51 phishing attacks

19
ATTACK & COUNTER MEASURES

Upload: salman-shaikh

Post on 07-Jul-2015

104 views

Category:

Documents


3 download

TRANSCRIPT

Page 1: 51 phishing attacks

ATTACK & COUNTER MEASURES

Page 2: 51 phishing attacks

INTRODUCTIONCoined in 1996 by computer hackers.Hackers use e-mail to fish the internet hoping to hook

users into supplying them the logins, passwords and/or credit card information.

In a typical phishing attack a user will receive an e-mail message impersonated to be sent by a financial institution.

1%-20% users respond to such attacks.

Page 3: 51 phishing attacks

PHISHING ATTACKSPhishing attacks are combined with malicious code

attacks such as Mimail, Bank Withdrawal Trojan, Mydoom.m worm etc

In such blended attacks these virus/worms carry the payloads which harness email addresses from the internet and affected systems and further launch phishing attacks.

Page 4: 51 phishing attacks

PHISHING EXAMPLESExample 1.

Page 5: 51 phishing attacks
Page 6: 51 phishing attacks
Page 7: 51 phishing attacks
Page 8: 51 phishing attacks

Example 2.

Page 9: 51 phishing attacks
Page 10: 51 phishing attacks
Page 11: 51 phishing attacks
Page 12: 51 phishing attacks

PHISHING TRENDS

APWG is an industry association focused on eliminating the identity theft and fraud that result from phishing and email spoofing.

This group provides forums to discuss phishing issues, trials and evaluations of potential technology solutions.

Publish Phishing Attack Trends Report

Page 13: 51 phishing attacks

TECHNOLOGICAL SOLUTIONSUltimate solution is training the end users not to reveal

any sensitive information.Basic approach for an effective anti-phishing effort

includes detection, prevention and awareness.Counter measures are in the form of technological

solutions, policy guidelines and user awareness.

Page 14: 51 phishing attacks

• Anti-phishing solution includes:

a. Detection: scanning, flitering and alerting

b.Mail server authentication

c. Secure web-authentication

d.Digitally signed e-mail

e. Mail gateway filtering

f. Desktop filtering

Page 15: 51 phishing attacks

Secure web-authentication

Page 16: 51 phishing attacks

Digitally signed e-mail

Page 17: 51 phishing attacks
Page 18: 51 phishing attacks

CONCLUSIONThe phishing attacks are major threat to e-commerce and

e-banking applications. The scammers are making huge losses by stealing financial data from the users. There is need for adoption of counter-measure steps by the financial institutions and individual customers for fighting phishing attacks. Digital signature usage should be promoted for secure mail transactions.

Page 19: 51 phishing attacks