SlideShare ist ein Scribd-Unternehmen logo

2 phishing

Als DOCX, PDF herunterladen
Y
Yadavalli Thripura
Technologie
1 von 7
“PHISHING” -A THREAT TO NETWORK SECURITY ABSTRACT brand spoofing or carding and is a variation on"fishing," the idea being that bait is “Give a man a fish," goes an old adage," thrown out with the hopes that while most and you feed him for a day. Teach a man will ignorethe bait, some will be empted into tofish, and you feed him for life." In Internet biting. It is a type of fraud unique to the parlance, “Teach a man to phish, and he Internet.Hackers challenge networksecurity canfeast on caviar for the rest of his life."It through ‗phishing‘. Phishers use both is becoming increasingly common to tune in linguistic andtechnical ploys to steal to the news or load your favorite newsWeb sensitive data. The term ―phishing" was site and read about yet another Internet e- coined in 1996 and refersto email that mail scam. An e-mail scam is a fraudulent directs users to counterfeit websites. The emailthat appears to be from a legitimate goal is to collect personal and Internet address with a justifiable request — finalinformation, which can then be used to usually to verify your personal information make unauthorized purchases, steal or account details. One example would be identities, orsell sensitive information to ifyou received ane-mail that appears tobe identify theft things. In a typical phishing e- fromyour bankrequesting you click a mail, the usersare directed to a proxy site hyperlinkintheE-mail and verify your online that looks just like the original one but banking information. Usually there will be however the proxy sitemight ask for arepercussion stated in the e-mail for not additional detailed data ( like bank account following the link, such as "your account numbers, social securitynumber, mother's will beclosed or suspended". The goal of the maiden name, credit/debit card numbers, or sender is for you to disclose personal and the highly confidentialCVV2 in the case of a accountrelated information. proxy bank email). It is not unusual, This paper presents one of the 21st century‘s however, for the link to bedead, as phishing identity theft web crimes known requires a very tight timeline due to more asphishing‘. Phishing is also referred to as effective detection tools.
Phishing is an example of social engineering value all in itself to thecriminals. Hidden techniques used to fool users. Attempts away amongst the mounds of electronic junk todeal with the growing number of reported mail, and bypassing manyof todays best phishing incidents include legislation, anti-Spam filters, a new attack vector lies in usertraining, public awareness, and technical wait to steal confidentialpersonal measures. Information. Such mails lure victims into Our paper briefly gives the history of traps specifically designed to steal phishing and explains the various methods theirelectronic identity. of message delivery which includes delivery 1.2 HISTORY OF PHISHING: The word ―phishing‖ originally comes from with email, instant message delivery, the analogy that early Internet criminals andweb based delivery, and trojoned host. In usedemail lures to ―phish‖ (FISH) for addition to these, it describes the passwords and financial data from sea of variousphishing attack vectors. Phishing Internet users.The term Phishing covers not attacks include man in middle attacks, only obtaining user account details, but now confusing URLattacks, hidden attacks, and includes accessto allpersonal and financial confusing host names. Our paper also gives data. informationabout various defence mechanisms. Defence mechanisms is 2. PHISHING MESSAGE DELIVERY: deployed in three layersclient, server, Phishing attacks rely upon a mix of enterprise which help to implemented to technical deceit and social engineering guard oneself from the cripplingeffects of practices.In the majority of cases the Phisher phishing. must persuade the victim to intentionally 1. INTRODUCTION: perform aSeries of confidential information. Communication channels such as email, 1.1 WHAT IS PHISHING? web-pages, IRCand instant messaging The process of tricking or socially services are popular. engineering organizations customers into 2.1 E MAIL: impartingtheir confidential information is Phishing attacks initiated by email are the called ‗phishing‘. Organizational size most common. As almost all the net users doesn‘t matter; theequality of the personal useEmails Phisher find it easy to do identity information reaped from the attack has a
theft. Techniques used within Phishing 2.3 IRC AND INSTANT MESSAGING: emails: IRC and Instant Messaging (IM) forums are • Official looking and sounding emails likely to become a popular phishingground. • Copies of legitimate corporate emails with As these communication channels become Minor URL changes. more popular with home users, • HTML based email used to obfuscate andmorefunctionality is included within the target URL information• Standard software, specialist phishing attacks will virus/worm attachments to email increase.As many IRC and IM clients allow for embedded dynamic content (e.g. 2.2 WEB BASD DELIVERY: graphics, URL‘s,multimedia includes, etc.) to be sent by channel participants, it is a An increasingly popular method of trivial task to employmany of the phishing conducting phishing attacks is through techniques used in standard web-based maliciousweb-site content. This content may attacks. The common usage ofBots be included within a web-site operated by (automated programs that listen and the Phisher,or a third-party site hosting some participate in group discussions) in many of embedded content. thepopular channels, means that it is very Web-based delivery techniques include: easy for a Phisher to anonymously send • The inclusion of HTML disguised links semi relevantlinks and fake information to (such as the one presented in the above the victims. emailExample). Within popular web-sites, 2.4 TROJONED HOSTS: message boards. While the delivery medium for the phishing • The use of third-party supplied, or fake, attack may be varied, the deliverysource is banner advertising graphics to lure increasingly becoming home PC‘s that have customers to the Phisher‘s web-site. been previously compromised. Aspart of this • The use of web-bugs (hidden items within compromise, a Trojan horse program has the page – such as a zero-sized graphic) been installed which allowsPhisher‘s to use totrack a potential customer in preparation the PC as a message propagator. In fact, to for a phishing attack. harvest the confidentialinformation of • The use of pop-up or frameless windows to several thousand customers simultaneously, disguise the true source of the Phisher‘s Phisher‘s use informationspecific Trojans. message.
3. PHISHING ATTACK • Friendly login URL‘s-Many common web VECTORS:For a Phishing attack to be browser implementations allow for complex URL‘s that can include Authentication successful, it must use a number of methods information such as a Login name to trick theCustomer into doing something andpassword which trick many customers with their server and/or supplied page into thinking that they are actually visiting content .The most common methods are: thetarget organization. 3.1 MAN IN MIDDLE ATTACKS: 3.3 CONFUSING HOST NAMES: In this class of attacks, the attackers situate Most Internet users are familiar with themselves between the customer andthe navigating to sites and services using afully real web-based application, and proxies all qualified domain name, such as communications between the systems. www.site.com. For a web browser to communicateover the Internet, this address must to be resolved to an IP address, such as 209.134.161.35for www.site.com. This resolution of IP address to host name is achieved through domainname servers. 3.4 HIDDEN ATTACKS: An attacker may make use of HTML, 3.2 CONFUSING URL ATTACKS: DHTML and other scriptable codethat can be interpreted by the customer‘s web The secret for many phishing attacks is to browser and used to manipulate the get the message recipient to followa displayof the rendered information. In many hyperlink (URL) to the attacker‘s server, instances the attacker will use these without them realizing that they have techniques todisguise fake content as beenduped. The most common methods of coming from the real site – whether this is a URL obfuscation include: man-in-the-middleattack, or a fake copy of • Bad domain names-which look similar to the site hosted on the attackers own systems. original domain names but actually linkto The most common vectors include: phisher’s server. • Hidden Frames • Overriding Page Content• Graphical Substitution
4. DEFENCE MECHANISM:The Many of the attacks are successful due to Phisher has a large number of methods at HTML-based email Functionality as their disposal consequently there is no Explained above. singlesolution capable of combating all · HTML functionality must be disabled in all these different attack vectors. However, it is email client applications capable possible toprevent current and future ofaccepting or sending Internet emails. Phishing attacks by utilizing a mix of Instead plain-text email representation information securitytechnologies and should beused, and ideally the chosen techniques.For best protection, these font should be fixed-with such as Courier. security technologies and techniques must · Email applications capable of blocking be deployed at three Logical layers: ―dangerous‖ attachments and preventing The Client-side – this includes the user‘s users from quickly executing or viewing PC.The Server-side – this includes the attached content should be used businesses, Internet visible systems and wheneverpossible. customapplications.Enterprise Level – 4.1.3 Browser Capabilities: distributed technologies and third-party The common web browser may be used as a management services defense against phishing attacks – if it 4.1 CLIENT SIDE: isconfigured securely. Customers and Client side is a representation of forefront of businesses must make a move to use a web anti-phishing security. At this side browserthat is appropriate for the task at protection against phishing can be done by: hand. Tohelp prevent many Phishing attack · Desktop protection technologies vectors, web browser users should: · Email sophistication • Disable all window pop-up functionality. · Browser capabilities • Disable Java runtime support. · Customer vigilance • Disable ActiveX support. 4.1.1 Desktop protection technologies: • Disable all multimedia and auto-play/auto- By using anti-viruses, anti-spy wares, execute extensions. personal firewall etc, which have the • Prevent the storage of non-secure cookies. abilityto detect and block the installation of •Ensure that any downloads cannot be malicious software like Trojans, spy wares. automatically run from the browser, and 4.1.2 Email Sophistication:
mustInstead be downloaded into a directory arereceived to determine whether there are for anti- Virus inspection. any unauthorized charges. If the statement 4.1.4 Customer Vigilance: islate by more than a couple of days, a call Customers may take a number of steps to to Credit Card Company or bank must avoid becoming a victim of a phishingattack bemade to confirm billing address and that involve inspecting content that is account balances. presented to them carefully. 4.2 SERVER SIDE: Some measures that should be taken by the By implementing intelligent anti-phishing customer are: techniques into the organizations · If a customer gets an email that warns webapplication security, developing internal he/she, with little or no notice that processes to combat phishing vectors theiraccount will be shut down unless they andeducating customers – it is possible to reconfirm billing information, they should take an active role in protecting customers notreply or click on the link in the email. fromfuture attack. At the server-side, Instead, they should contact the company protection against Phishing can be done by: citedin the email using a telephone number 1. Improving customer awareness or Web site address that is known to 2. Host and Linking conventions begenuine. 3. Enterprise Level · Customer should never respond to HTML 5. CONCLUSION: email with embedded submission forms.Any Phishing, which started off being part of information submitted via the email (even if popular hacking culture, has now it is legitimate) will be sent in cleartext that increasednumerously with the growth of use could be observed. of Internet.The points raised within this · Users should avoid emailing personal and paper, and the solutions proposed, represent financial information. Before key steps insecuring online services from submittingfinancial information through a fraudulent phishing attacks – and also go a Web site, the "lock" icon on the browser's long way inprotecting against many other status barshould be observed .It signals that popular hacking or criminal attack vectors. information is secure during transmission. 6. REFERENCES: · Credit card and bank account statements are to be reviewed as soon as they
· ―Proposed Solutions to Address the Threat of Email Spoofing Scams‖, the Anti- Phishing Working Group · ―Anti-Phishing: Best Practices forInstitutions and Consumers‖, McAfee. ―Phishing Victims Likely WillSuffer Identity Theft Fraud‖, GartnerResearch Note, A. Litan.

Empfohlen

An overview study on cyber crimes in internet
An overview study on cyber crimes in internetAn overview study on cyber crimes in internet
An overview study on cyber crimes in internetAlexander Decker
 
Phishing attack types and mitigation strategies
Phishing attack types and mitigation strategiesPhishing attack types and mitigation strategies
Phishing attack types and mitigation strategiesSarim Khawaja
 
Phishing
PhishingPhishing
Phishingdefquon
 
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...IJNSA Journal
 
Securing Internet communications end-to-end with the DANE protocol
Securing Internet communications end-to-end with the DANE protocolSecuring Internet communications end-to-end with the DANE protocol
Securing Internet communications end-to-end with the DANE protocolAfnic
 
TH3 Professional Developper CEH hacking email accounts
TH3 Professional Developper CEH hacking email accountsTH3 Professional Developper CEH hacking email accounts
TH3 Professional Developper CEH hacking email accountsth3prodevelopper
 
A Survey Paper on Identity Theft in the Internet
A Survey Paper on Identity Theft in the InternetA Survey Paper on Identity Theft in the Internet
A Survey Paper on Identity Theft in the Internetijtsrd
 
Ce hv6 module 14 denial of service TH3 professional security
Ce hv6 module 14 denial of service TH3 professional securityCe hv6 module 14 denial of service TH3 professional security
Ce hv6 module 14 denial of service TH3 professional securitydefquon
 

Empfohlen

An overview study on cyber crimes in internet
An overview study on cyber crimes in internetAn overview study on cyber crimes in internet
An overview study on cyber crimes in internetAlexander Decker
 
Phishing attack types and mitigation strategies
Phishing attack types and mitigation strategiesPhishing attack types and mitigation strategies
Phishing attack types and mitigation strategiesSarim Khawaja
 
Phishing
PhishingPhishing
Phishingdefquon
 
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...IJNSA Journal
 
Securing Internet communications end-to-end with the DANE protocol
Securing Internet communications end-to-end with the DANE protocolSecuring Internet communications end-to-end with the DANE protocol
Securing Internet communications end-to-end with the DANE protocolAfnic
 
TH3 Professional Developper CEH hacking email accounts
TH3 Professional Developper CEH hacking email accountsTH3 Professional Developper CEH hacking email accounts
TH3 Professional Developper CEH hacking email accountsth3prodevelopper
 
A Survey Paper on Identity Theft in the Internet
A Survey Paper on Identity Theft in the InternetA Survey Paper on Identity Theft in the Internet
A Survey Paper on Identity Theft in the Internetijtsrd
 
Ce hv6 module 14 denial of service TH3 professional security
Ce hv6 module 14 denial of service TH3 professional securityCe hv6 module 14 denial of service TH3 professional security
Ce hv6 module 14 denial of service TH3 professional securitydefquon
 
An Introduction to E-Mail Security and Fraud
An Introduction to E-Mail Security and FraudAn Introduction to E-Mail Security and Fraud
An Introduction to E-Mail Security and FraudDR.P.S.JAGADEESH KUMAR
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & ForensicsHarshita Ved
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & ForensicsHarshita Ved
 
An overview of cyberimes
An overview of cyberimesAn overview of cyberimes
An overview of cyberimesProf. (Dr.) Tabrez Ahmad
 
An intellect learning on e mail
An intellect learning on e mailAn intellect learning on e mail
An intellect learning on e mailIJNSA Journal
 
Customer Involvement in Phishing Defence
Customer Involvement in Phishing DefenceCustomer Involvement in Phishing Defence
Customer Involvement in Phishing DefenceJordan Schroeder
 
20120208 Strategical approach to tacle cybercrime & the botnet threat
20120208 Strategical approach to tacle cybercrime & the botnet threat20120208 Strategical approach to tacle cybercrime & the botnet threat
20120208 Strategical approach to tacle cybercrime & the botnet threatLuc Beirens
 
E0334035040
E0334035040E0334035040
E0334035040theijes
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & ForensicsHarshita Ved
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & ForensicsHarshita Ved
 
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...Eyal Doron
 
Fast flux hosting and DNS
Fast flux hosting and DNSFast flux hosting and DNS
Fast flux hosting and DNSamiable_indian
 
A novel way of integrating voice recognition and one time passwords to preven...
A novel way of integrating voice recognition and one time passwords to preven...A novel way of integrating voice recognition and one time passwords to preven...
A novel way of integrating voice recognition and one time passwords to preven...ijdpsjournal
 
Spam and Phishing Report - Marzo 2010
Spam and Phishing Report - Marzo 2010Spam and Phishing Report - Marzo 2010
Spam and Phishing Report - Marzo 2010Symantec Italia
 
1, prevalent network threats and telecommunication security challenges and co...
1, prevalent network threats and telecommunication security challenges and co...1, prevalent network threats and telecommunication security challenges and co...
1, prevalent network threats and telecommunication security challenges and co...Alexander Decker
 
Paul okade an introduction-of_cryptography
Paul okade an introduction-of_cryptographyPaul okade an introduction-of_cryptography
Paul okade an introduction-of_cryptographyPaul Okade
 
What are the possible damages of phishing and spoofing mail attacks part 2#...
What are the possible damages of phishing and spoofing mail attacks part 2#...What are the possible damages of phishing and spoofing mail attacks part 2#...
What are the possible damages of phishing and spoofing mail attacks part 2#...Eyal Doron
 
Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsIRJET Journal
 
Il Cloud a difesa della mail e del web
Il Cloud a difesa della mail e del webIl Cloud a difesa della mail e del web
Il Cloud a difesa della mail e del webSymantec Italia
 
Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 2)
Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 2)Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 2)
Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 2)Nuzhat Memon
 
Deconstructing A Phishing Scheme
Deconstructing A Phishing SchemeDeconstructing A Phishing Scheme
Deconstructing A Phishing SchemeChristopher Duffy
 
Phishing technology
Phishing technologyPhishing technology
Phishing technologyPreeti Papneja
 

Weitere ähnliche Inhalte

Was ist angesagt?

An Introduction to E-Mail Security and Fraud
An Introduction to E-Mail Security and FraudAn Introduction to E-Mail Security and Fraud
An Introduction to E-Mail Security and FraudDR.P.S.JAGADEESH KUMAR
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & ForensicsHarshita Ved
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & ForensicsHarshita Ved
 
An intellect learning on e mail
An intellect learning on e mailAn intellect learning on e mail
An intellect learning on e mailIJNSA Journal
 
Customer Involvement in Phishing Defence
Customer Involvement in Phishing DefenceCustomer Involvement in Phishing Defence
Customer Involvement in Phishing DefenceJordan Schroeder
 
20120208 Strategical approach to tacle cybercrime & the botnet threat
20120208 Strategical approach to tacle cybercrime & the botnet threat20120208 Strategical approach to tacle cybercrime & the botnet threat
20120208 Strategical approach to tacle cybercrime & the botnet threatLuc Beirens
 
E0334035040
E0334035040E0334035040
E0334035040theijes
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & ForensicsHarshita Ved
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & ForensicsHarshita Ved
 
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...Eyal Doron
 
Fast flux hosting and DNS
Fast flux hosting and DNSFast flux hosting and DNS
Fast flux hosting and DNSamiable_indian
 
A novel way of integrating voice recognition and one time passwords to preven...
A novel way of integrating voice recognition and one time passwords to preven...A novel way of integrating voice recognition and one time passwords to preven...
A novel way of integrating voice recognition and one time passwords to preven...ijdpsjournal
 
Spam and Phishing Report - Marzo 2010
Spam and Phishing Report - Marzo 2010Spam and Phishing Report - Marzo 2010
Spam and Phishing Report - Marzo 2010Symantec Italia
 
1, prevalent network threats and telecommunication security challenges and co...
1, prevalent network threats and telecommunication security challenges and co...1, prevalent network threats and telecommunication security challenges and co...
1, prevalent network threats and telecommunication security challenges and co...Alexander Decker
 
Paul okade an introduction-of_cryptography
Paul okade an introduction-of_cryptographyPaul okade an introduction-of_cryptography
Paul okade an introduction-of_cryptographyPaul Okade
 
What are the possible damages of phishing and spoofing mail attacks part 2#...
What are the possible damages of phishing and spoofing mail attacks part 2#...What are the possible damages of phishing and spoofing mail attacks part 2#...
What are the possible damages of phishing and spoofing mail attacks part 2#...Eyal Doron
 
Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsIRJET Journal
 
Il Cloud a difesa della mail e del web
Il Cloud a difesa della mail e del webIl Cloud a difesa della mail e del web
Il Cloud a difesa della mail e del webSymantec Italia
 
Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 2)
Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 2)Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 2)
Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 2)Nuzhat Memon
 

Was ist angesagt? (20)

An Introduction to E-Mail Security and Fraud
An Introduction to E-Mail Security and FraudAn Introduction to E-Mail Security and Fraud
An Introduction to E-Mail Security and Fraud
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & Forensics
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & Forensics
 
An overview of cyberimes
An overview of cyberimesAn overview of cyberimes
An overview of cyberimes
 
An intellect learning on e mail
An intellect learning on e mailAn intellect learning on e mail
An intellect learning on e mail
 
Customer Involvement in Phishing Defence
Customer Involvement in Phishing DefenceCustomer Involvement in Phishing Defence
Customer Involvement in Phishing Defence
 
20120208 Strategical approach to tacle cybercrime & the botnet threat
20120208 Strategical approach to tacle cybercrime & the botnet threat20120208 Strategical approach to tacle cybercrime & the botnet threat
20120208 Strategical approach to tacle cybercrime & the botnet threat
 
E0334035040
E0334035040E0334035040
E0334035040
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & Forensics
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & Forensics
 
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...
 
Fast flux hosting and DNS
Fast flux hosting and DNSFast flux hosting and DNS
Fast flux hosting and DNS
 
A novel way of integrating voice recognition and one time passwords to preven...
A novel way of integrating voice recognition and one time passwords to preven...A novel way of integrating voice recognition and one time passwords to preven...
A novel way of integrating voice recognition and one time passwords to preven...
 
Spam and Phishing Report - Marzo 2010
Spam and Phishing Report - Marzo 2010Spam and Phishing Report - Marzo 2010
Spam and Phishing Report - Marzo 2010
 
1, prevalent network threats and telecommunication security challenges and co...
1, prevalent network threats and telecommunication security challenges and co...1, prevalent network threats and telecommunication security challenges and co...
1, prevalent network threats and telecommunication security challenges and co...
 
Paul okade an introduction-of_cryptography
Paul okade an introduction-of_cryptographyPaul okade an introduction-of_cryptography
Paul okade an introduction-of_cryptography
 
What are the possible damages of phishing and spoofing mail attacks part 2#...
What are the possible damages of phishing and spoofing mail attacks part 2#...What are the possible damages of phishing and spoofing mail attacks part 2#...
What are the possible damages of phishing and spoofing mail attacks part 2#...
 
Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing Tools
 
Il Cloud a difesa della mail e del web
Il Cloud a difesa della mail e del webIl Cloud a difesa della mail e del web
Il Cloud a difesa della mail e del web
 
Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 2)
Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 2)Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 2)
Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 2)
 

Andere mochten auch

Deconstructing A Phishing Scheme
Deconstructing A Phishing SchemeDeconstructing A Phishing Scheme
Deconstructing A Phishing SchemeChristopher Duffy
 
Cyber risk trends in 2015
Cyber risk trends in 2015Cyber risk trends in 2015
Cyber risk trends in 2015Wynyard Group
 
Cyber Crime Seminar Jan 2015
Cyber Crime Seminar Jan 2015Cyber Crime Seminar Jan 2015
Cyber Crime Seminar Jan 2015Kevin Murphy
 
10 Steps to Creating a Corporate Phishing Awareness Program
10 Steps to Creating a Corporate Phishing Awareness Program10 Steps to Creating a Corporate Phishing Awareness Program
10 Steps to Creating a Corporate Phishing Awareness ProgramWiley
 
Spear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishnaSpear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishnaRaghunath G
 
Rafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack ChainRafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack Chaincentralohioissa
 
Phishing - A modern web attack
Phishing - A modern web attackPhishing - A modern web attack
Phishing - A modern web attackKarthik
 
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks Er. Rahul Jain
 
Traditional problem associated with cyber crime
Traditional problem associated with cyber crimeTraditional problem associated with cyber crime
Traditional problem associated with cyber crimevishalgohel12195
 
CFMA Cyber Crime Presentation
CFMA Cyber Crime PresentationCFMA Cyber Crime Presentation
CFMA Cyber Crime PresentationSteve Machesney
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanControlScan, Inc.
 
Cyber crime in a Smart Phone & Social Media Obsessed World
Cyber crime in a Smart Phone & Social Media Obsessed WorldCyber crime in a Smart Phone & Social Media Obsessed World
Cyber crime in a Smart Phone & Social Media Obsessed WorldJohn Palfreyman
 

Andere mochten auch (20)

Deconstructing A Phishing Scheme
Deconstructing A Phishing SchemeDeconstructing A Phishing Scheme
Deconstructing A Phishing Scheme
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Cyber risk trends in 2015
Cyber risk trends in 2015Cyber risk trends in 2015
Cyber risk trends in 2015
 
Cyber Crime Seminar Jan 2015
Cyber Crime Seminar Jan 2015Cyber Crime Seminar Jan 2015
Cyber Crime Seminar Jan 2015
 
Cyberextortion
CyberextortionCyberextortion
Cyberextortion
 
Current Trends in Cyber Crime 2015
Current Trends in Cyber Crime 2015Current Trends in Cyber Crime 2015
Current Trends in Cyber Crime 2015
 
10 Steps to Creating a Corporate Phishing Awareness Program
10 Steps to Creating a Corporate Phishing Awareness Program10 Steps to Creating a Corporate Phishing Awareness Program
10 Steps to Creating a Corporate Phishing Awareness Program
 
Spear phishing attacks
Spear phishing attacksSpear phishing attacks
Spear phishing attacks
 
Spear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishnaSpear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishna
 
Rafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack ChainRafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack Chain
 
Phishing - A modern web attack
Phishing - A modern web attackPhishing - A modern web attack
Phishing - A modern web attack
 
CFAR
CFARCFAR
CFAR
 
Phishing attack
Phishing attackPhishing attack
Phishing attack
 
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
 
Traditional problem associated with cyber crime
Traditional problem associated with cyber crimeTraditional problem associated with cyber crime
Traditional problem associated with cyber crime
 
CFMA Cyber Crime Presentation
CFMA Cyber Crime PresentationCFMA Cyber Crime Presentation
CFMA Cyber Crime Presentation
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
 
Cyber crime in a Smart Phone & Social Media Obsessed World
Cyber crime in a Smart Phone & Social Media Obsessed WorldCyber crime in a Smart Phone & Social Media Obsessed World
Cyber crime in a Smart Phone & Social Media Obsessed World
 
Phishing attack till now
Phishing attack till nowPhishing attack till now
Phishing attack till now
 
Cyber Security Terms
Cyber Security TermsCyber Security Terms
Cyber Security Terms
 

Ähnlich wie 2 phishing

cyber threats and attacks.pptx
cyber threats and attacks.pptxcyber threats and attacks.pptx
cyber threats and attacks.pptxsakshiyad2611
 
Internet threats and defence mechanism
Internet threats and defence mechanismInternet threats and defence mechanism
Internet threats and defence mechanismCAS
 
Phishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresPhishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresIRJET Journal
 
Phishing Attacks: A Challenge Ahead
Phishing Attacks: A Challenge AheadPhishing Attacks: A Challenge Ahead
Phishing Attacks: A Challenge AheadeLearning Papers
 
DENGAROUS CYBER ATTACKS
DENGAROUS CYBER ATTACKSDENGAROUS CYBER ATTACKS
DENGAROUS CYBER ATTACKSHackingmantra
 
December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10seadeloitte
 
presentation_cybercrime_1486105587_257582.ppt
presentation_cybercrime_1486105587_257582.pptpresentation_cybercrime_1486105587_257582.ppt
presentation_cybercrime_1486105587_257582.pptJatinRajput67
 
need help with a term paper 8 pages Write a term paper that discusse.pdf
need help with a term paper 8 pages Write a term paper that discusse.pdfneed help with a term paper 8 pages Write a term paper that discusse.pdf
need help with a term paper 8 pages Write a term paper that discusse.pdfanjandavid
 
Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure" Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure" Frontier Small Business
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and SecurityMd Nishad
 
Man in the middle attack .pptx
Man in the middle attack .pptxMan in the middle attack .pptx
Man in the middle attack .pptxPradeepKumar728006
 
ccs12-18022310494mghmgmyy3 (1).pdf
ccs12-18022310494mghmgmyy3 (1).pdfccs12-18022310494mghmgmyy3 (1).pdf
ccs12-18022310494mghmgmyy3 (1).pdfKALPITKALPIT1
 
A FRAMEWORK FOR SECURING EMAIL ENTRANCES AND MITIGATING PHISHING IMPERSONATIO...
A FRAMEWORK FOR SECURING EMAIL ENTRANCES AND MITIGATING PHISHING IMPERSONATIO...A FRAMEWORK FOR SECURING EMAIL ENTRANCES AND MITIGATING PHISHING IMPERSONATIO...
A FRAMEWORK FOR SECURING EMAIL ENTRANCES AND MITIGATING PHISHING IMPERSONATIO...IJNSA Journal
 

Ähnlich wie 2 phishing (20)

Phishing.pdf
Phishing.pdfPhishing.pdf
Phishing.pdf
 
cyber threats and attacks.pptx
cyber threats and attacks.pptxcyber threats and attacks.pptx
cyber threats and attacks.pptx
 
Internet threats and defence mechanism
Internet threats and defence mechanismInternet threats and defence mechanism
Internet threats and defence mechanism
 
Phishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresPhishing: Analysis and Countermeasures
Phishing: Analysis and Countermeasures
 
Phishing Attacks: A Challenge Ahead
Phishing Attacks: A Challenge AheadPhishing Attacks: A Challenge Ahead
Phishing Attacks: A Challenge Ahead
 
Phishing.pptx
Phishing.pptxPhishing.pptx
Phishing.pptx
 
DENGAROUS CYBER ATTACKS
DENGAROUS CYBER ATTACKSDENGAROUS CYBER ATTACKS
DENGAROUS CYBER ATTACKS
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
cyber crime.pptx
cyber crime.pptxcyber crime.pptx
cyber crime.pptx
 
December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10
 
presentation_cybercrime_1486105587_257582.ppt
presentation_cybercrime_1486105587_257582.pptpresentation_cybercrime_1486105587_257582.ppt
presentation_cybercrime_1486105587_257582.ppt
 
need help with a term paper 8 pages Write a term paper that discusse.pdf
need help with a term paper 8 pages Write a term paper that discusse.pdfneed help with a term paper 8 pages Write a term paper that discusse.pdf
need help with a term paper 8 pages Write a term paper that discusse.pdf
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure" Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure"
 
My presentation
My presentationMy presentation
My presentation
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and Security
 
Attacks Types
Attacks TypesAttacks Types
Attacks Types
 
Man in the middle attack .pptx
Man in the middle attack .pptxMan in the middle attack .pptx
Man in the middle attack .pptx
 
ccs12-18022310494mghmgmyy3 (1).pdf
ccs12-18022310494mghmgmyy3 (1).pdfccs12-18022310494mghmgmyy3 (1).pdf
ccs12-18022310494mghmgmyy3 (1).pdf
 
A FRAMEWORK FOR SECURING EMAIL ENTRANCES AND MITIGATING PHISHING IMPERSONATIO...
A FRAMEWORK FOR SECURING EMAIL ENTRANCES AND MITIGATING PHISHING IMPERSONATIO...A FRAMEWORK FOR SECURING EMAIL ENTRANCES AND MITIGATING PHISHING IMPERSONATIO...
A FRAMEWORK FOR SECURING EMAIL ENTRANCES AND MITIGATING PHISHING IMPERSONATIO...
 

Kürzlich hochgeladen

Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 

Kürzlich hochgeladen (20)

Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 

2 phishing

  • 1. “PHISHING” -A THREAT TO NETWORK SECURITY ABSTRACT brand spoofing or carding and is a variation on"fishing," the idea being that bait is “Give a man a fish," goes an old adage," thrown out with the hopes that while most and you feed him for a day. Teach a man will ignorethe bait, some will be empted into tofish, and you feed him for life." In Internet biting. It is a type of fraud unique to the parlance, “Teach a man to phish, and he Internet.Hackers challenge networksecurity canfeast on caviar for the rest of his life."It through ‗phishing‘. Phishers use both is becoming increasingly common to tune in linguistic andtechnical ploys to steal to the news or load your favorite newsWeb sensitive data. The term ―phishing" was site and read about yet another Internet e- coined in 1996 and refersto email that mail scam. An e-mail scam is a fraudulent directs users to counterfeit websites. The emailthat appears to be from a legitimate goal is to collect personal and Internet address with a justifiable request — finalinformation, which can then be used to usually to verify your personal information make unauthorized purchases, steal or account details. One example would be identities, orsell sensitive information to ifyou received ane-mail that appears tobe identify theft things. In a typical phishing e- fromyour bankrequesting you click a mail, the usersare directed to a proxy site hyperlinkintheE-mail and verify your online that looks just like the original one but banking information. Usually there will be however the proxy sitemight ask for arepercussion stated in the e-mail for not additional detailed data ( like bank account following the link, such as "your account numbers, social securitynumber, mother's will beclosed or suspended". The goal of the maiden name, credit/debit card numbers, or sender is for you to disclose personal and the highly confidentialCVV2 in the case of a accountrelated information. proxy bank email). It is not unusual, This paper presents one of the 21st century‘s however, for the link to bedead, as phishing identity theft web crimes known requires a very tight timeline due to more asphishing‘. Phishing is also referred to as effective detection tools.
  • 2. Phishing is an example of social engineering value all in itself to thecriminals. Hidden techniques used to fool users. Attempts away amongst the mounds of electronic junk todeal with the growing number of reported mail, and bypassing manyof todays best phishing incidents include legislation, anti-Spam filters, a new attack vector lies in usertraining, public awareness, and technical wait to steal confidentialpersonal measures. Information. Such mails lure victims into Our paper briefly gives the history of traps specifically designed to steal phishing and explains the various methods theirelectronic identity. of message delivery which includes delivery 1.2 HISTORY OF PHISHING: The word ―phishing‖ originally comes from with email, instant message delivery, the analogy that early Internet criminals andweb based delivery, and trojoned host. In usedemail lures to ―phish‖ (FISH) for addition to these, it describes the passwords and financial data from sea of variousphishing attack vectors. Phishing Internet users.The term Phishing covers not attacks include man in middle attacks, only obtaining user account details, but now confusing URLattacks, hidden attacks, and includes accessto allpersonal and financial confusing host names. Our paper also gives data. informationabout various defence mechanisms. Defence mechanisms is 2. PHISHING MESSAGE DELIVERY: deployed in three layersclient, server, Phishing attacks rely upon a mix of enterprise which help to implemented to technical deceit and social engineering guard oneself from the cripplingeffects of practices.In the majority of cases the Phisher phishing. must persuade the victim to intentionally 1. INTRODUCTION: perform aSeries of confidential information. Communication channels such as email, 1.1 WHAT IS PHISHING? web-pages, IRCand instant messaging The process of tricking or socially services are popular. engineering organizations customers into 2.1 E MAIL: impartingtheir confidential information is Phishing attacks initiated by email are the called ‗phishing‘. Organizational size most common. As almost all the net users doesn‘t matter; theequality of the personal useEmails Phisher find it easy to do identity information reaped from the attack has a
  • 3. theft. Techniques used within Phishing 2.3 IRC AND INSTANT MESSAGING: emails: IRC and Instant Messaging (IM) forums are • Official looking and sounding emails likely to become a popular phishingground. • Copies of legitimate corporate emails with As these communication channels become Minor URL changes. more popular with home users, • HTML based email used to obfuscate andmorefunctionality is included within the target URL information• Standard software, specialist phishing attacks will virus/worm attachments to email increase.As many IRC and IM clients allow for embedded dynamic content (e.g. 2.2 WEB BASD DELIVERY: graphics, URL‘s,multimedia includes, etc.) to be sent by channel participants, it is a An increasingly popular method of trivial task to employmany of the phishing conducting phishing attacks is through techniques used in standard web-based maliciousweb-site content. This content may attacks. The common usage ofBots be included within a web-site operated by (automated programs that listen and the Phisher,or a third-party site hosting some participate in group discussions) in many of embedded content. thepopular channels, means that it is very Web-based delivery techniques include: easy for a Phisher to anonymously send • The inclusion of HTML disguised links semi relevantlinks and fake information to (such as the one presented in the above the victims. emailExample). Within popular web-sites, 2.4 TROJONED HOSTS: message boards. While the delivery medium for the phishing • The use of third-party supplied, or fake, attack may be varied, the deliverysource is banner advertising graphics to lure increasingly becoming home PC‘s that have customers to the Phisher‘s web-site. been previously compromised. Aspart of this • The use of web-bugs (hidden items within compromise, a Trojan horse program has the page – such as a zero-sized graphic) been installed which allowsPhisher‘s to use totrack a potential customer in preparation the PC as a message propagator. In fact, to for a phishing attack. harvest the confidentialinformation of • The use of pop-up or frameless windows to several thousand customers simultaneously, disguise the true source of the Phisher‘s Phisher‘s use informationspecific Trojans. message.
  • 4. 3. PHISHING ATTACK • Friendly login URL‘s-Many common web VECTORS:For a Phishing attack to be browser implementations allow for complex URL‘s that can include Authentication successful, it must use a number of methods information such as a Login name to trick theCustomer into doing something andpassword which trick many customers with their server and/or supplied page into thinking that they are actually visiting content .The most common methods are: thetarget organization. 3.1 MAN IN MIDDLE ATTACKS: 3.3 CONFUSING HOST NAMES: In this class of attacks, the attackers situate Most Internet users are familiar with themselves between the customer andthe navigating to sites and services using afully real web-based application, and proxies all qualified domain name, such as communications between the systems. www.site.com. For a web browser to communicateover the Internet, this address must to be resolved to an IP address, such as 209.134.161.35for www.site.com. This resolution of IP address to host name is achieved through domainname servers. 3.4 HIDDEN ATTACKS: An attacker may make use of HTML, 3.2 CONFUSING URL ATTACKS: DHTML and other scriptable codethat can be interpreted by the customer‘s web The secret for many phishing attacks is to browser and used to manipulate the get the message recipient to followa displayof the rendered information. In many hyperlink (URL) to the attacker‘s server, instances the attacker will use these without them realizing that they have techniques todisguise fake content as beenduped. The most common methods of coming from the real site – whether this is a URL obfuscation include: man-in-the-middleattack, or a fake copy of • Bad domain names-which look similar to the site hosted on the attackers own systems. original domain names but actually linkto The most common vectors include: phisher’s server. • Hidden Frames • Overriding Page Content• Graphical Substitution
  • 5. 4. DEFENCE MECHANISM:The Many of the attacks are successful due to Phisher has a large number of methods at HTML-based email Functionality as their disposal consequently there is no Explained above. singlesolution capable of combating all · HTML functionality must be disabled in all these different attack vectors. However, it is email client applications capable possible toprevent current and future ofaccepting or sending Internet emails. Phishing attacks by utilizing a mix of Instead plain-text email representation information securitytechnologies and should beused, and ideally the chosen techniques.For best protection, these font should be fixed-with such as Courier. security technologies and techniques must · Email applications capable of blocking be deployed at three Logical layers: ―dangerous‖ attachments and preventing The Client-side – this includes the user‘s users from quickly executing or viewing PC.The Server-side – this includes the attached content should be used businesses, Internet visible systems and wheneverpossible. customapplications.Enterprise Level – 4.1.3 Browser Capabilities: distributed technologies and third-party The common web browser may be used as a management services defense against phishing attacks – if it 4.1 CLIENT SIDE: isconfigured securely. Customers and Client side is a representation of forefront of businesses must make a move to use a web anti-phishing security. At this side browserthat is appropriate for the task at protection against phishing can be done by: hand. Tohelp prevent many Phishing attack · Desktop protection technologies vectors, web browser users should: · Email sophistication • Disable all window pop-up functionality. · Browser capabilities • Disable Java runtime support. · Customer vigilance • Disable ActiveX support. 4.1.1 Desktop protection technologies: • Disable all multimedia and auto-play/auto- By using anti-viruses, anti-spy wares, execute extensions. personal firewall etc, which have the • Prevent the storage of non-secure cookies. abilityto detect and block the installation of •Ensure that any downloads cannot be malicious software like Trojans, spy wares. automatically run from the browser, and 4.1.2 Email Sophistication:
  • 6. mustInstead be downloaded into a directory arereceived to determine whether there are for anti- Virus inspection. any unauthorized charges. If the statement 4.1.4 Customer Vigilance: islate by more than a couple of days, a call Customers may take a number of steps to to Credit Card Company or bank must avoid becoming a victim of a phishingattack bemade to confirm billing address and that involve inspecting content that is account balances. presented to them carefully. 4.2 SERVER SIDE: Some measures that should be taken by the By implementing intelligent anti-phishing customer are: techniques into the organizations · If a customer gets an email that warns webapplication security, developing internal he/she, with little or no notice that processes to combat phishing vectors theiraccount will be shut down unless they andeducating customers – it is possible to reconfirm billing information, they should take an active role in protecting customers notreply or click on the link in the email. fromfuture attack. At the server-side, Instead, they should contact the company protection against Phishing can be done by: citedin the email using a telephone number 1. Improving customer awareness or Web site address that is known to 2. Host and Linking conventions begenuine. 3. Enterprise Level · Customer should never respond to HTML 5. CONCLUSION: email with embedded submission forms.Any Phishing, which started off being part of information submitted via the email (even if popular hacking culture, has now it is legitimate) will be sent in cleartext that increasednumerously with the growth of use could be observed. of Internet.The points raised within this · Users should avoid emailing personal and paper, and the solutions proposed, represent financial information. Before key steps insecuring online services from submittingfinancial information through a fraudulent phishing attacks – and also go a Web site, the "lock" icon on the browser's long way inprotecting against many other status barshould be observed .It signals that popular hacking or criminal attack vectors. information is secure during transmission. 6. REFERENCES: · Credit card and bank account statements are to be reviewed as soon as they
  • 7. · ―Proposed Solutions to Address the Threat of Email Spoofing Scams‖, the Anti- Phishing Working Group · ―Anti-Phishing: Best Practices forInstitutions and Consumers‖, McAfee. ―Phishing Victims Likely WillSuffer Identity Theft Fraud‖, GartnerResearch Note, A. Litan.