KEMBAR78
Phishing attack, with SSL Encryption and HTTPS Working | PPTX
Sachin Saini, profile picture
Uploaded bySachin Saini
PPTX, PDF4,661 views

Phishing attack, with SSL Encryption and HTTPS Working

The document provides an overview of phishing attacks, explaining their motives, techniques, and impacts on individuals and organizations. It highlights various types of phishing, including spear phishing and whaling, as well as methods for protection, such as two-factor authentication and the use of SSL encryption. The document concludes with recommendations for avoiding phishing attacks and stresses the importance of education in combating this growing threat.

Downloaded 204 times
Phishing-Attack A threat to network Security 1 Presented by: Sachin Saini (1120029)
Content • Introduction. • Phishing Motives. • Basic Terminology. • Type of Phishing and its techniques. • Why Phishing Works. • Impact of Phishing. • Real live example. • Avoidance, Solution and Protection of Phishing. • SSL and its working. • HTTPS with their Working. • Conclusion. 2
What is Phishing?? • “Phishing” Keyword is a variation of “Fishing”. (Since Fishing is a process in which bait is thrown out with the hopes that while most will ignore the bait but some will be tempted into biting.) Also called - (Brand Spoofing) • A technique used to trick computer users into revealing personal or financial information. • A common online phishing scam starts with an e-mail message that appears to come from a trusted source(legitimate site) but actually directs recipients to provide information to a fraudulent Web site. 3
Continue… • Sending email that falsely claims to be from a legitimate organisation. • Phishing is typically carried out by email spoofing(trick, imitation) or instant messaging. 4
2/15/2016Footer Text 5
Phishing Motives • The primary motives behind phishing attacks, from an attacker’s perspective, are: • Financial Gain: Phishers can use stolen banking credentials to their financial benefits. • Identity Hiding: Instead of using stolen identities directly, phishers might sell the identities to others whom might be criminals seeking ways to hide their identities and activities. • Fame and Notoriety: Phishers might attack victims for the sake of peer recognition. 6
Basic Terminology • MALWARE is a general term used to refer to viruses, worms, spywares, Adware etc. It infects our system, making it behave in a way, which you do not approve of. • SPYWARE: It is a software which is installed on your computer to spy on your activities and report this data to people willing to pay for it. • ADWARE: These are the programs that deliver unwanted ads to your computer generally in Pop-Ups form. 7 Malware Spyware Adware Virus Worms
Spamming • Spamming refers to the sending of bulk-mails by an identified or unidentified source. In non-malicious form, bulk-advertising mail is sent to many accounts. • In malicious form, the attacker keeps on sending bulk mail until the mail-server runs out of disk space. 2/15/2016 8 Yes !! Mail Sent Successfully. Why is it harmful?? 1. It reduces productivity. 2. It eats up the time as requires deletions. 3. Contains fraudulent materials. 4. Even used to spread viruses. 5. Offensive contents. Do take care of the mails that appears to be official. Do not reply with your personal details. That might be a SPAM Mail.!!
Types of Phishing 9 SPEAR Phishing. CLONE Phishing. WHALING Phishing.
Spear Phishing • Spear phishing is an email that appears to be from an individual or business that you know. But it isn't. It's from the same criminal hackers who want your credit card and bank account numbers, passwords, and the financial information. • The email seems to come from someone you know. • Spear phishing is a targeted email scam with the sole purpose of obtaining unauthorized access to sensitive data. 10
Clone Phishing • It works by an already delivered email with attachments being cloned replacing the attachment or link with a malicious version. 11
Whale Phishing • Whale phishing is a term used to describe a phishing attack that is specifically aimed at wealthier individuals. Because of their relative wealth, if such a user becomes the victim of a phishing attack he can be considered a “big phish,” or, alternately, a whale. • Whaling attack emails comprise of a legal summon, consumer complaint, or managerial issues that require an urgent reply from the receiver. 12
Phishing Technique 13 Phishing Link manipul ation Key loggers Session hijackin g Phone phishin g Deceptiv e Phishin g Malwar e Phishin g Man in the middle
Deceptive Phishing • Deceptive(misleading) Messages like : need to verify account information, system failure requiring users to re- enter their information, undesirable account changes, new free services requiring quick action and many other scams are broadcast to a wide group of recipients with the hope that the user will respond by clicking a link to or signing onto a fraud site where their confidential information can be collected. 14
Malware Phishing • It refers to scams that involve running malicious software on users' PCs. Malware can be introduced as an email attachment, as a downloadable file from a web site, or by exploiting known security vulnerabilities--a particular issue for small and medium businesses (SMBs) who are not always able to keep their software applications up to date. 15
Keyloggers & Screenloggers • These are particular varieties of malware that track keyboard input and send relevant information to the hacker via the Internet. • Similarly Screenloggers send Screenshots after a specified interval of time (5-15 sec.) • They can embed themselves into users' browsers as small utility programs known as helper objects that run automatically when the browser is started as well as into system files as device drivers or screen monitors. 16
Session Hijacking • Session hijacking, sometimes also known as cookie hijacking is the exploitation of a valid computer session - sometimes also called a session key- to gain unauthorized access to information or services in a computer system • Type MITM, session sniffing, etc. 17
Man in the middle Phishing(MITM) • In these attacks hackers position themselves between the user and the legitimate website or system. They record the information being entered but continue to pass it on, so that users' transactions are not affected. • Later they can sell or use the information or credentials collected when the user is not active on the system. 18
Phone Phishing • Phishers also use the phone to hunt for personal information. Some, posing as employers, call or send emails to people who have listed themselves on job search Web site. 19
Link Manipulation • Link manipulation is the technique in which the phisher sends a link to a website. When the user clicks on the deceptive link, it opens up the phisher’s website instead of the website mentioned in the link. One of the anti- phishing techniques used to prevent link manipulation is to hover over the link to view the actual address. 20
Why phishing works? 1. Lack of knowledge • Most of the phishers-exploit the user’s lack of knowledge of computer, applications, emails, internet etc. • Such users does not know about how things work and what are the differences for example: www.ebay-members-security.com & www.ebay.com • Knowledge of security & security indicators. (Padlock Icon) 21
2. Visual Deception • Users are fooled using the syntax of the domain name. like as : www.paypa1.com instead of www.paypal.com (Substituted digit ‘1’ instead of letter ‘l’.) • Phishers use a legitimate image as hyperlink which actually links to the fraudulent website. Example : • Omitted character - www.amazon.com V/S www.amzon.com. • Missing dots - www.microsoft.com V/S wwwmicrosoft.com • Singular/plural - www.apple.com V/S www.apples.com • Repeated characters - www.google.com V/S www.gooogle.com 22
• This is a original Facebook webpage secured via HTTPS protocol, having padlock icon. 2/15/2016Footer Text 23
• This is a fake webpages having URL- http://fbaction.net/ , to gain your Credentials. 24
• Webpages of original PayPal websites. 25
• This webpages having different URL than PayPal. (www.PAYPA1.com) 26
Impact of Phishing • The Impact of phishing are both domestically and international, that are concern with the commercial and financial sectors. • Direct Financial Loss. Phishing technique is mainly done to make financial loss to a person or an organization. In this, consumers and businesses may lose from a few hundred dollars to millions of dollars. • Erosion of Public Trust in the Internet. Phishing also decreases the public’s trust in the Internet. 27
Continue… • A survey found that 9 out of 10 American adult Internet users have made changes to their Internet habits because of the threat of identity theft. • The 25% say they have stopped shopping online, while 29% of those that still shop online say they have decreased the frequency of their purchases. • Cross-Border Operations by Criminal Organizations. In this people sitting outside the country are performing criminal activities by using the technique of phishing. 28
Affected Sector 29
Phishing in the news. 30 The attack on the AP Twitter Account on April, 2013 has a serious impact on the Stock Market.
31 A single malicious email sent to workers at the South Carolina Department of Revenue on Nov-2012 , enabled an international hacker to crack into state computers and gain access to 3.8 million tax returns, including Social Security numbers and bank account information.
How to avoid Phishing Attack  Don’t click on links, download files or open attachments in emails from unknown senders.  Never email personal or financial information, even if you are close with the recipient.  Check your online accounts and bank statements regularly.  Do not divulge personal information over the phone unless you initiate the call.  Verify any person who contacts you. (phone or email). 32
Solution to Phishing Threats 33 Active Protection •Anti-Virus & Anti Spyware Software. •Regular Updates. •Frequent Full System scans. •Use Anti-Spam software. •Enable Firewall •Authorization & Authentication. Preventive Measures •Disable Cookies •Keep your Email-Id private •Use proper file access. •Be careful with email. •Use caution when downloading files on the internet.
Protection against Phishing Attack • Two Factor Authentication. • HTTPS Instead of HTTP. • Extended Validation. • Anti-Spam Software. • Hyperlink in Email. • Firewall. 34
Two-Factor Authentication • Gmail, Facebook, Dropbox, Microsoft, Apple’s iCloud and Twitter etc. is using two-factor authentication. In this process you login with a password and a secret code you will receive on your mobile phone so unless the hacker has access to your mobile too, having just your email and your password is not enough to break into your account. 35
HTTPS instead of HTTP • HTTPS is a more secure protocol than HTTP as it encrypts your browser and all the information you send or receive. • If you are looking to make online payments or transactions, opt for an HTTPS website. • Such HTTPS websites are equipped with SSL (secure socket layer) that creates a secure channel for information transition. 36
SSL Encryption • SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. • SSL uses a cryptographic system that uses two keys to encrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message. • Most Web browsers support SSL. By convention, URLs that require an SSL connection start with https instead of http. 37
How SSL Works? 38
HTTPS • Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP. • The protocol over which data is sent between your browser and the website that you are connected to. • HTTPS is often used to protect highly confidential online transactions like online banking and online shopping order forms. • Web browsers such as Internet Explorer, Firefox and Chrome also display a padlock icon in the address bar to visually indicate that a HTTPS connection is in effect. • The use of HTTPS protects against eavesdropping and man-in-the-middle attacks. 39
How HTTPS Works? 40
Extended Validation • Many websites have EV (extended validation) SSL certificates that turn address bars into a green bar so users easily get idea about authenticate websites. 41
Anti-Spam Software • With use of anti spam software user can reduce phishing attacks. Users can control spam mail thus securing himself from phishing. • These software can also help with browser hijacking, usually finding the problem and providing a solution. 42
Hyperlink in Email • Never click hyperlinks received in emails from an unknown or unverified source. Such links contain malicious codes and you be asked for login details or personal information when you reach the page you are led to from the hyperlink. 43
Firewall • With a firewall, users can prevent many browser hijacks. • It is important to have both desktop and network firewalls as firewalls check where the traffic is coming from, whether it is an acceptable domain name or Internet protocol. • It is also effective against virus attacks and spyware. 44
Conclusion • Phishing is a growing crime and one that we must be aware of. Although laws have been enacted, education is the best defence against phishing. • Being a bit suspicious of all electronic communications and websites is recommended. • Lookout for the common characteristics - sense of urgency, request for verification, and grammar and spelling errors. • Digital signature usage should be promoted for secure mail transactions. 45
Get Educated about Phishing Prevention 46 “It is better to be safer now, than feel sorry later”
Thank You !! 47

More Related Content

PPTX
Phishing Awareness Training.pptx
byHajar Bouchriha
 
PPTX
What is Phishing and How can you Avoid it?
byQuick Heal Technologies Ltd.
 
PPTX
PPT on Phishing
byPankaj Yadav
 
PPTX
Phishing
bySouganthikaSankaresw
 
PPTX
PHISHING attack
byShubh Thakkar
 
PPTX
Hyphenet Security Awareness Training
byJen Ruhman
 
PPTX
Phishing attack
byRaghav Chhabra
 
PDF
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
byControlScan, Inc.
 
Phishing Awareness Training.pptx
byHajar Bouchriha
 
What is Phishing and How can you Avoid it?
byQuick Heal Technologies Ltd.
 
PPT on Phishing
byPankaj Yadav
 
Phishing
bySouganthikaSankaresw
 
PHISHING attack
byShubh Thakkar
 
Hyphenet Security Awareness Training
byJen Ruhman
 
Phishing attack
byRaghav Chhabra
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
byControlScan, Inc.
 

What's hot

PPT
Types of attacks and threads
bysrivijaymanickam
 
PPTX
Cyber Security Awareness Program.pptx
byDinesh582831
 
PPSX
Security Awareness Training
byWilliam Mann
 
PPTX
phishing-awareness-powerpoint.pptx
byvdgtkhdh
 
PDF
What is Phishing? Phishing Attack Explained | Edureka
byEdureka!
 
PPT
Phishing attacks ppt
byAryan Ragu
 
PPTX
Social Engineering new.pptx
bySanthosh Prabhu
 
PPTX
Information Security Awareness Training Open
byFred Beck MBA, CPA
 
PPTX
Ransomware
byArmor
 
PPTX
Different Types of Phishing Attacks
bySysCloud
 
PPTX
Phishing Attack : A big Threat
bysourav newatia
 
PPTX
Email phishing and countermeasures
byJorge Sebastiao
 
PPT
Ransomware - The Growing Threat
byNick Miller
 
PPTX
Phishing
bySagar Rai
 
PDF
End-User Security Awareness
bySurya Bathulapalli
 
PPTX
Cyber crime.pptx
byDawood Faheem Abbasi
 
PPT
Phishing
byAlka Falwaria
 
PPT
Phishing: Swiming with the sharks
byNalneesh Gaur
 
PPTX
Cyber crime ✔
byhubbysoni
 
PPTX
Phishing
bySaurabhKantSahu1
 
Types of attacks and threads
bysrivijaymanickam
 
Cyber Security Awareness Program.pptx
byDinesh582831
 
Security Awareness Training
byWilliam Mann
 
phishing-awareness-powerpoint.pptx
byvdgtkhdh
 
What is Phishing? Phishing Attack Explained | Edureka
byEdureka!
 
Phishing attacks ppt
byAryan Ragu
 
Social Engineering new.pptx
bySanthosh Prabhu
 
Information Security Awareness Training Open
byFred Beck MBA, CPA
 
Ransomware
byArmor
 
Different Types of Phishing Attacks
bySysCloud
 
Phishing Attack : A big Threat
bysourav newatia
 
Email phishing and countermeasures
byJorge Sebastiao
 
Ransomware - The Growing Threat
byNick Miller
 
Phishing
bySagar Rai
 
End-User Security Awareness
bySurya Bathulapalli
 
Cyber crime.pptx
byDawood Faheem Abbasi
 
Phishing
byAlka Falwaria
 
Phishing: Swiming with the sharks
byNalneesh Gaur
 
Cyber crime ✔
byhubbysoni
 
Phishing
bySaurabhKantSahu1
 

Similar to Phishing attack, with SSL Encryption and HTTPS Working

PPTX
Phising a Threat to Network Security
byanjuselina
 
PPTX
Phishing technology
byPreeti Papneja
 
PPT
Strategies to handle Phishing attacks
bySreejith.D. Menon
 
PPTX
Phishing technology
byPreeti Papneja
 
PPTX
Phishing technology
byPreeti Papneja
 
PDF
Phishing 101 General Course
byAaron Keating
 
PPTX
Chapter-5.pptx
byShreyaKushwaha28
 
PDF
Phishing: Analysis and Countermeasures
byIRJET Journal
 
PPTX
Phishing
bySyeda Javeria
 
PPTX
Phishing & spamming
byKavis Pandey
 
PPTX
Seminar
byKavis Pandey
 
PPTX
phishing.pptx
byReenuMariaBinoy1
 
PPTX
Lect6_TWIN_PHIS.pptxdsdwdwdjjdo2jdo2d2d2d2d
byzmulani8
 
PPTX
Phishing
byArpit Patel
 
PPTX
Phishing technology
byharpinderkaur123
 
PPTX
Phishing Whaling and Hacking Case Studies.pptx
byStephen Jesukanth Martin
 
PPTX
Rods and Hooks - The Phishing Trip by Soummya Mukhopadhyay
bynull - The Open Security Community
 
PDF
OWASP_Presentation_FINAl. Cybercrime and cyber security awareness
byMaherHamza9
 
PPTX
edu 3 ppt.pptx
byArchaWashington
 
PPT
Exploring And Investigating New Dimensions In Phishing
byMuhammad Haroon CISM PCI QSA ISMS LA CPTS CEH
 
Phising a Threat to Network Security
byanjuselina
 
Phishing technology
byPreeti Papneja
 
Strategies to handle Phishing attacks
bySreejith.D. Menon
 
Phishing technology
byPreeti Papneja
 
Phishing technology
byPreeti Papneja
 
Phishing 101 General Course
byAaron Keating
 
Chapter-5.pptx
byShreyaKushwaha28
 
Phishing: Analysis and Countermeasures
byIRJET Journal
 
Phishing
bySyeda Javeria
 
Phishing & spamming
byKavis Pandey
 
Seminar
byKavis Pandey
 
phishing.pptx
byReenuMariaBinoy1
 
Lect6_TWIN_PHIS.pptxdsdwdwdjjdo2jdo2d2d2d2d
byzmulani8
 
Phishing
byArpit Patel
 
Phishing technology
byharpinderkaur123
 
Phishing Whaling and Hacking Case Studies.pptx
byStephen Jesukanth Martin
 
Rods and Hooks - The Phishing Trip by Soummya Mukhopadhyay
bynull - The Open Security Community
 
OWASP_Presentation_FINAl. Cybercrime and cyber security awareness
byMaherHamza9
 
edu 3 ppt.pptx
byArchaWashington
 
Exploring And Investigating New Dimensions In Phishing
byMuhammad Haroon CISM PCI QSA ISMS LA CPTS CEH
 

Recently uploaded

PDF
kjhhhhhhhhhhhhhhhhhhhhhhhhhhhhhkjhkkkkkkkkkkkkkkkkjh
bybishnoijordan29
 
PDF
WHMCS Croster 2.1.2 Nulled Pre Activated
byCroster 2.1.2 Nulled
 
PDF
Unlocking-the-Future-AI-Software-Development-Services.pdf
byPrologicTechnologies
 
PPTX
Protection from Cyber attacks and Security Firewall
byAjayTiwari684365
 
PDF
Nome completo de Laurence Gregory Watkins
bydiariodocentrodomundo
 
PPTX
Viva_Digitally_Online_Meeting_Presentation.pptx
byHubraSEO
 
PPTX
Pembagian kelompok menentuan tema yntuk paud.pptx
bywiwiktriwahyuni13
 
PDF
The 13 satanic codes for Self Power and Sovereignty
byhikariaoki1
 
PDF
Dark Humanism 200 Principles for living a life in shadow
byhikariaoki1
 
PPTX
Presentation contoso chart 1 2 3 4 5 6 7 8
byJohannReyes3
 
PPTX
The First Internet Message was sent on 29 Oct 1969. However . . .
byBob Mayer
 
PDF
Buying, Aged Twitter Accounts_ The Secret to Instant Growth.pdf
byBEST IT SMM
 
PPTX
Generating-Patterns: Arithmetic Sequences, Arithmetic Mean,
byChanelleObate
 
PDF
Reality Drift: Cultural and Academic Footprints Across Media, Classrooms, and...
byDr. Samuel Wellington
 
PPTX
TREC_2024_Lateral_Reading_Purpose_and_Need.pptx
byGichxIocHiIvdug
 
PPTX
一比一原版(StuttgartH毕业证书)斯图加特工程应用技术大学毕业证办理成绩单学历认证
by办硕士文凭昆士兰科技大学学历认证【Q微号:1954 292 140】QUT毕业证成绩单
 
PPTX
Hathway_Fiber_Bajaj_wi-Fi_Best internet_
byHATHWAY FIBER INTERNET SERVICE PROVIDER in Bajaj enclave
 
PPTX
UNIT –I community health CHN P.B.Sc ppt.pptx
byDr.Anjalatchi Muthukumaran
 
kjhhhhhhhhhhhhhhhhhhhhhhhhhhhhhkjhkkkkkkkkkkkkkkkkjh
bybishnoijordan29
 
WHMCS Croster 2.1.2 Nulled Pre Activated
byCroster 2.1.2 Nulled
 
Unlocking-the-Future-AI-Software-Development-Services.pdf
byPrologicTechnologies
 
Protection from Cyber attacks and Security Firewall
byAjayTiwari684365
 
Nome completo de Laurence Gregory Watkins
bydiariodocentrodomundo
 
Viva_Digitally_Online_Meeting_Presentation.pptx
byHubraSEO
 
Pembagian kelompok menentuan tema yntuk paud.pptx
bywiwiktriwahyuni13
 
The 13 satanic codes for Self Power and Sovereignty
byhikariaoki1
 
Dark Humanism 200 Principles for living a life in shadow
byhikariaoki1
 
Presentation contoso chart 1 2 3 4 5 6 7 8
byJohannReyes3
 
The First Internet Message was sent on 29 Oct 1969. However . . .
byBob Mayer
 
Buying, Aged Twitter Accounts_ The Secret to Instant Growth.pdf
byBEST IT SMM
 
Generating-Patterns: Arithmetic Sequences, Arithmetic Mean,
byChanelleObate
 
Reality Drift: Cultural and Academic Footprints Across Media, Classrooms, and...
byDr. Samuel Wellington
 
TREC_2024_Lateral_Reading_Purpose_and_Need.pptx
byGichxIocHiIvdug
 
一比一原版(StuttgartH毕业证书)斯图加特工程应用技术大学毕业证办理成绩单学历认证
by办硕士文凭昆士兰科技大学学历认证【Q微号:1954 292 140】QUT毕业证成绩单
 
Hathway_Fiber_Bajaj_wi-Fi_Best internet_
byHATHWAY FIBER INTERNET SERVICE PROVIDER in Bajaj enclave
 
UNIT –I community health CHN P.B.Sc ppt.pptx
byDr.Anjalatchi Muthukumaran
 

Phishing attack, with SSL Encryption and HTTPS Working

  • 1.
    Phishing-Attack A threat tonetwork Security 1 Presented by: Sachin Saini (1120029)
  • 2.
    Content • Introduction. • PhishingMotives. • Basic Terminology. • Type of Phishing and its techniques. • Why Phishing Works. • Impact of Phishing. • Real live example. • Avoidance, Solution and Protection of Phishing. • SSL and its working. • HTTPS with their Working. • Conclusion. 2
  • 3.
    What is Phishing?? •“Phishing” Keyword is a variation of “Fishing”. (Since Fishing is a process in which bait is thrown out with the hopes that while most will ignore the bait but some will be tempted into biting.) Also called - (Brand Spoofing) • A technique used to trick computer users into revealing personal or financial information. • A common online phishing scam starts with an e-mail message that appears to come from a trusted source(legitimate site) but actually directs recipients to provide information to a fraudulent Web site. 3
  • 4.
    Continue… • Sending emailthat falsely claims to be from a legitimate organisation. • Phishing is typically carried out by email spoofing(trick, imitation) or instant messaging. 4
  • 5.
  • 6.
    Phishing Motives • Theprimary motives behind phishing attacks, from an attacker’s perspective, are: • Financial Gain: Phishers can use stolen banking credentials to their financial benefits. • Identity Hiding: Instead of using stolen identities directly, phishers might sell the identities to others whom might be criminals seeking ways to hide their identities and activities. • Fame and Notoriety: Phishers might attack victims for the sake of peer recognition. 6
  • 7.
    Basic Terminology • MALWAREis a general term used to refer to viruses, worms, spywares, Adware etc. It infects our system, making it behave in a way, which you do not approve of. • SPYWARE: It is a software which is installed on your computer to spy on your activities and report this data to people willing to pay for it. • ADWARE: These are the programs that deliver unwanted ads to your computer generally in Pop-Ups form. 7 Malware Spyware Adware Virus Worms
  • 8.
    Spamming • Spamming refersto the sending of bulk-mails by an identified or unidentified source. In non-malicious form, bulk-advertising mail is sent to many accounts. • In malicious form, the attacker keeps on sending bulk mail until the mail-server runs out of disk space. 2/15/2016 8 Yes !! Mail Sent Successfully. Why is it harmful?? 1. It reduces productivity. 2. It eats up the time as requires deletions. 3. Contains fraudulent materials. 4. Even used to spread viruses. 5. Offensive contents. Do take care of the mails that appears to be official. Do not reply with your personal details. That might be a SPAM Mail.!!
  • 9.
    Types of Phishing 9 SPEARPhishing. CLONE Phishing. WHALING Phishing.
  • 10.
    Spear Phishing • Spearphishing is an email that appears to be from an individual or business that you know. But it isn't. It's from the same criminal hackers who want your credit card and bank account numbers, passwords, and the financial information. • The email seems to come from someone you know. • Spear phishing is a targeted email scam with the sole purpose of obtaining unauthorized access to sensitive data. 10
  • 11.
    Clone Phishing • Itworks by an already delivered email with attachments being cloned replacing the attachment or link with a malicious version. 11
  • 12.
    Whale Phishing • Whalephishing is a term used to describe a phishing attack that is specifically aimed at wealthier individuals. Because of their relative wealth, if such a user becomes the victim of a phishing attack he can be considered a “big phish,” or, alternately, a whale. • Whaling attack emails comprise of a legal summon, consumer complaint, or managerial issues that require an urgent reply from the receiver. 12
  • 13.
  • 14.
    Deceptive Phishing • Deceptive(misleading)Messages like : need to verify account information, system failure requiring users to re- enter their information, undesirable account changes, new free services requiring quick action and many other scams are broadcast to a wide group of recipients with the hope that the user will respond by clicking a link to or signing onto a fraud site where their confidential information can be collected. 14
  • 15.
    Malware Phishing • Itrefers to scams that involve running malicious software on users' PCs. Malware can be introduced as an email attachment, as a downloadable file from a web site, or by exploiting known security vulnerabilities--a particular issue for small and medium businesses (SMBs) who are not always able to keep their software applications up to date. 15
  • 16.
    Keyloggers & Screenloggers •These are particular varieties of malware that track keyboard input and send relevant information to the hacker via the Internet. • Similarly Screenloggers send Screenshots after a specified interval of time (5-15 sec.) • They can embed themselves into users' browsers as small utility programs known as helper objects that run automatically when the browser is started as well as into system files as device drivers or screen monitors. 16
  • 17.
    Session Hijacking • Sessionhijacking, sometimes also known as cookie hijacking is the exploitation of a valid computer session - sometimes also called a session key- to gain unauthorized access to information or services in a computer system • Type MITM, session sniffing, etc. 17
  • 18.
    Man in themiddle Phishing(MITM) • In these attacks hackers position themselves between the user and the legitimate website or system. They record the information being entered but continue to pass it on, so that users' transactions are not affected. • Later they can sell or use the information or credentials collected when the user is not active on the system. 18
  • 19.
    Phone Phishing • Phishersalso use the phone to hunt for personal information. Some, posing as employers, call or send emails to people who have listed themselves on job search Web site. 19
  • 20.
    Link Manipulation • Linkmanipulation is the technique in which the phisher sends a link to a website. When the user clicks on the deceptive link, it opens up the phisher’s website instead of the website mentioned in the link. One of the anti- phishing techniques used to prevent link manipulation is to hover over the link to view the actual address. 20
  • 21.
    Why phishing works? 1.Lack of knowledge • Most of the phishers-exploit the user’s lack of knowledge of computer, applications, emails, internet etc. • Such users does not know about how things work and what are the differences for example: www.ebay-members-security.com & www.ebay.com • Knowledge of security & security indicators. (Padlock Icon) 21
  • 22.
    2. Visual Deception •Users are fooled using the syntax of the domain name. like as : www.paypa1.com instead of www.paypal.com (Substituted digit ‘1’ instead of letter ‘l’.) • Phishers use a legitimate image as hyperlink which actually links to the fraudulent website. Example : • Omitted character - www.amazon.com V/S www.amzon.com. • Missing dots - www.microsoft.com V/S wwwmicrosoft.com • Singular/plural - www.apple.com V/S www.apples.com • Repeated characters - www.google.com V/S www.gooogle.com 22
  • 23.
    • This isa original Facebook webpage secured via HTTPS protocol, having padlock icon. 2/15/2016Footer Text 23
  • 24.
    • This isa fake webpages having URL- http://fbaction.net/ , to gain your Credentials. 24
  • 25.
    • Webpages oforiginal PayPal websites. 25
  • 26.
    • This webpageshaving different URL than PayPal. (www.PAYPA1.com) 26
  • 27.
    Impact of Phishing •The Impact of phishing are both domestically and international, that are concern with the commercial and financial sectors. • Direct Financial Loss. Phishing technique is mainly done to make financial loss to a person or an organization. In this, consumers and businesses may lose from a few hundred dollars to millions of dollars. • Erosion of Public Trust in the Internet. Phishing also decreases the public’s trust in the Internet. 27
  • 28.
    Continue… • A surveyfound that 9 out of 10 American adult Internet users have made changes to their Internet habits because of the threat of identity theft. • The 25% say they have stopped shopping online, while 29% of those that still shop online say they have decreased the frequency of their purchases. • Cross-Border Operations by Criminal Organizations. In this people sitting outside the country are performing criminal activities by using the technique of phishing. 28
  • 29.
  • 30.
    Phishing in thenews. 30 The attack on the AP Twitter Account on April, 2013 has a serious impact on the Stock Market.
  • 31.
    31 A single maliciousemail sent to workers at the South Carolina Department of Revenue on Nov-2012 , enabled an international hacker to crack into state computers and gain access to 3.8 million tax returns, including Social Security numbers and bank account information.
  • 32.
    How to avoidPhishing Attack  Don’t click on links, download files or open attachments in emails from unknown senders.  Never email personal or financial information, even if you are close with the recipient.  Check your online accounts and bank statements regularly.  Do not divulge personal information over the phone unless you initiate the call.  Verify any person who contacts you. (phone or email). 32
  • 33.
    Solution to Phishing Threats 33 ActiveProtection •Anti-Virus & Anti Spyware Software. •Regular Updates. •Frequent Full System scans. •Use Anti-Spam software. •Enable Firewall •Authorization & Authentication. Preventive Measures •Disable Cookies •Keep your Email-Id private •Use proper file access. •Be careful with email. •Use caution when downloading files on the internet.
  • 34.
    Protection against Phishing Attack •Two Factor Authentication. • HTTPS Instead of HTTP. • Extended Validation. • Anti-Spam Software. • Hyperlink in Email. • Firewall. 34
  • 35.
    Two-Factor Authentication • Gmail, Facebook,Dropbox, Microsoft, Apple’s iCloud and Twitter etc. is using two-factor authentication. In this process you login with a password and a secret code you will receive on your mobile phone so unless the hacker has access to your mobile too, having just your email and your password is not enough to break into your account. 35
  • 36.
    HTTPS instead ofHTTP • HTTPS is a more secure protocol than HTTP as it encrypts your browser and all the information you send or receive. • If you are looking to make online payments or transactions, opt for an HTTPS website. • Such HTTPS websites are equipped with SSL (secure socket layer) that creates a secure channel for information transition. 36
  • 37.
    SSL Encryption • SSL(Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. • SSL uses a cryptographic system that uses two keys to encrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message. • Most Web browsers support SSL. By convention, URLs that require an SSL connection start with https instead of http. 37
  • 38.
  • 39.
    HTTPS • Hyper TextTransfer Protocol Secure (HTTPS) is the secure version of HTTP. • The protocol over which data is sent between your browser and the website that you are connected to. • HTTPS is often used to protect highly confidential online transactions like online banking and online shopping order forms. • Web browsers such as Internet Explorer, Firefox and Chrome also display a padlock icon in the address bar to visually indicate that a HTTPS connection is in effect. • The use of HTTPS protects against eavesdropping and man-in-the-middle attacks. 39
  • 40.
  • 41.
    Extended Validation • Manywebsites have EV (extended validation) SSL certificates that turn address bars into a green bar so users easily get idea about authenticate websites. 41
  • 42.
    Anti-Spam Software • Withuse of anti spam software user can reduce phishing attacks. Users can control spam mail thus securing himself from phishing. • These software can also help with browser hijacking, usually finding the problem and providing a solution. 42
  • 43.
    Hyperlink in Email •Never click hyperlinks received in emails from an unknown or unverified source. Such links contain malicious codes and you be asked for login details or personal information when you reach the page you are led to from the hyperlink. 43
  • 44.
    Firewall • With afirewall, users can prevent many browser hijacks. • It is important to have both desktop and network firewalls as firewalls check where the traffic is coming from, whether it is an acceptable domain name or Internet protocol. • It is also effective against virus attacks and spyware. 44
  • 45.
    Conclusion • Phishing isa growing crime and one that we must be aware of. Although laws have been enacted, education is the best defence against phishing. • Being a bit suspicious of all electronic communications and websites is recommended. • Lookout for the common characteristics - sense of urgency, request for verification, and grammar and spelling errors. • Digital signature usage should be promoted for secure mail transactions. 45
  • 46.
    Get Educated about PhishingPrevention 46 “It is better to be safer now, than feel sorry later”
  • 47.