際際滷

際際滷Share a Scribd company logo

Phishing technology

Download as PPTX, PDF
Preeti Papneja
Preeti Papneja

The document discusses phishing, which refers to attempts by criminals to acquire sensitive information such as usernames, passwords, and credit card details by disguising themselves as a trustworthy entity through fraudulent emails or websites. It provides details on how phishing works, what information phishers typically ask for, signs of phishing messages to watch out for, and steps individuals can take to protect themselves, including using antivirus software, firewalls, and caution when receiving suspicious emails or entering information on websites.

1 of 27
Downloaded 111 times
Phishing Technology Presented by Preeti Papneja B.Tech (cs) 3rd yr
1.Introduction 2.What is Phishing 3.What might be the Phisher ask for 4.How does it Work 5.The simplified flow of information in a phishing attack 6. What should I be aware of when receiving a suspicious email? 7.What do I do if I get a phishing message? 8.What do I do if I am unsure about a fraudulent email message? 9.Why phishing is still popular 10.How to protect yourself from phishing 11. References
Phishing: Pronounced "fishing The word has its Origin from two words Password Harvesting or fishing for Passwords Phishing is an online form of pretexting, a kind of deception in which an attacker pretends to be someone else in order to obtain sensitive information from the victim Also known as "brand spoofing Phishers are phishing artists. The purpose of a phishing message is to acquire sensitive information about a user.
What is phishing Phishing refers to a person or a group of cyber- criminals who create an imitation or copy of an existing legitimate web page to trick users into providing sensitive personal information. Responding to phishing emails put your accounts at risk.
What might the phisher ask for? Your password Account number, card number, Pin, access code Personality identifiable information like your date of birth, Social Security number or address Confidential information like student records, financial records or technical information Phishers typically present a plausible scenario and often take advantage of the recipients fear, greed. They also often present a sense of urgency. Example include message that: Tell you that your account was misused by you and will be disabled Tell you your account was compromised and will be disabled
How does phishing Phishing attacks are most commonly work transmitted via email, but they are also transmitted via: Instant Messaging Social media website such as fb, MySpace and Twitter The communicational may: Ask you to reply with specific information Ask you to visit a web page, then ask you to share specific information Ask you to call a phone number, which will ask you to share specific information
The Imbedded Web Address The next way phishing works is by redirecting the victim to a seemingly legitimate website from an email. The email may look like it has been sent from a bank, the Internal Revenue Service or an online financial service such as PayPal, escrow or an online financial rewards system. The website that the victim is redirected to appears in every way to be real. Upon entering usernames, passwords or any other vital information, it is not unlikely that the website appears to crash. This is because the phisher has what he needs and doesnt want the victim to find out about the phony website.
The simplified flow of information in a phishing attack is: 1. A deceptive message is sent from the phisher to the user. 2. A user provides confidential information to a phishing server (normally after some interaction with the server). 3. The phisher obtain the confidential information from the server. 4. The confidential information is used to impersonate the user. 5. The phisher obtain illicit monetary gain. The discussion of technology countermeasures will center on ways to disrupt steps 1,2 and 4, as well as related technologies outside the information flow proper.
Phishing technology
Phishing technology
Phishing technology
Look for the following clues: misspelled words, unprofessional tone, bad grammar, or other problems with the content. Other things to look for: they are asking you to verify your confidential information, will hold you liable if you don't respond, telling you that the account will be closed if you don't respond, etc. All these are signs of a phishing message.
Original website Phishing website
Report and forward the original email to the Information Security Office at security@utep.edu.Do not reply to the sender of the email. What do I do if I am unsure about a fraudulent email message? Following these steps to minimize your chances of becoming a victim of fraud: 1.Do not click on any links listed within the email message. 2.Do not open any attachments included in the email. 3.Forward the email message to The Information Security Office. 4.Review your credit card and bank statements, and your bills, for unauthorized charges or withdrawals. 5.Never enter personal information using a pop-up screen. Legitimate companies will provide secure web forms for you to fill out.
Phishing had been widely used at least half a decade ago but it still remains as one of the popular methods to scam internet users .Many of us might still be wondering why there are so many victims out there even though we had been taught from time to stay aware of a phishing scam. There are five reasons here why phishing is still a popular trick and below are the reasons. #1- it tricks the victim with fear: one of the most common method is to trick the victim by sending them an email and tell them that their internet banking account is being compromised and need to click on a link to resolve the issue. Once the user followed the link, the user will be redirected to some forged website that looks similar to the banking website which requires the user to input his/her username and password. Once that form is sent, all the data will be transmitted to the attacker controlled server.
#2-it tricks the victim with special interest: Some scammers use the scenario such as winning lottery or viewing adult material to create a temptation for the victim to click on a link that redirects to the phishing site. #3-it is not a rocket science technology: Phishing attacks involves creating a forged website and it might be difficult to certain people. However if it is compare to hacking a banking server, creating website is not that complicated. Therefore many novice or intermediate scammer will choose to use the phishing method over any other method in their hacking project. #4-it can be launched via many types of communication channel: phishing can happen not only by simply building a forged website and anticipate for the victim to come to you. It can also involve sending emails to lure them to the forged website.
Besides that, a phishing scam uses as well the manipulation of a URL and post it as a comment or forum to trick them to the forged website. Apart from using the computer knowledge to lure the victim, phishing can also be done via phone calls. The conclusion is this type of scam can be done via multiple channels and multiple techniques. #5-Compromising one account is not the end. After stealing ones credentials is not the end, but it can be the beginning. Why is it so? Internet users nowadays have many online accounts for instance Facebook , Twitter, and LinkedIn. In common, most users will use the same username and password for each of the account so that remembering them is not an issue. Hence this can lead to the users credentials that had been stolen can be used as well for other accounts by the scammers.
How to Protect Yourself from Phishing The following 10 steps will help protect yourself. Whilst we have researched and made recommendations of software that will assist you, Fraud Watch International makes no warranties or guarantees about the products. 1. Never Click on Hyperlinks within emails Why? Hyperlinks within emails are often cloaked, or hidden. The text you see as a hyperlink may not be where the hyperlink takes you. Recommendation: If you are unsure of the source of the email, you should not click on hyperlinks within emails that are apparently from a legitimate company for personally sensitive
information Instead, directly type in the URL in the Internet browser address bar, or call the company on a contact number previously verified or known to be genuine. 2. Use Anti-SPAM Filter Software Why? Some studies have shown around 85% of all email sent is SPAM, with a majority fraudulent. This can be costly and time consuming to end users who receive them. Effective SPAM filters can reduce the number of fraudulent emails consumers are exposed to. 3. Use Anti-Virus Software Why? To protect against Trojan and worm attacks, anti-virus software can detect and delete virus files before they can attack a computer.
It is important to keep all anti-virus software up to date with vendor updates. These virus programs can search your computer and pass this information to fraudsters. 4. Use a Personal Firewall Why? Firewall's can monitor both incoming and outgoing Internet traffic from a computer. This can protect the computer from being hacked into, and a virus being planted, and can also block unauthorized programs from accessing the Internet, such as Trojans, worms and spyware.
5. Keep Software Updated (Operating Systems & Browsers) Why? Fraudsters and malicious computer hackers are continually finding vulnerabilities in software operating systems and Internet Browsers. Software vendors are constantly updating their software to fix these vulnerabilities and protect consumers. Recommendation: Always ensure operating and browser software is kept up to date using legitimate upgrades and patches issued by the software vendor. Visit your operating system vendors website for update information, and subscribe to any automatic updating service. 6. Always look for "https" and a padlock on a site that requests personal information Why? Information entered on an Internet Web Site can be intercepted by a third party. Web Sites that are secure protect against this activity
Recommendation: When submitting sensitive financial and personal information on the Internet, look for the locked padlock on the Internet browser's status bar or the https:// at the start of the URL in the address bar. Although there is no guarantee of the site's legitimacy or security if they are present, the absence of these indicates that the web site is definitely not secure. 7. Keep your Computer clean from Spyware Why? Spyware & Adware are files that can be installed on your computer, even if you don't want them, without you knowing they are there! They allow companies to monitor your Internet browsing patterns, see what you purchase and even allow companies to inundate you with those annoying "pop up" ads! If you've downloaded some music, files or documents and suddenly started getting annoying ads popping up on your screen, you could definitely be infected with Spy Ware and/or Ad Ware!
8. Educate Yourself on Fraudulent Activity on the Internet Why? Internet Fraud methods are evolving at a rapid rate. Consumers need to be aware they are vulnerable as fraudsters are persuasive and convincing; many victims thought they were too smart to be scammed. Consumers should educate themselves on Internet Fraud, the trends and continual changes in fraudulent methods used. Fraud Watch International offers consumer education as a free service to the Internet community.
9. Check Your Credit Report Immediately, for Free! Why? If you have responded to a fraudulent email, you may be at risk of identity theft. A virus could have been implanted within the email, which may find and pass on sensitive personal information about you to fraudsters, or if you have provided fraudsters with any personal information, you may be at risk of Identity Theft. You should check your credit report, and subscribe to a credit report monitoring service, to be alerted if your personal information is used fraudulently.
10. Seek Advice - If you are unsure - ask us! Why? If unsure as to the legitimacy of an email, consumers should seek advice from the legitimate corporation using verified contact details. For other potentially fraudulent emails, consumers can seek advice from Fraud Watch International by forwarding the email with their questions to us. This is a free service to assist in the prevention of Internet Fraud. Recommendation: You can seek advice from Fraud Watch International by forwarding the email with your questions to scams@fraudwatchinternational.com .
www.identity-theft-scenarios.com/how-does-phishing- work.html www.microsoft.com/security/online-privacy/phishing- symptoms.aspx www.kbase.gfi.com/showarticle.asp?id=kbid002585 www.antiphishing.org www.phishing1122.blogspot.com www.planb-security.net www.londonancestor.com
Thank You

More Related Content

Phishing technology

  • 1. Phishing Technology Presented by Preeti Papneja B.Tech (cs) 3rd yr
  • 2. 1.Introduction 2.What is Phishing 3.What might be the Phisher ask for 4.How does it Work 5.The simplified flow of information in a phishing attack 6. What should I be aware of when receiving a suspicious email? 7.What do I do if I get a phishing message? 8.What do I do if I am unsure about a fraudulent email message? 9.Why phishing is still popular 10.How to protect yourself from phishing 11. References
  • 3. Phishing: Pronounced "fishing The word has its Origin from two words Password Harvesting or fishing for Passwords Phishing is an online form of pretexting, a kind of deception in which an attacker pretends to be someone else in order to obtain sensitive information from the victim Also known as "brand spoofing Phishers are phishing artists. The purpose of a phishing message is to acquire sensitive information about a user.
  • 4. What is phishing Phishing refers to a person or a group of cyber- criminals who create an imitation or copy of an existing legitimate web page to trick users into providing sensitive personal information. Responding to phishing emails put your accounts at risk.
  • 5. What might the phisher ask for? Your password Account number, card number, Pin, access code Personality identifiable information like your date of birth, Social Security number or address Confidential information like student records, financial records or technical information Phishers typically present a plausible scenario and often take advantage of the recipients fear, greed. They also often present a sense of urgency. Example include message that: Tell you that your account was misused by you and will be disabled Tell you your account was compromised and will be disabled
  • 6. How does phishing Phishing attacks are most commonly work transmitted via email, but they are also transmitted via: Instant Messaging Social media website such as fb, MySpace and Twitter The communicational may: Ask you to reply with specific information Ask you to visit a web page, then ask you to share specific information Ask you to call a phone number, which will ask you to share specific information
  • 7. The Imbedded Web Address The next way phishing works is by redirecting the victim to a seemingly legitimate website from an email. The email may look like it has been sent from a bank, the Internal Revenue Service or an online financial service such as PayPal, escrow or an online financial rewards system. The website that the victim is redirected to appears in every way to be real. Upon entering usernames, passwords or any other vital information, it is not unlikely that the website appears to crash. This is because the phisher has what he needs and doesnt want the victim to find out about the phony website.
  • 8. The simplified flow of information in a phishing attack is: 1. A deceptive message is sent from the phisher to the user. 2. A user provides confidential information to a phishing server (normally after some interaction with the server). 3. The phisher obtain the confidential information from the server. 4. The confidential information is used to impersonate the user. 5. The phisher obtain illicit monetary gain. The discussion of technology countermeasures will center on ways to disrupt steps 1,2 and 4, as well as related technologies outside the information flow proper.
  • 12. Look for the following clues: misspelled words, unprofessional tone, bad grammar, or other problems with the content. Other things to look for: they are asking you to verify your confidential information, will hold you liable if you don't respond, telling you that the account will be closed if you don't respond, etc. All these are signs of a phishing message.
  • 13. Original website Phishing website
  • 14. Report and forward the original email to the Information Security Office at security@utep.edu.Do not reply to the sender of the email. What do I do if I am unsure about a fraudulent email message? Following these steps to minimize your chances of becoming a victim of fraud: 1.Do not click on any links listed within the email message. 2.Do not open any attachments included in the email. 3.Forward the email message to The Information Security Office. 4.Review your credit card and bank statements, and your bills, for unauthorized charges or withdrawals. 5.Never enter personal information using a pop-up screen. Legitimate companies will provide secure web forms for you to fill out.
  • 15. Phishing had been widely used at least half a decade ago but it still remains as one of the popular methods to scam internet users .Many of us might still be wondering why there are so many victims out there even though we had been taught from time to stay aware of a phishing scam. There are five reasons here why phishing is still a popular trick and below are the reasons. #1- it tricks the victim with fear: one of the most common method is to trick the victim by sending them an email and tell them that their internet banking account is being compromised and need to click on a link to resolve the issue. Once the user followed the link, the user will be redirected to some forged website that looks similar to the banking website which requires the user to input his/her username and password. Once that form is sent, all the data will be transmitted to the attacker controlled server.
  • 16. #2-it tricks the victim with special interest: Some scammers use the scenario such as winning lottery or viewing adult material to create a temptation for the victim to click on a link that redirects to the phishing site. #3-it is not a rocket science technology: Phishing attacks involves creating a forged website and it might be difficult to certain people. However if it is compare to hacking a banking server, creating website is not that complicated. Therefore many novice or intermediate scammer will choose to use the phishing method over any other method in their hacking project. #4-it can be launched via many types of communication channel: phishing can happen not only by simply building a forged website and anticipate for the victim to come to you. It can also involve sending emails to lure them to the forged website.
  • 17. Besides that, a phishing scam uses as well the manipulation of a URL and post it as a comment or forum to trick them to the forged website. Apart from using the computer knowledge to lure the victim, phishing can also be done via phone calls. The conclusion is this type of scam can be done via multiple channels and multiple techniques. #5-Compromising one account is not the end. After stealing ones credentials is not the end, but it can be the beginning. Why is it so? Internet users nowadays have many online accounts for instance Facebook , Twitter, and LinkedIn. In common, most users will use the same username and password for each of the account so that remembering them is not an issue. Hence this can lead to the users credentials that had been stolen can be used as well for other accounts by the scammers.
  • 18. How to Protect Yourself from Phishing The following 10 steps will help protect yourself. Whilst we have researched and made recommendations of software that will assist you, Fraud Watch International makes no warranties or guarantees about the products. 1. Never Click on Hyperlinks within emails Why? Hyperlinks within emails are often cloaked, or hidden. The text you see as a hyperlink may not be where the hyperlink takes you. Recommendation: If you are unsure of the source of the email, you should not click on hyperlinks within emails that are apparently from a legitimate company for personally sensitive
  • 19. information Instead, directly type in the URL in the Internet browser address bar, or call the company on a contact number previously verified or known to be genuine. 2. Use Anti-SPAM Filter Software Why? Some studies have shown around 85% of all email sent is SPAM, with a majority fraudulent. This can be costly and time consuming to end users who receive them. Effective SPAM filters can reduce the number of fraudulent emails consumers are exposed to. 3. Use Anti-Virus Software Why? To protect against Trojan and worm attacks, anti-virus software can detect and delete virus files before they can attack a computer.
  • 20. It is important to keep all anti-virus software up to date with vendor updates. These virus programs can search your computer and pass this information to fraudsters. 4. Use a Personal Firewall Why? Firewall's can monitor both incoming and outgoing Internet traffic from a computer. This can protect the computer from being hacked into, and a virus being planted, and can also block unauthorized programs from accessing the Internet, such as Trojans, worms and spyware.
  • 21. 5. Keep Software Updated (Operating Systems & Browsers) Why? Fraudsters and malicious computer hackers are continually finding vulnerabilities in software operating systems and Internet Browsers. Software vendors are constantly updating their software to fix these vulnerabilities and protect consumers. Recommendation: Always ensure operating and browser software is kept up to date using legitimate upgrades and patches issued by the software vendor. Visit your operating system vendors website for update information, and subscribe to any automatic updating service. 6. Always look for "https" and a padlock on a site that requests personal information Why? Information entered on an Internet Web Site can be intercepted by a third party. Web Sites that are secure protect against this activity
  • 22. Recommendation: When submitting sensitive financial and personal information on the Internet, look for the locked padlock on the Internet browser's status bar or the https:// at the start of the URL in the address bar. Although there is no guarantee of the site's legitimacy or security if they are present, the absence of these indicates that the web site is definitely not secure. 7. Keep your Computer clean from Spyware Why? Spyware & Adware are files that can be installed on your computer, even if you don't want them, without you knowing they are there! They allow companies to monitor your Internet browsing patterns, see what you purchase and even allow companies to inundate you with those annoying "pop up" ads! If you've downloaded some music, files or documents and suddenly started getting annoying ads popping up on your screen, you could definitely be infected with Spy Ware and/or Ad Ware!
  • 23. 8. Educate Yourself on Fraudulent Activity on the Internet Why? Internet Fraud methods are evolving at a rapid rate. Consumers need to be aware they are vulnerable as fraudsters are persuasive and convincing; many victims thought they were too smart to be scammed. Consumers should educate themselves on Internet Fraud, the trends and continual changes in fraudulent methods used. Fraud Watch International offers consumer education as a free service to the Internet community.
  • 24. 9. Check Your Credit Report Immediately, for Free! Why? If you have responded to a fraudulent email, you may be at risk of identity theft. A virus could have been implanted within the email, which may find and pass on sensitive personal information about you to fraudsters, or if you have provided fraudsters with any personal information, you may be at risk of Identity Theft. You should check your credit report, and subscribe to a credit report monitoring service, to be alerted if your personal information is used fraudulently.
  • 25. 10. Seek Advice - If you are unsure - ask us! Why? If unsure as to the legitimacy of an email, consumers should seek advice from the legitimate corporation using verified contact details. For other potentially fraudulent emails, consumers can seek advice from Fraud Watch International by forwarding the email with their questions to us. This is a free service to assist in the prevention of Internet Fraud. Recommendation: You can seek advice from Fraud Watch International by forwarding the email with your questions to scams@fraudwatchinternational.com .