Download - Phishing
Student Name: Arpit Patel(Enrollment No. 120770107014)
Guide:
Presentation ( Review)
On
PHISHING
Gujarat Technological
UniversitySOCET
Contents:
Definition Introduction Type of Phishing Causes of Phishing How to notice Phishing Example of Phishing Prevention Method Conclusion
Phreaking + Fishing = Phishing- Phreaking = making phone calls for free back in 70’s- Fishing = Use bait to lure the target
Phishing in 1995Target: AOL usersPurpose: getting account passwords for free timeThreat level: lowTechniques: Similar names ( www.ao1.com for www.aol.com ),
social engineering
Phishing in 2001Target: Ebayers and major banksPurpose: getting credit card numbers, accountsThreat level: mediumTechniques: Same in 1995, keylogger
Phishing in 2007Target: Paypal, banks, ebayPurpose: bank accountsThreat level: highTechniques: browser vulnerabilities, link obfuscation
History of Phishing
Definition
It is the act of tricking someone into giving confidential information (like passwords and credit card information) on a fake web page.
Introduction
Phishing is way of fraudulenty acquiring sensitive information using social engineering
It tries to trick with official looking message•Credit card•Bank account•Facebook id/pw•Paypal
some phishing emails also contain malicious or unwanted software that can track your activities or slow your computer
It is comparatively different from SPAM
Origin of Phishing Attacks
Phishing
Fraudsters
Build fake site
Send out thousandsOf Phishing E-mailsWith link to fake website
Victims click on links inE-mail believing it is Legitimate. They enter personal information
Fraudsters compile The stolen data and shell itOnline or use it them selves
How to notice Phishing?
Artists also use Uniform Resource Locators(URLs) that resemble the name of a well-known company or web-site but are slightly altered by adding, omitting or transposing letters.
For example, the URL www.microsoft.com could appear instead as:
www.micosoft.comwww.mircosoft.comwww.verify-microsoft.com
“Be alert for spam message”
Don’t open any links in suspicious emails, instant messages, or chat room messages
“Only communicate personal info. Over secure web site”
Secure website are indicated by a lock on the browser’sstatus bar or the prefix
“Https::// ” instead of “Http://”
“Never use e-mail to share personal information”
“Avoid using email on public computers”
Information from an email is temporarily stored on computer’s local disk and can be retrieved by another user if it is not properly deleted
“Do not click anything in pop-up window”
If your browser has a pop-u blocker , enable it. Do not Copy any website addresses from a pop-up window into your computer.
“Use security programs to protect your computer” Use a spam filter , Anti-spyware program , Anti-virus program and a firewall. These can be obtained from a software retailer or the internet.
“Check your credit report and financial statement regularly”
Make sure that no unauthorized transaction have been made and that all item on your credit report are correct.
TYPE OF PHISHING
o Deceptive Phishing
o Malware-Based Phishing
o Man in the Middle Phishing
o Search engine Phishing
Deceptive Phishing Sending a deceptive email, in bulk, with a “call to action that demands the recipient click on a link.
Malware-Based Phishing
Malware stands for malicious software, Malware is used to generically describe any malicious software regardless of its technical category
Man in the Middle Phishing
An attack where attacker gets between the Sender and receiver of information
(Session Phishing)
Search engine Phishing Create web pages for fake
products, get the pages indexed by search engines, and wait for users to enter their confidential information as part of an order, sign-up, or balance transfer.
Causes of Phishing Misleading e-mails No check of source address Vulnerability in browsers No strong authentication at websites
of banks and financial institutions Limited use of digital signatures Non-availability of secure desktop
tools Lack of user awareness Vulnerability in applications … and more
Existing System1) Detect and block the phishing websites
in time2) Enhance the secure of the websites3) Block the Phishing e-mails by various
spam filter4) Install online anti-phishing software in
user’s computers
Proposed System
1. Classification of the hyperlink in the phishing e-mail
2. Link guard algorithm3. Link guard implemented client4. Feasibility study
How to do Search engine Phishing???
And then upload this two file to your website….
Conclusion
Be Alert, Be wary, And
Be Informed ! ! !
Thank You For Your