phishing project report
TRANSCRIPT
PHISHING
Agenda1:- INTRODUCTION,DEFINITION AND DESCRIPTION OF PHISHING
2:- HISTORY AND CURRENT STATUS OF PHISHING
3:- PHISHING TECHNIQUES
4:- TYPES OF PHISHING 5:- DAMAGED CAUSED BY PHISHING AND ANTIPHISHING
6:- RECENT PHISHING ATTEMPTS,LEGAL RESPONSE AND CASE STUDY
DEFINITION AND DESCRIPTION
• Phishing is an act of attempt to acquire information such as
usernames,passwords, and credit card details,etc of a person or organization illegaly in an electronic communication.
• Phishing is committed so that the criminal may obtain sensitive and valuable information about a consumer, usually with the goal of fraud to obtain the customer bank and other financial information.
• Phishing are typically carried out by e-mail spoofing or instant messaging.
• In phishing the criminals creates a fake website whose looks and feel are identical to the legitimate one, in which the victims are told to enter their confidentioal details like username,password or account details.
• Phishing technique was described in detail in the year 1987 and this technique was first used in the year 1995
• Phishing is mainly commited ,so that the criminal may obtain sensitive & valuable information about the customer.
• Phishing makes high profit with less or small tecnological investment
Current status of Phishing• • The APWG received 26,150 unique phishing reports.• This total represents the second highest number of phishing
reports that the APWG has received in a single month.
• • The APWG detected 10,091 unique phishing websites worldwide.
• • 148 separate corporate brands were “hijacked” (misused) in phishing schemes (compared to 84 in August 2005v).
• • The financial sector was the most heavily targeted for phishing schemes, constituting 92.6 percent of all phishing attacks
• • The APWG found 2,303 unique websites that hosted “keylogging.” programs.
• • The United States was the country hosting the largest percentage of phishing websites (27.7 percent, compared to 27.9 percent in August 2005), while Canada ranked ninth among countries hosting such websites (2.2 percent, compared to 2.21 percent in August 2005). China remains the second most frequent host of phishing websites (14 percent, compared to 12.15 percent in August 2005), and South Korea the third most frequent host of such sites (9.59 percent, compared to 9.6 percent in August 2005).
• A very recent and popular case of phishing is that the chinese phishers are targeting GMAIL account of high ranked official of united states,south korea government and military information & chinese political activities.
IMPACT OF PHISHING• The Impact of phishing are both domestical and international,
that are concern with the commercial and financial sectors.
• Direct Financial Loss. Phishing technique is mainly done to make financial loss to a person or an organisation.In this and consumers and businesses may lose from a few hundred dollars to millions of dollars.
• • Erosion of Public Trust in the Internet. Phishing also decreases the public’s trust in the Internet.
• A survey found that 9 out of 10 American adult Internet users have made changes to their Internet habits because of the threat of identity theft.
• The 30 percent say that they reduced their overall usage. • The 25 percent say they have stopped shopping online, while
29 percent of those that still shop online say they have decreased the frequency of their purchases.
• • Cross-Border Operations by Criminal Organizations. • In this people sitting outside the country are performing
criminal activities by using the technique of phishing.
PREVENTION TO BE TAKEN TO AVOID PHISHING
• 1. Prevention: What to Do
• Protect your computer with anti-virus software, spyware filters, e-mail filters, and firewall programs, and make sure that they are regularly updated.
• Ensure that your Internet browser is up to date and security patches applied.
• Avoid responsing any unknown email or giving your financial information to that mail.
• Unless the e-mail is digitally signed, it should also be fake.
• Phishers typically ask for information such as usernames, passwords, credit card numbers, social security numbers, etc.
• Phisher e-mails are typically not personalized, while valid
messages from your bank or e-commerce company are generally pesonalized.
• • Always ensure that you're using a secure website when submitting credit card or other sensitive information via your Web browser.
• To make sure you're on a secure Web server, check the beginning of the Web address in your browsers address bar - it should be "https://" rather than just "http://."
• Regularly log into your online accounts. Don't leave them for a long period of time.
• Regularly check your bank, credit and debit card statementsto ensure that all transactions are legitimate.
• If anything is suspicious, contact your bank and all card issuers.
2. Prevention: What Not to Do
•• Don't assume that you can correctly identify a website as legitimate by just looking at it.
•
•• Don’t use the links in an e-mail to get to any web page, if you think that the message might not be authentic.
•log onto the website directly by typing in the Web address in your browser.
•
•• Avoid filling out forms in e-mail messages that ask for personal financial information.
• You should only communicate information such as credit card numbers or account information via a secure website or the telephone.
Case studyCase - fraud done by Mumbai mafia in IT cityCity- BangaloreState- karnatkaBackground•
• The cyber crime police of Bangalore,after a two year investigation have proved thatr the Mumbai mafia is phishing the it city
• In this they have arrested three persons in connection in with 3 different incident.
•
• A cid official of SP’s rank said that this is a dangerous trend.
The cyber crime police station (CCPS) registered around 100 such phishing cases in 2009,but it’s difficult for them to trace every case as they use benami bank
account to do all this.
In this the cyber crime police had arrested 3 person ,all from Mumbai who are connected with this case.
• The police said that all the arrested person are graduate and have a good knowledge in computer
Investigation
• The cyber crime police had arrested one abdul khan from Mumbai.
• The arrested person had transferred rs 1 lakh (rs 50000 in twice) from the icici account of one it professional abhishek malvia anative of itarsi , Madhya Pradesh.
Conclusion• Phishing is a form of criminal conduct that poses increasing
threats to consumers, financial institutions, and commercial enterprises in Canada, the United States, and other countries. Because phishing shows no sign of abating, and indeed is likely to continue in newer and more sophisticated forms, law enforcement, other government agencies, and the private sector in both countries will need to cooperate more closely than ever in their efforts to combat phishing, through improved public education, prevention, authentication, and binational and national enforcement efforts.