The document discusses phishing, which is a criminal activity using social engineering to fraudulently acquire sensitive information like passwords and credit card details. Phishers masquerade as trustworthy entities through electronic communications. Types of phishing include using JavaScript to alter address bars or using a trusted website's scripts against victims. The document provides examples of PayPal and Yahoo phishing and discusses the damage caused as well as prevention methods like anti-phishing software, challenge questions, and verification tools.

1. By
S.Y.HUSSAIN V.SRINIVAS
NARSARAOPETA ENGINEERING COLLEGE
NARSARAOPET

2. What is Phishing ?
• In computing, phishing is a criminal activity using
social engineering techniques.
• Phishers attempt to fraudulently acquire sensitive
information, such as passwords and credit card details,
by masquerading as a trustworthy person or business in
an electronic communication.

3. How phishing is done??

4. Types of physhing
 Some phishing scams use JavaScript commands in order
to alter the address bar.
This is done either by placing a picture of the legitimate
entity's URL over the address bar, or by closing the original
address bar and opening a new one containing the
legitimate URL.
In another popular method of phishing, an attacker uses a
trusted website's own scripts against the victim.

6. PayPal phishing
In an example PayPal phish (right), spelling mistakes in the
email and the presence of an IP address in the link (visible
in the tooltip under the yellow box) are both clues that this
is a phishing attempt.

7. Phishing as Instant Messages
Yahoo's free instant-messaging service is being targeted by phishers
attempting to steal usernames, passwords and other personal informations.
According to the company, attackers are sending members a message
containing a link to a fake Web site.
The fake site looks like an official Yahoo site and asks the user to log in
by entering a Yahoo ID and password.
The scam is convincing because the original message seems to arrive
from someone on the victim's friends list.

9. Phishing Damage
•The damage caused by phishing ranges from loss of access
to email to substantial financial loss.
• There are also fears that identity thieves can add such
information to that they have gained through phishing simply
by accessing public records.
• The phishers may use a person's details to create fake
accounts in a victim's name, ruin a victim's credit, or even
prevent victims from accessing their own accounts.

10. REPORTS

11. Phishing Prevention in Orkut services

12. How To Detect Phishing ?
• Anti-phishing software is available that may identify
phishing contents on websites, act as a toolbar that
displays the real domain name for the visited website, or
spot phishing attempts in email.
• Many organizations have introduced a feature called
challenge questions, which ask the user for information
that should be known only to the user and the bank.
• Sites have also added verification tools that allow users
to see a secret image that the user selected in advance;
if the image does not appear, then the site is not
legitimate.

14. Prevention
• Misspelled words – many emails originate from
outside the U.S. and therefore are grammatically
horrible
• “Dear Valued Customer” – if the email came from a
legitimate business it would most likely contain your
entire nameAccuracy can be very high if desired.
• Beware of the @ sign – it is most likely a big tip-off
to a suspicious URL link Ease of use makes it a good
choice for many projects.

15. Conclusion
Phishing is only going to get worse before they get
better, so it’s important to familiarize yourself with
these fraud schemes before you get taken advantage
of. Also, as mentioned in this presentation, your spam
blockers, anti-virus software, and internet browser
can go along way in preventing fraud.