Date post: | 05-Apr-2018 |
Category: |
Documents |
Upload: | gunasegarran-magadevan |
View: | 226 times |
Download: | 0 times |
of 13
7/31/2019 Anti Phising
1/13
Anti-Phishing
How To Protect Yourself
7/31/2019 Anti Phising
2/13
Recognize Phishing Scams and Fraudulent E-mails
Phishing is a type of deception designed to stealyour valuable personal data, such as credit cardnumbers, passwords, account data, or otherinformation.
Con artists might send millions of fraudulent e-mailmessages that appear to come from Web sites youtrust, like your bank or credit card company, andrequest that you provide personal information.
7/31/2019 Anti Phising
3/13
Phreaking + Fishing = Phishing- Phreaking= making phone calls for free back in 70s- Fishing = Use bait to lure the target
Phishing in 1995Target: AOL usersPurpose: getting account passwords for free timeThreat level: lowTechniques: Similar names ( www.ao1.com for www.aol.com ), social
engineering
Phishing in 2001Target: Ebayers and major banksPurpose: getting credit card numbers, accountsThreat level: medium
Techniques: Same in 1995, keylogger
Phishing in 2007
Target: Paypal, banks, ebay
Purpose: bank accounts
Threat level: high
Techniques: browser vulnerabilities, link obfuscation
History of Phishing
http://www.ao1.com/http://www.aol.com/http://www.aol.com/http://www.ao1.com/7/31/2019 Anti Phising
4/13
What Does a Phishing Scam Look Like?
As scam artists become more sophisticated, sodo their phishing e-mail messages and pop-upwindows.
They often include official-looking logos from realorganizations and other identifying informationtaken directly from legitimate Web sites.
7/31/2019 Anti Phising
5/13
Employ visual elements from target site DNS Tricks:
www.gooogle.comUnicode attacks
JavaScript AttacksSpoofed SSL lock
CertificatesPhishers can acquire certificates for domainsthey ownCertificate authorities make mistakes
Current Phishing Techniques
7/31/2019 Anti Phising
6/13
Socially aware attacksMine social relationships from public data
Phishing email appears to arrive from someone known to the victim
Use spoofed identity of trusted organization to gain trust Urge victims to update or validate their account
Threaten to terminate the account if the victims not reply Use gift or bonus as a bait
Security promises
Context-aware attacksYour bid on eBay has won!The books on your Amazon wish list are on sale!
Spear-Phishing: Improved Target Selection
7/31/2019 Anti Phising
7/13
Example.
WHO IS 210.104.211.21:Location: Korea, Republic Of
Images from Anti-Phishing Working Groups Phishing Archive
7/31/2019 Anti Phising
8/13
Here are a few phrases to look for if you think an e-mail message is aphishing scam.
"Verify your account."Businesses should not ask you to sendpasswords, login names, Social Security numbers, or other personalinformation through e-mail. If you receive an e-mail from anyone asking
you to update your credit card information, do not respond: this is aphishing scam.
"If you don't respond within 48 hours, your account will be
closed."These messages convey a sense of urgency so that you'llrespond immediately without thinking. Phishing e-mail might even claim
that your response is required because your account might have beencompromised.
How To Tell If An E-mail Message is Fraudulent
7/31/2019 Anti Phising
9/13
How To Tell If An E-mail Message is Fraudulent (contd)
"Dear Valued Customer."Phishing e-mail messages are usually sentout in bulk and often do not contain your first or last name. "Click the link below to gain access to your account."HTML-formatted messages can contain links or forms that you can fill out just as
you'd fill out a form on a Web site.The links that you are urged to clickmay contain all or part of a real company's name and are usually"masked," meaning that the link you see does not take you to that
address but somewhere different, usually a phony Web site. Notice in the following example that resting the mouse pointer on thelink reveals the real Web address, as shown in the box with the yellowbackground. The string of cryptic numbers looks nothing like thecompany's Web address, which is a suspicious sign.
Example of masked
URL addres
7/31/2019 Anti Phising
10/13
Con artists also use Uniform Resource Locators (URLs)that resemble the name of a well-known company but areslightly altered by adding, omitting, or transposing letters.
For example, the URL "www.microsoft.com" could appear
instead as:www.micosoft.comwww.mircosoft.comwww.verify-microsoft.com
How To Tell If An E-mail Message is Fraudulent (contd)
7/31/2019 Anti Phising
11/13
Never respond to an email asking for personal information
Always check the site to see if it is secure. Call the phonenumber if necessary
Never click on the link on the email. Retype the address in anew window
Keep your browser updated
Keep antivirus definitions updated Use a firewall
7/31/2019 Anti Phising
12/13
Phishing Filter
(http://www.microsoft.com/athome/security/online/phishing_filter.mspx) helps protect you from Web fraud and the risks ofpersonal data theft by warning or blocking you from reported
phishing Web sites. Install up-to-date antivirus and antispyware software.Some phishing e-mail contains malicious or unwanted software(like key loggers) that can track your activities or simply slowyour computer.
Numerous antivirus programs exist as well as comprehensivecomputer maintenance services like Norton Utilities. To helpprevent spyware or other unwanted software, downloadWindows Defender.
Install the Microsoft Phishing Filter Using
Internet Explorer 7 or Windows Live Toolbar
7/31/2019 Anti Phising
13/13
Thank You