Date post: | 04-Jun-2018 |
Category: |
Documents |
Upload: | marco-antonio-martinez-andrade |
View: | 215 times |
Download: | 0 times |
of 23
8/13/2019 72935127-Phishing
1/23
PHISHING
8/13/2019 72935127-Phishing
2/23
Phishing is a way of attempting to acquire information such asusernames, password, and credit card details by a fake
website.Phishing is typically carried out by email spoofing or instantmessaging, and it often directs users to enter details at a fakewebsite whose look and feel are almost identical to the orignalone.
The word has its Origin from two words Password Harvesting or fishing for Passwords. Also known as " brand spoofing .
PHISHING BASICS
http://en.wikipedia.org/wiki/Instant_messaginghttp://en.wikipedia.org/wiki/Instant_messaging8/13/2019 72935127-Phishing
3/23
Examples
8/13/2019 72935127-Phishing
4/23
Examples
8/13/2019 72935127-Phishing
5/23
The purpose of a phishing message is to acquire sensitiveinformation about a user. For doing so the message needs todeceive the intended recipient.So it doesnt contains any useful information and hence fallsunder the category of spam.A spam message tries to sell a product or service, whereasphishing message needs to look like it is from a orginal
organization.Techniques applied to spam message cant be applied naivelyto phishing messages.
COMPARISON TO SPAM
8/13/2019 72935127-Phishing
6/23
A raw phishing message can be split into twocomponents:
Content Headers
ANATOMY OF PHISHING
MESSAGE
8/13/2019 72935127-Phishing
7/23
ANATOMY OF PHISHING MESSAGE
Sting
8/13/2019 72935127-Phishing
8/23
It is further subdivided into two parts:
Mail clientsMail relays
HEADERS
8/13/2019 72935127-Phishing
9/23
It is further subdivided into two parts:
CoverSting
CONTENT
8/13/2019 72935127-Phishing
10/23
Lack of Knowledgecomputer system
security and security indicatorsweb fraud
Visual DeceptionVisually deceptive text
Images masking underlying text
WHY PHISHING ATTACK!
8/13/2019 72935127-Phishing
11/23
8/13/2019 72935127-Phishing
12/23
8/13/2019 72935127-Phishing
13/23
Lack of knowledge of web-
fraud
8/13/2019 72935127-Phishing
14/23
Visually Deceptive Text
Original website Phishing website
8/13/2019 72935127-Phishing
15/23
Image Masking Underlying Text
8/13/2019 72935127-Phishing
16/23
In the United State, Anti-Phishing Act of 2005 introduced inCongress on March 1, 2005. According to this act anyone whocreated fake web sites and sent fake e-mails in order to defraudconsumers could be fined up to US$250000and prison terms of upto five years.
Legal Response
http://en.wikipedia.org/wiki/Anti-Phishing_Act_of_2005http://en.wikipedia.org/wiki/Anti-Phishing_Act_of_2005http://en.wikipedia.org/wiki/Anti-Phishing_Act_of_2005http://en.wikipedia.org/wiki/Anti-Phishing_Act_of_20058/13/2019 72935127-Phishing
17/23
1. Never respond to requests for personal informationvia email. When in doubt, call the institution that
claims to have sent you the email.E.g. Dear Sir or Madam rather than Dear Dr.Phatak
2. If you suspect the message might not be authentic,don't use the links within the email to get to a webpage.
3. Never fill out forms in email messages that ask forconfidential information
How to Avoid being a Phishing victim
8/13/2019 72935127-Phishing
18/23
How to Avoid being a Phishing victim
8/13/2019 72935127-Phishing
19/23
How to Avoid being a Phishing victim
4. Always ensure that you'reusing a secure websitewhen submitting credit
card or other sensitiveinformation via your webbrowsercheck the beginning of theWeb address in yourbrowsers address bar - itshould be https:// ratherthan just http:// look for the locked padlockicon on your browser(i.e.Netscape/Mozilla)
8/13/2019 72935127-Phishing
20/23
5. Regularly check your bank, credit and debit cardstatements to ensure that all transactions are
legitimate and if anything is suspicious, contactyour bank and all card issuers immediately
6. Ensure that your browser and OS software is up-to-date and that latest security patches are applied
How to Avoid being a Phishing victim
8/13/2019 72935127-Phishing
21/23
How to Avoid being a Phishing victim
7. Verify the real addressof a web site.
javascript:alert("Theactual URL of this site hasbeen verified as: " +location. protocol + "//" +
location. hostname +"/");
8/13/2019 72935127-Phishing
22/23
The Anti Phishing Working Group maintains a Phishing ArchiveCertificate (digital certificate, public key certificate)Certificate Authority (CA) HTTPSSecure Sockets Layer (SSL) and Transport Layer Security(TLS)
ANALYSIS OF A PHISHING DATABASE
8/13/2019 72935127-Phishing
23/23
THANK YOU