1. GENERAL SIR JOHN KOTELAWALA DEFENCE UNIVERSITY
SUBJECT: INFORMATION SECURITY
(MEG 4137)
Prepared by : KDU/MEG/03/09 - W.M. Nilantha Piyasiri
MBA IN E-GOVERNANCE - Programme III
Submission Date : 03 April 2016
4. Thanks to advances in technology, the types
of transactions we can now complete online
are virtually endless.
We use “User Names, Passwords, Credit
Cards, Debit Cards, PINs, birthdates,mothers
maiden name, etc.
5. Stealing above
identities is called
“Identity theft”
Identity theft is a federal
crime. It happens when
one person’s identification
(which can include name,
social security number,
bank account number, or
any other account number)
is used or
transferred by another
6. Phishing and Pharming are two of the most
organized crimes of the 21st
centurey and
these are at the forefront of Internet piracy
and idetity theft.
The Deadly Duo
The information that steal from these act
are used by fraudsters to their evil needs,
such as trasfer money from accounts, buy
murchandise, etc..
7. What is Phishing ?
(fish´ing) (n.) - The act of sending a
message to a user falsely claiming to be an
established legitimate enterpirse in an
attempt to scam the user into surrendering
private information that will be used for
identity theft.
9. Steps of a Phishing Attack
● Phisher prepare for the attack.
● Phisher will register a domain which may
sound simillar when pronounce or look
similar to a legitimate website. Domain
could be made like www.boc-secure.lk to
deceive people who visit www.boc.lk.● Sometimes they make website which says they offer
reduce rates for their merchandise if they enter user
name and password or PIN of an accounts of reputed
eCommerce website, etc.
Step 1
Initiation
10. Steps of a Phishing Attack
● Phisher tries to lure victims into
trap/bait by using different attack
vectors.
● The Common method is sending
an email to the victim.
● The other method is social
engineering where the user will be
compelled to go to website and
login.
● Or install a malware (keylogger,
Step 2
Execution
11. Steps of a Phishing Attack
Step 3
User Action Y
The victim falls into the trap.
He/She will respond either one
of the attack vectors.
Victim will enter his/her
sensitive and confidential data
such as credit card details,
user credentials, account
balance, etc; to the website
without taking any
precausionary measure.
12. Steps of a Phishing Attack
Step 4
Completion Y
The victim falls into the trap.
He/She will respond either one
of the attack vectors.
Victim will enter his/her
sensitive and confidential data
such as credit card details,
user credentials, account
balance, etc; to the website
without taking any