phishing attacks, types of phishing attacks, how to avoid phishing attacks

Made By Rahul Jain

Phishing AttacksProcess of luring a victim to a fake web site by clicking on a link

Presented By :- Rahul JainSubmitted To :- Prof. Sachindra Dubey Sir Prof. Anamika Gupta Mam

Made By Rahul Jain

Examples :-

• Click Here www.luckydraw.com to claim your $10000000 Prize!• Urgent attention of all true bank account holders.

Made By Rahul Jain

Methods Of Phishing Attacks -1

•Impersonation :- Constructing fake Sites and then deceived by visiting.

Made By Rahul Jain

Methods Of Phishing Attacks -2

•Forwarding :- Amazon, Paypal, eBay, When victim login to forwarding link data will upload on hostile’s server

Made By Rahul Jain

Methods Of Phishing Attacks -3

•Popups :- Creative but of Limited Approaches. Behind the popup stealing of data done.

• First discovered during barrage of phishing attacks on city bank in 2003.

Made By Rahul Jain

Types Of Phishing Attacks -1

•Man-In-The-Middle-Phishing :- Hackers Position themselves between user and legitimate websites.

•URL Obfuscation Attacks :- Following attackers hyperlink to the attacker’s server. • A> Bad Domain Names –• B> Friendly Login URL’s -Many web sites use friendly websites to

attack and steal the user’s data the general information is URL://username:password@hostname/path

Made By Rahul Jain

Types Of Phishing Attacks -2

• C> Third Party Shortened URL’s :- Due to length of Complexity of many websites www.smallurl.com

• D> Host Name Obfuscation:- e.g, http://mybank.com:ebanking@evilsite.com/phishing/fakepage.htm

• In some cases, it may be possible to mix formats (e.g, http://0322.0x86/161.0043/)

Made By Rahul Jain

Types Of Phishing Attacks -3

• E> URL Obfuscation :- Obfuscation is the obscuring of intended meaning in communication, making the message confusing, willfully ambiguous, or harder to understand.

Made By Rahul Jain

Types Of Phishing Attacks -4

• E1> Escape Encoding :-• Percent Encoding or Escaped Encoding • Achieved by encoding the character to be intrepid with the character

%.

• E2> Unicode Encoding :- Method of Referencing and storing characters with multiple bytes by providing a unique number.

Made By Rahul Jain

Types Of Phishing Attacks -5

• E3> Inappropriate UTF-8 Encoding :- • Characteristics of preserving the full US-ASCII character range.• %CO, %AE, %FO %FX %80 %80

• E4> Multiple Encoding :- Phishers may further obfuscate the URL information by encoding characters multiple times. • E.g, “\” character may be encoded as %25 originally but could be

extended to %35C or %25C%35C%63

Made By Rahul Jain

Types Of Phishing Attacks -6

• Hidden Attacks - An attacker may make use of HTML, DHTML and Other Scriptable Code.• Whether its man in the middle attack or fake copy of the site hosted

on the attackers own systems. • A> Hidden Frames

Made By Rahul Jain

Types Of Phishing Attacks -7

• Overriding Page Content :-

Made By Rahul Jain

Types Of Phishing Attacks -8

• Deceptive Phishing :- • Malware Based Phishing :- • DNA Based Phishing :-• Content Injection Phishing :-• Search Engine Phishing :-

Made By Rahul Jain

How To Avoid Phishing Attacks -1

• 1. Be Careful About responding To emails that ask you for sensitive information.• 2. Go to The Site Your self, Rather than clicking on links in suspicious

emails. • 3. If You are on sites that asking you to enter sensitive info check for

signs of any thing suspicious.• 4. Be wary of “Fabulous offers” and “fantastic Prizes” that you will

some times Across on web.

Made By Rahul Jain

How To Avoid Phishing Attacks -2

• Use of Browsers that has a phishing filters.

Made By Rahul Jain

Thank You ..!! For Any Query Ask on-- ideasandtechnology.blogspot.in or mail me at -- rahuljaincse51@gmail.com