Phishing Ppt
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Phishing Ppt as PDF for free.
More details
- Words: 786
- Pages: 25
PHISHING BASICS • Pronounced "fishing“ • The word has its Origin from two words “Password Harvesting” or fishing for Passwords • Phishing is an online form of pretexting, a kind of deception in which an attacker pretends to be someone else in order to obtain sensitive information from the victim • Also known as "brand spoofing“ • Phishers are phishing artists
Dept. of I&CT, MIT, Manipal
COMPARISON TO SPAM • The purpose of a phishing message is to acquire sensitive information about a user. For doing so the message needs to deceive the intended recipient. • So it doesn’t contains any useful information and hence falls under the category of spam. • A spam message tries to sell a product or service, whereas phishing message needs to look like it is from a legitimate organization. • Techniques applied to spam message cant be applied naively to phishing messages.
Dept. of I&CT, MIT, Manipal
ANATOMY OF PHISHING MESSAGE A raw phishing message can be split into two components: • Content • Headers
Dept. of I&CT, MIT, Manipal
ANATOMY OF PHISHING MESSAGE
Sting
Dept. of I&CT, MIT, Manipal
CONTENT It is further subdivided into two parts:
• Cover • Sting
Dept. of I&CT, MIT, Manipal
HEADERS It is further subdivided into two parts:
• Mail clients • Mail relays
Dept. of I&CT, MIT, Manipal
WHY PHISHING ATTACK! Lack of Knowledge • • •
computer system security and security indicators web fraud
Visual Deception • •
Visually deceptive text Images masking underlying text
Dept. of I&CT, MIT, Manipal
Lack of computer knowledge www.ebay.com
www.ebay-memberssecurity.com
Dept. of I&CT, MIT, Manipal
Lack of knowledge of security and security indicators
Dept. of I&CT, MIT, Manipal
Lack of knowledge of web-fraud
Dept. of I&CT, MIT, Manipal
Visually Deceptive Text Original website
Phishing website
Dept. of I&CT, MIT, Manipal
Image Masking Underlying Text
Dept. of I&CT, MIT, Manipal
MANTRA OF PHISHERS
Succ
Decei t
attack
Neglect
Configuration Dept. of I&CT, MIT, Manipal
Legal Response • In the United State, Senator Patrick Leahy introduced the Anti-Phishing Act of 2005 in Congress on March 1, 2005.
Dept. of I&CT, MIT, Manipal
How to Avoid being a Phishing victim 1.
Never respond to requests for personal information via email. When in doubt, call the institution that claims to have sent you the email. E.g. “Dear Sir or Madam” rather than “Dear Dr. Phatak” 2. If you suspect the message might not be authentic, don't use the links within the email to get to a web page. 3. Never fill out forms in email messages that ask for confidential information
Dept. of I&CT, MIT, Manipal
How to Avoid being a Phishing victim…
Dept. of I&CT, MIT, Manipal
How to Avoid being a Phishing victim… 4. Always ensure that you're using a secure website when submitting credit card or other sensitive information via your web browser • check the beginning of the Web address in your browsers address bar - it should be ‘https://’ rather than just ‘http://’ • look for the locked padlock icon on your Dept. of I&CT, MIT, Manipal
How to Avoid being a Phishing victim… 5.
Regularly check your bank, credit and debit card statements to ensure that all transactions are legitimate and if anything is suspicious, contact your bank and all card issuers immediately
6. Ensure that your browser and OS software is up-to-date and that latest security patches are applied
Dept. of I&CT, MIT, Manipal
How to Avoid being a Phishing victim… 7. Verify the real address of a web site. • javascript:alert("The actual URL of this site has been verified as: " + location. protocol + "//" + location. hostname +"/");
Dept. of I&CT, MIT, Manipal
ANALYSIS OF A PHISHING DATABASE
• • • •
The Anti Phishing Working Group maintains a “Phishing Archive” Certificate (digital certificate, public key certificate) Certificate Authority (CA) HTTPS Secure Sockets Layer (SSL) and Transport Layer Security(TLS)
Dept. of I&CT, MIT, Manipal
MANTRA OF VICTIMS
Un-
F act
attack
Myths Dept. of I&CT, MIT, Manipal
Solution
REFERENCES 1. 2. 3. 4. 5. 6. 7. 8. 9.
Cannon, J.C. Privacy. Pearson Education, 2005. Hilley, Sarah. “Internet war: picking on the finance Sectorsurvey.” Computer Fraud & Security, October 2006. Bellowing, Steven. “Spamming, Phishing, Authentication and Privacy.” Inside Risks, December 2004 Mulrean, Jennifer. “Phishing scams: How to avoid Getting hooked.” Dollar Wise. Hunter, Philip. “Microsoft declares war on phishers.” Computer Fraud & Security May 2006: Google. http://www.google.com Anti-Phishing Working Group. Phishing Activity Trends Report November 2005 Anti-Phishing Working Group Phishing Archive. http://antiphishing.org/phishing_archive.htm Ba, S. & P. Pavlov. Evidence of the Effect of Trust Building Technology in Electronic Markets: Price Premiums and Buyer Behavior.
Dept. of I&CT, MIT, Manipal
Dept. of ICT, MIT, Manipal
THANK YOU Dept. of I&CT, MIT, Manipal
Dept. of I&CT, MIT, Manipal
COMPARISON TO SPAM • The purpose of a phishing message is to acquire sensitive information about a user. For doing so the message needs to deceive the intended recipient. • So it doesn’t contains any useful information and hence falls under the category of spam. • A spam message tries to sell a product or service, whereas phishing message needs to look like it is from a legitimate organization. • Techniques applied to spam message cant be applied naively to phishing messages.
Dept. of I&CT, MIT, Manipal
ANATOMY OF PHISHING MESSAGE A raw phishing message can be split into two components: • Content • Headers
Dept. of I&CT, MIT, Manipal
ANATOMY OF PHISHING MESSAGE
Sting
Dept. of I&CT, MIT, Manipal
CONTENT It is further subdivided into two parts:
• Cover • Sting
Dept. of I&CT, MIT, Manipal
HEADERS It is further subdivided into two parts:
• Mail clients • Mail relays
Dept. of I&CT, MIT, Manipal
WHY PHISHING ATTACK! Lack of Knowledge • • •
computer system security and security indicators web fraud
Visual Deception • •
Visually deceptive text Images masking underlying text
Dept. of I&CT, MIT, Manipal
Lack of computer knowledge www.ebay.com
www.ebay-memberssecurity.com
Dept. of I&CT, MIT, Manipal
Lack of knowledge of security and security indicators
Dept. of I&CT, MIT, Manipal
Lack of knowledge of web-fraud
Dept. of I&CT, MIT, Manipal
Visually Deceptive Text Original website
Phishing website
Dept. of I&CT, MIT, Manipal
Image Masking Underlying Text
Dept. of I&CT, MIT, Manipal
MANTRA OF PHISHERS
Succ
Decei t
attack
Neglect
Configuration Dept. of I&CT, MIT, Manipal
Legal Response • In the United State, Senator Patrick Leahy introduced the Anti-Phishing Act of 2005 in Congress on March 1, 2005.
Dept. of I&CT, MIT, Manipal
How to Avoid being a Phishing victim 1.
Never respond to requests for personal information via email. When in doubt, call the institution that claims to have sent you the email. E.g. “Dear Sir or Madam” rather than “Dear Dr. Phatak” 2. If you suspect the message might not be authentic, don't use the links within the email to get to a web page. 3. Never fill out forms in email messages that ask for confidential information
Dept. of I&CT, MIT, Manipal
How to Avoid being a Phishing victim…
Dept. of I&CT, MIT, Manipal
How to Avoid being a Phishing victim… 4. Always ensure that you're using a secure website when submitting credit card or other sensitive information via your web browser • check the beginning of the Web address in your browsers address bar - it should be ‘https://’ rather than just ‘http://’ • look for the locked padlock icon on your Dept. of I&CT, MIT, Manipal
How to Avoid being a Phishing victim… 5.
Regularly check your bank, credit and debit card statements to ensure that all transactions are legitimate and if anything is suspicious, contact your bank and all card issuers immediately
6. Ensure that your browser and OS software is up-to-date and that latest security patches are applied
Dept. of I&CT, MIT, Manipal
How to Avoid being a Phishing victim… 7. Verify the real address of a web site. • javascript:alert("The actual URL of this site has been verified as: " + location. protocol + "//" + location. hostname +"/");
Dept. of I&CT, MIT, Manipal
ANALYSIS OF A PHISHING DATABASE
• • • •
The Anti Phishing Working Group maintains a “Phishing Archive” Certificate (digital certificate, public key certificate) Certificate Authority (CA) HTTPS Secure Sockets Layer (SSL) and Transport Layer Security(TLS)
Dept. of I&CT, MIT, Manipal
MANTRA OF VICTIMS
Un-
F act
attack
Myths Dept. of I&CT, MIT, Manipal
Solution
REFERENCES 1. 2. 3. 4. 5. 6. 7. 8. 9.
Cannon, J.C. Privacy. Pearson Education, 2005. Hilley, Sarah. “Internet war: picking on the finance Sectorsurvey.” Computer Fraud & Security, October 2006. Bellowing, Steven. “Spamming, Phishing, Authentication and Privacy.” Inside Risks, December 2004 Mulrean, Jennifer. “Phishing scams: How to avoid Getting hooked.” Dollar Wise. Hunter, Philip. “Microsoft declares war on phishers.” Computer Fraud & Security May 2006: Google. http://www.google.com Anti-Phishing Working Group. Phishing Activity Trends Report November 2005 Anti-Phishing Working Group Phishing Archive. http://antiphishing.org/phishing_archive.htm Ba, S. & P. Pavlov. Evidence of the Effect of Trust Building Technology in Electronic Markets: Price Premiums and Buyer Behavior.
Dept. of I&CT, MIT, Manipal
Dept. of ICT, MIT, Manipal
THANK YOU Dept. of I&CT, MIT, Manipal
Related Documents
Phishing Ppt
December 2019 18
Phishing
June 2020 5
Phishing
December 2019 14
My Phishing
July 2020 13
Aeat Phishing
November 2019 8
Tugas Phishing
June 2020 14More Documents from ""
Phishing
December 2019 14
Bum Run Grad Ppt
July 2020 15
Phishing Ppt
December 2019 18
International Business
July 2020 15