal15
 
Intro phishing
Sayali Dayama
 
Phishing
Archit Mohanty
 
Internet Phishing El phishing es una forma de ciberdelincuencia en la que los...
i2422282
 
Phishing
Deepak Kumar (D3)
 
Phishing
Esraa Yaseen
 
What is Phishing - Kloudlearn
KloudLearn
 
Ad

Phishing technology

  • 1. Phishing Technology Presented by Preeti Papneja B.Tech (cs) 3rd yr
  • 2. 1.Introduction 2.What is Phishing 3.What might be the Phisher ask for 4.How does it Work 5.The simplified flow of information in a phishing attack 6. What should I be aware of when receiving a suspicious email? 7.What do I do if I get a phishing message? 8.What do I do if I am unsure about a fraudulent email message? 9.Why phishing is still popular 10.How to protect yourself from phishing 11. References
  • 3. Phishing: Pronounced "fishing“ The word has its Origin from two words “Password Harvesting” or fishing for Passwords Phishing is an online form of pretexting, a kind of deception in which an attacker pretends to be someone else in order to obtain sensitive information from the victim Also known as "brand spoofing“ Phishers are phishing artists. The purpose of a phishing message is to acquire sensitive information about a user.
  • 4. What is phishing Phishing refers to a person or a group of cyber- criminals who create an imitation or copy of an existing legitimate web page to trick users into providing sensitive personal information. Responding to “phishing” emails put your accounts at risk.
  • 5. What might the phisher ask for? Your password Account number, card number, Pin, access code Personality identifiable information like your date of birth, Social Security number or address Confidential information like student records, financial records or technical information Phishers typically present a plausible scenario and often take advantage of the recipient’s fear, greed. They also often present a sense of urgency. Example include message that: Tell you that your account was misused by you and will be disabled Tell you your account was compromised and will be disabled
  • 6. How does phishing Phishing attacks are most commonly work transmitted via email, but they are also transmitted via:  Instant Messaging  Social media website such as fb, MySpace and Twitter The communicational may:  Ask you to reply with specific information  Ask you to visit a web page, then ask you to share specific information  Ask you to call a phone number, which will ask you to share specific information
  • 7. The Imbedded Web Address The next way phishing works is by redirecting the victim to a seemingly legitimate website from an email. The email may look like it has been sent from a bank, the Internal Revenue Service or an online financial service such as PayPal, escrow or an online financial rewards system. The website that the victim is redirected to appears in every way to be real. Upon entering usernames, passwords or any other vital information, it is not unlikely that the website appears to crash. This is because the phisher has what he needs and doesn’t want the victim to find out about the phony website.
  • 8. The simplified flow of information in a phishing attack is: 1. A deceptive message is sent from the phisher to the user. 2. A user provides confidential information to a phishing server (normally after some interaction with the server). 3. The phisher obtain the confidential information from the server. 4. The confidential information is used to impersonate the user. 5. The phisher obtain illicit monetary gain. The discussion of technology countermeasures will center on ways to disrupt steps 1,2 and 4, as well as related technologies outside the information flow proper.
  • 12. Look for the following clues: misspelled words, unprofessional tone, bad grammar, or other problems with the content. Other things to look for: they are asking you to verify your confidential information, will hold you liable if you don't respond, telling you that the account will be closed if you don't respond, etc. All these are signs of a phishing message.
  • 13. Original website Phishing website
  • 14. Report and forward the original email to the Information Security Office at security@utep.edu.Do not reply to the sender of the email. What do I do if I am unsure about a fraudulent email message? Following these steps to minimize your chances of becoming a victim of fraud: 1.Do not click on any links listed within the email message. 2.Do not open any attachments included in the email. 3.Forward the email message to The Information Security Office. 4.Review your credit card and bank statements, and your bills, for unauthorized charges or withdrawals. 5.Never enter personal information using a pop-up screen. Legitimate companies will provide secure web forms for you to fill out.
  • 15. Phishing had been widely used at least half a decade ago but it still remains as one of the popular methods to scam internet users .Many of us might still be wondering why there are so many victims out there even though we had been taught from time to stay aware of a phishing scam. There are five reasons here why phishing is still a popular trick and below are the reasons. #1- it tricks the victim with fear: one of the most common method is to trick the victim by sending them an email and tell them that their internet banking account is being compromised and need to click on a link to resolve the issue. Once the user followed the link, the user will be redirected to some forged website that looks similar to the banking website which requires the user to input his/her username and password. Once that form is sent, all the data will be transmitted to the attacker controlled server.
  • 16. #2-it tricks the victim with special interest: Some scammers use the scenario such as winning lottery or viewing adult material to create a temptation for the victim to click on a link that redirects to the phishing site. #3-it is not a rocket science technology: Phishing attacks involves creating a forged website and it might be difficult to certain people. However if it is compare to hacking a banking server, creating website is not that complicated. Therefore many novice or intermediate scammer will choose to use the phishing method over any other method in their hacking project. #4-it can be launched via many types of communication channel: phishing can happen not only by simply building a forged website and anticipate for the victim to come to you. It can also involve sending emails to lure them to the forged website.
  • 17. Besides that, a phishing scam uses as well the manipulation of a URL and post it as a comment or forum to trick them to the forged website. Apart from using the computer knowledge to lure the victim, phishing can also be done via phone calls. The conclusion is this type of scam can be done via multiple channels and multiple techniques. #5-Compromising one account is not the end. After stealing one’s credentials is not the end, but it can be the beginning. Why is it so? Internet users nowadays have many online accounts for instance Facebook , Twitter, and LinkedIn. In common, most users will use the same username and password for each of the account so that remembering them is not an issue. Hence this can lead to the users’ credentials that had been stolen can be used as well for other accounts by the scammers.
  • 18. How to Protect Yourself from Phishing The following 10 steps will help protect yourself. Whilst we have researched and made recommendations of software that will assist you, Fraud Watch International makes no warranties or guarantees about the products. 1. Never Click on Hyperlinks within emails Why? Hyperlinks within emails are often cloaked, or hidden. The text you see as a hyperlink may not be where the hyperlink takes you. Recommendation: If you are unsure of the source of the email, you should not click on hyperlinks within emails that are apparently from a legitimate company for personally sensitive
  • 19. information Instead, directly type in the URL in the Internet browser address bar, or call the company on a contact number previously verified or known to be genuine. 2. Use Anti-SPAM Filter Software Why? Some studies have shown around 85% of all email sent is SPAM, with a majority fraudulent. This can be costly and time consuming to end users who receive them. Effective SPAM filters can reduce the number of fraudulent emails consumers are exposed to. 3. Use Anti-Virus Software Why? To protect against Trojan and worm attacks, anti-virus software can detect and delete virus files before they can attack a computer.
  • 20. It is important to keep all anti-virus software up to date with vendor updates. These virus programs can search your computer and pass this information to fraudsters. 4. Use a Personal Firewall Why? Firewall's can monitor both incoming and outgoing Internet traffic from a computer. This can protect the computer from being hacked into, and a virus being planted, and can also block unauthorized programs from accessing the Internet, such as Trojans, worms and spyware.
  • 21. 5. Keep Software Updated (Operating Systems & Browsers) Why? Fraudsters and malicious computer hackers are continually finding vulnerabilities in software operating systems and Internet Browsers. Software vendors are constantly updating their software to fix these vulnerabilities and protect consumers. Recommendation: Always ensure operating and browser software is kept up to date using legitimate upgrades and patches issued by the software vendor. Visit your operating system vendors website for update information, and subscribe to any automatic updating service. 6. Always look for "https" and a padlock on a site that requests personal information Why? Information entered on an Internet Web Site can be intercepted by a third party. Web Sites that are secure protect against this activity
  • 22. Recommendation: When submitting sensitive financial and personal information on the Internet, look for the locked padlock on the Internet browser's status bar or the “https://” at the start of the URL in the address bar. Although there is no guarantee of the site's legitimacy or security if they are present, the absence of these indicates that the web site is definitely not secure. 7. Keep your Computer clean from Spyware Why? Spyware & Adware are files that can be installed on your computer, even if you don't want them, without you knowing they are there! They allow companies to monitor your Internet browsing patterns, see what you purchase and even allow companies to inundate you with those annoying "pop up" ads! If you've downloaded some music, files or documents and suddenly started getting annoying ads popping up on your screen, you could definitely be infected with Spy Ware and/or Ad Ware!
  • 23. 8. Educate Yourself on Fraudulent Activity on the Internet Why? Internet Fraud methods are evolving at a rapid rate. Consumers need to be aware they are vulnerable as fraudsters are persuasive and convincing; many victims thought they were too smart to be scammed. Consumers should educate themselves on Internet Fraud, the trends and continual changes in fraudulent methods used. Fraud Watch International offers consumer education as a free service to the Internet community.
  • 24. 9. Check Your Credit Report Immediately, for Free! Why? If you have responded to a fraudulent email, you may be at risk of identity theft. A virus could have been implanted within the email, which may find and pass on sensitive personal information about you to fraudsters, or if you have provided fraudsters with any personal information, you may be at risk of Identity Theft. You should check your credit report, and subscribe to a credit report monitoring service, to be alerted if your personal information is used fraudulently.
  • 25. 10. Seek Advice - If you are unsure - ask us! Why? If unsure as to the legitimacy of an email, consumers should seek advice from the legitimate corporation using verified contact details. For other potentially fraudulent emails, consumers can seek advice from Fraud Watch International by forwarding the email with their questions to us. This is a free service to assist in the prevention of Internet Fraud. Recommendation: You can seek advice from Fraud Watch International by forwarding the email with your questions to scams@fraudwatchinternational.com .