Download - Phishing
![Page 1: Phishing](https://reader035.vdocuments.site/reader035/viewer/2022062319/555310e0b4c905533f8b51ef/html5/thumbnails/1.jpg)
PHISHING
![Page 2: Phishing](https://reader035.vdocuments.site/reader035/viewer/2022062319/555310e0b4c905533f8b51ef/html5/thumbnails/2.jpg)
CONTENTS :-IntroductionTypes of phishingExamples of phishingTechniques of phishingPrevention methods
![Page 3: Phishing](https://reader035.vdocuments.site/reader035/viewer/2022062319/555310e0b4c905533f8b51ef/html5/thumbnails/3.jpg)
FISHING
![Page 4: Phishing](https://reader035.vdocuments.site/reader035/viewer/2022062319/555310e0b4c905533f8b51ef/html5/thumbnails/4.jpg)
PHISHING
![Page 5: Phishing](https://reader035.vdocuments.site/reader035/viewer/2022062319/555310e0b4c905533f8b51ef/html5/thumbnails/5.jpg)
PHISHING
PHREAKING FISHING
FREAKPHONE
![Page 6: Phishing](https://reader035.vdocuments.site/reader035/viewer/2022062319/555310e0b4c905533f8b51ef/html5/thumbnails/6.jpg)
Phishing is an attempt to fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication.
Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.
![Page 7: Phishing](https://reader035.vdocuments.site/reader035/viewer/2022062319/555310e0b4c905533f8b51ef/html5/thumbnails/7.jpg)
Types of phishingSpear phishing
Clone phishing
Whaling phishing
![Page 8: Phishing](https://reader035.vdocuments.site/reader035/viewer/2022062319/555310e0b4c905533f8b51ef/html5/thumbnails/8.jpg)
Characteristics of phishing emails
![Page 9: Phishing](https://reader035.vdocuments.site/reader035/viewer/2022062319/555310e0b4c905533f8b51ef/html5/thumbnails/9.jpg)
1. Disguised hyperlinks and sender address-
•Appear similar as the genuine institution site. •Sender address of the email also appears as originated from the targeted company.
![Page 10: Phishing](https://reader035.vdocuments.site/reader035/viewer/2022062319/555310e0b4c905533f8b51ef/html5/thumbnails/10.jpg)
2. Email consists of a clickable image :
• Scam emails arrive as a clickable image file containing fraud request for information.
• Clicking anywhere within the email will cause the bogus website to open.
![Page 11: Phishing](https://reader035.vdocuments.site/reader035/viewer/2022062319/555310e0b4c905533f8b51ef/html5/thumbnails/11.jpg)
3. Content appears genuineScam email include logos, styling, contact and copyright information. identical to those used by the targeted institution.
![Page 12: Phishing](https://reader035.vdocuments.site/reader035/viewer/2022062319/555310e0b4c905533f8b51ef/html5/thumbnails/12.jpg)
4. Unsolicited requests for sensitive information :
• Emails asks to click a link and provide sensitive personal information .
• It is highly unlikely that a legitimate institution would request sensitive information in such a way.
![Page 13: Phishing](https://reader035.vdocuments.site/reader035/viewer/2022062319/555310e0b4c905533f8b51ef/html5/thumbnails/13.jpg)
5. Generic Greetings • Scam mails are sent in bulk to many recipients
and use generic greetings such as "Dear account holder" or "Dear [targeted institution] customer".
![Page 14: Phishing](https://reader035.vdocuments.site/reader035/viewer/2022062319/555310e0b4c905533f8b51ef/html5/thumbnails/14.jpg)
Phishing Techniques
![Page 15: Phishing](https://reader035.vdocuments.site/reader035/viewer/2022062319/555310e0b4c905533f8b51ef/html5/thumbnails/15.jpg)
• Sending mails that look trustworthy to user• Send the same email to millions of users,
requesting them to fill in personal details• Messages have an urgent note • Click on a link which is embedded in your email.
![Page 16: Phishing](https://reader035.vdocuments.site/reader035/viewer/2022062319/555310e0b4c905533f8b51ef/html5/thumbnails/16.jpg)
Example of Phishing Email
![Page 17: Phishing](https://reader035.vdocuments.site/reader035/viewer/2022062319/555310e0b4c905533f8b51ef/html5/thumbnails/17.jpg)
• Attackers situate between the customer and the real web-based application
• The attacker's server thenproxies all communications between the customer and the real web-basedapplication server
![Page 18: Phishing](https://reader035.vdocuments.site/reader035/viewer/2022062319/555310e0b4c905533f8b51ef/html5/thumbnails/18.jpg)
By manipulating the links for example
www.facb00k.comInstead of
www.facebook.com
Misspelled URLs or sub domains are common tricks used by Attacker
![Page 19: Phishing](https://reader035.vdocuments.site/reader035/viewer/2022062319/555310e0b4c905533f8b51ef/html5/thumbnails/19.jpg)
Key loggers are designed to monitor all the key strokes
![Page 20: Phishing](https://reader035.vdocuments.site/reader035/viewer/2022062319/555310e0b4c905533f8b51ef/html5/thumbnails/20.jpg)
Inserting malicious content into legitimate site.
Three primary types of content-injection phishing: Hackers can compromise a server through a security
vulnerability and replace or augment the legitimate content with malicious content.
Malicious content can be inserted into a site through a cross-site scripting vulnerability.
Malicious actions can be performed on a site through a SQL injection vulnerability.
![Page 21: Phishing](https://reader035.vdocuments.site/reader035/viewer/2022062319/555310e0b4c905533f8b51ef/html5/thumbnails/21.jpg)
• In this method, phishers used malicious software to attack on the user machine.
• This phishing attack spreads due to social engineering or security vulnerabilities.
• In social engineering, the user is convinced to open an attachment that attracts the user regarding some important information and download it containing malwares.
• Exploiting the security vulnerabilities by injecting worms and viruses is another form of malware based phishing.
![Page 22: Phishing](https://reader035.vdocuments.site/reader035/viewer/2022062319/555310e0b4c905533f8b51ef/html5/thumbnails/22.jpg)
• Trojan is a program that gives complete access of host computer to phishers after being installed at the host computer.
• Phishers will make the user to install the trojan software which helps in email propagating and hosting fraudulent websites.
![Page 23: Phishing](https://reader035.vdocuments.site/reader035/viewer/2022062319/555310e0b4c905533f8b51ef/html5/thumbnails/23.jpg)
Beast(A Trojan horse software)
![Page 24: Phishing](https://reader035.vdocuments.site/reader035/viewer/2022062319/555310e0b4c905533f8b51ef/html5/thumbnails/24.jpg)
• Mobile Phishing is a social engineering technique where the attack is invited via mobile texting rather than email.
• An attacker targets mobile phone users with a phishing attack for the purpose of soliciting account passwords or sensitive information from the user.
• The user is enticed to provide information or go to a compromised
web site via text message.
![Page 25: Phishing](https://reader035.vdocuments.site/reader035/viewer/2022062319/555310e0b4c905533f8b51ef/html5/thumbnails/25.jpg)
• Never respond to emails that request personal financial information
• Visit bank’s websites by typing the URL into the address bar
• Keep a regular check on your accounts
• Be cautious with emails and personal data
![Page 26: Phishing](https://reader035.vdocuments.site/reader035/viewer/2022062319/555310e0b4c905533f8b51ef/html5/thumbnails/26.jpg)
• Keep your computer secure
• Use anti-spam software
• Use anti-spyware software
• Use the Microsoft Baseline Security Analyser (MBSA)
• Use Firewall
![Page 27: Phishing](https://reader035.vdocuments.site/reader035/viewer/2022062319/555310e0b4c905533f8b51ef/html5/thumbnails/27.jpg)
Continued…• Protect against DNS pharming attacks
• Check the website you are visiting is secure
• Use backup system images
• Get educated about phishing prevention attack
• Always report suspicious activity
![Page 28: Phishing](https://reader035.vdocuments.site/reader035/viewer/2022062319/555310e0b4c905533f8b51ef/html5/thumbnails/28.jpg)
It is better to be safer now than feel sorry later.
Thank you.