PHISHING

CONTENTS :-IntroductionTypes of phishingExamples of phishingTechniques of phishingPrevention methods

FISHING

PHISHING

PHISHING

PHREAKING FISHING

FREAKPHONE

Phishing is an attempt to fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication.

Phishing is typically carried out by email spoofing  or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.

Types of phishingSpear phishing

Clone phishing

Whaling phishing

Characteristics of phishing emails

1. Disguised hyperlinks and sender address-

•Appear similar as the genuine institution site. •Sender address of the email also appears as originated from the targeted company.

2. Email consists of a clickable image :

• Scam emails arrive as a clickable image file containing fraud request for information.

• Clicking anywhere within the email will cause the bogus website to open.

3. Content appears genuineScam email include logos, styling, contact and copyright information. identical to those used by the targeted institution.

4. Unsolicited requests for sensitive information :

• Emails asks to click a link and provide sensitive personal information .

• It is highly unlikely that a legitimate institution would request sensitive information in such a way. 

5. Generic Greetings • Scam mails are sent in bulk to many recipients

and use generic greetings such as "Dear account holder" or "Dear [targeted institution] customer".

Phishing Techniques

• Sending mails that look trustworthy to user• Send the same email to millions of users,

requesting them to fill in personal details• Messages have an urgent note • Click on a link which is embedded in your email.

Example of Phishing Email

• Attackers situate between the customer and the real web-based application

• The attacker's server thenproxies all communications between the customer and the real web-basedapplication server

By manipulating the links for example

www.facb00k.comInstead of

www.facebook.com

Misspelled URLs or sub domains are common tricks used by Attacker

Key loggers are designed to monitor all the key strokes

Inserting malicious content into legitimate site.

Three primary types of content-injection phishing: Hackers can compromise a server through a security

vulnerability and replace or augment the legitimate content with malicious content.

Malicious content can be inserted into a site through a cross-site scripting vulnerability.

Malicious actions can be performed on a site through a SQL injection vulnerability.

• In this method, phishers used malicious software to attack on the user machine.

• This phishing attack spreads due to social engineering or security vulnerabilities.

• In social engineering, the user is convinced to open an attachment that attracts the user regarding some important information and download it containing malwares.

• Exploiting the security vulnerabilities by injecting worms and viruses is another form of malware based phishing.

• Trojan is a program that gives complete access of host computer to phishers after being installed at the host computer.

• Phishers will make the user to install the trojan software which helps in email propagating and hosting fraudulent websites.

Beast(A Trojan horse software)

• Mobile Phishing is a social engineering technique where the attack is invited via mobile texting rather than email.

• An attacker targets mobile phone users with a phishing attack for the purpose of soliciting account passwords or sensitive information from the user.

• The user is enticed to provide information or go to a compromised

web site via text message.

• Never respond to emails that request personal financial information

• Visit bank’s websites by typing the URL into the address bar

• Keep a regular check on your accounts

• Be cautious with emails and personal data

• Keep your computer secure

• Use anti-spam software

• Use anti-spyware software

• Use the Microsoft Baseline Security Analyser (MBSA)

• Use Firewall

Continued…• Protect against DNS pharming attacks

• Check the website you are visiting is secure

• Use backup system images

• Get educated about phishing prevention attack

• Always report suspicious activity

It is better to be safer now than feel sorry later.

Thank you.