際際滷

際際滷Share a Scribd company logo

Phishing ppt

Download as PPTX, PDF
S
Sanjay Kumar

This document summarizes a seminar on phishing. It defines phishing as attempting to acquire personal information through deceitful communications. It discusses common phishing techniques like link manipulation and website forgery. It provides examples of phishing emails and outlines different types of phishing attacks like deceptive, malware-based, and man-in-the-middle. The document also covers causes of phishing, responses to phishing through social, technical and legal approaches, and effects like identity theft. It concludes by emphasizing the need for a combination of organizational practices, security technologies, and user awareness to reduce phishing.

1 of 16
Downloaded 2,133 times
www.studymafia.org Submitted To: Submitted By: www.studymafia.org www.studymafia.org Seminar On Phishing
Introduction Phishing Techniques Phishing Examples Types of Phishing Causes of Phishing Anti Phishing Effects of Phishing Defend against Phishing Attacks Conclusion Reference
Phishing is the act of attempting to acquire information such as username, password and credit card details as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites ,auction sites, online payment process or IT administrators are commonly used to lure the unsuspecting public .Phishing emails may contain links to websites that are infected with malware.
LINK MANIPULATION FILTER EVASION WEBSITE FORGERY PHONE PHISHING
In this example, targeted at South Trust Bank users, the phisher has used an image to make it harder for anti-phishing filters to detect by scanning for text commonly used in phishing emails.
Phishing ppt
Deceptive - Sending a deceptive email, in bulk, with a call to action that demands the recipient click on a link. Malware-Based - Running malicious software on the users machine. Various forms of malware-based phishing are: Key Loggers & Screen Loggers Session Hijackers Web Trojans Data Theft
DNS-Based - Phishing that interferes with the integrity of the lookup process for a domain name. Forms of DNS-based phishing are: Hosts file poisoning Polluting users DNS cache Proxy server compromise Man-in-the-Middle Phishing - Phisher positions himself between the user and the legitimate site.
Content-Injection Inserting malicious content into legitimate site. Three primary types of content-injection phishing: Hackers can compromise a server through a security vulnerability and replace or augment the legitimate content with malicious content. Malicious content can be inserted into a site through a cross-site scripting vulnerability. Malicious actions can be performed on a site through a SQL injection vulnerability.
Misleading e-mails No check of source address Vulnerability in browsers No strong authentication at websites of banks and financial institutions Limited use of digital signatures Non-availability of secure desktop tools Lack of user awareness Vulnerability in applications
A. Social responses B. Technical approaches 1. Helping to identify legitimate websites. 2. Browsers alerting users to fraudulent websites. 3. Eliminating Phishing mail. 4. Monitoring and takedown. C. Legal approaches
Internet fraud Identity theft Financial loss to the original institutions Difficulties in Law Enforcement Investigations Erosion of Public Trust in the Internet.
Preventing a phishing attack before it begins Detecting a phishing attack Preventing the delivery of phishing messages Preventing deception in phishing messages and sites Counter measures Interfering with the use of compromised information
No single technology will completely stop phishing. However, a combination of good organization and practice, proper application of current technologies, and improvements in security technology has the potential to drastically reduce the prevalence of phishing and the losses suffered from it.
www.google.com www.wikipedia.com www.studymafia.org
Thanks

More Related Content

Phishing ppt

  • 1. www.studymafia.org Submitted To: Submitted By: www.studymafia.org www.studymafia.org Seminar On Phishing
  • 2. Introduction Phishing Techniques Phishing Examples Types of Phishing Causes of Phishing Anti Phishing Effects of Phishing Defend against Phishing Attacks Conclusion Reference
  • 3. Phishing is the act of attempting to acquire information such as username, password and credit card details as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites ,auction sites, online payment process or IT administrators are commonly used to lure the unsuspecting public .Phishing emails may contain links to websites that are infected with malware.
  • 4. LINK MANIPULATION FILTER EVASION WEBSITE FORGERY PHONE PHISHING
  • 5. In this example, targeted at South Trust Bank users, the phisher has used an image to make it harder for anti-phishing filters to detect by scanning for text commonly used in phishing emails.
  • 7. Deceptive - Sending a deceptive email, in bulk, with a call to action that demands the recipient click on a link. Malware-Based - Running malicious software on the users machine. Various forms of malware-based phishing are: Key Loggers & Screen Loggers Session Hijackers Web Trojans Data Theft
  • 8. DNS-Based - Phishing that interferes with the integrity of the lookup process for a domain name. Forms of DNS-based phishing are: Hosts file poisoning Polluting users DNS cache Proxy server compromise Man-in-the-Middle Phishing - Phisher positions himself between the user and the legitimate site.
  • 9. Content-Injection Inserting malicious content into legitimate site. Three primary types of content-injection phishing: Hackers can compromise a server through a security vulnerability and replace or augment the legitimate content with malicious content. Malicious content can be inserted into a site through a cross-site scripting vulnerability. Malicious actions can be performed on a site through a SQL injection vulnerability.
  • 10. Misleading e-mails No check of source address Vulnerability in browsers No strong authentication at websites of banks and financial institutions Limited use of digital signatures Non-availability of secure desktop tools Lack of user awareness Vulnerability in applications
  • 11. A. Social responses B. Technical approaches 1. Helping to identify legitimate websites. 2. Browsers alerting users to fraudulent websites. 3. Eliminating Phishing mail. 4. Monitoring and takedown. C. Legal approaches
  • 12. Internet fraud Identity theft Financial loss to the original institutions Difficulties in Law Enforcement Investigations Erosion of Public Trust in the Internet.
  • 13. Preventing a phishing attack before it begins Detecting a phishing attack Preventing the delivery of phishing messages Preventing deception in phishing messages and sites Counter measures Interfering with the use of compromised information
  • 14. No single technology will completely stop phishing. However, a combination of good organization and practice, proper application of current technologies, and improvements in security technology has the potential to drastically reduce the prevalence of phishing and the losses suffered from it.
AboutCopyright
息 2025 際際滷