SlideShare ist ein Scribd-Unternehmen logo

Phishing & spamming

Als PPTX, PDF herunterladen
Kavis Pandey
Kavis Pandey
1 von 14
PHISHING AND SPAMMING Submitted by : Kavis Pandey Department of Electronics, ETC 2 1004093 email: kavis.pandey@yahoo.co.in mob: 8984523393 1
Phishing & Spamming  Phreaking + Fishing = Phishing -Phreaking = making phone calls for free in 70’s -Fishing = use bait to lure the target  Defn: act of obtaining username, passwords, credit card and other personal details by masquerading as a trustworthy entity in electronic comm.  Popular on social websites, auction sites, banks, online payment processors and most commonly in the inboxes of almost everyone’s email 2
History & current status of phishing  First mentioned in the context of “AOHELL” – a     hacking tool for AOL users Recently, a popular case involved Chinese phishing campaign targeting US and South Korean’s gov military and political activities. In the past most popular phishing attack dates back to 1995 – phishers posed as AOL staffs and sent instant messages to victims to reveal their passwords Post 9/11 ID check scam Thousands of cases reported to customerfraudreporting.org in that period 3
History & current status……..  Bank -56% , retailer - 14% , gov - 13% , spearphish 7% , payment processors - 5%, others - 5% …… targets of phishing attacks  Haiti earthquake scam  FIFA world cup 2010 scam  Tax rebate scams in UK  PiP scams 4
Identifying a fraud  Name of the company mentioned as scam on        customerfraudreporting.org Email format matches one of the several mentioned on the above website The org. has no website and can’t be located on Google Email asks for personal info like account info, driver license no, passport no etc The email claims you’ve won a lottery in which you haven’t participated The prize promoters ask for a fee in advance The email addresses you as dear customer rather than using specific names and details To get the prize you might need to travel overseas at own cost 5
Phishing Techniques  Email / Spam – emails sent to thousands asking for their personal       info Web based delivery – “Man in the middle”, hacker located b/w the website and user Instant messaging – user receives a msg with a link directing them to a fake website looking similar to a legitimate website Trojan hosts – invisible hackers trying to hack into the machine to extract personal info Link manipulation – phishers send a false link to a website. Key loggers – softwares used to identify inputs from keyboard Session hacking – “Session sniffing”, phishers exploit web session control mechanism to steal info 6
Phishing Techniques  System reconfiguration – For eg, “Turn off your firewall to     run this software “ etc Content injection – phishers changes part of the content on a webpage luring the user to go to a page outside the legitimate website Phishing through search engines – users may be redirected to fake websites offering cheap products Phone phishing – phishers make calls to the user about exciting offers and products so as to reveal their details for buying the products Malware phishing – malware attached to spam emails and upon clicking these malwares may harm the system 7
Why phishing works? 1. Lack of knowledge a) Lack of computer system knowledge b)Lack of knowledge of security indicators 2. Visual deception a) Visually deceptive text – “paypai” instead of “paypal”, using “1” instead of “l” , “o” instead of “0” etc , this is called typejacking. b)Images masking underlying text c)Images mimicking windows d)Windows masking underlying windows e)Deceptive look and feel 3. Bounded attention a)Lack on attention to security indicators b)Lack of attention to the absence of security indicators 8
Anti - Phishing  Social responses – train people to recognize phishing attacks. People need to slightly modify their browsing habits in order to prevent being scammed.  Technical responses – use of anti phishing measures such as extensions or toolbars for browsers, anti phishing software  Helping to identify legitimate websites – complain about the fake websites. SFIO deals with internet frauds in India. There are also cyber cells where we can make complaints. 9
Anti - Phishing  Secure connection – from 1990s to late 2000s Mozilla used padlocks as a symbol for secure connection, now certificates and “https” are also included.  Which site – check if the url of the website matches the site that you are looking for 10
Anti Phishing  Who is the authority – The browser needs to state who the real authority is who is issuing the EV (Extended Validation) certificate for a website. The browser needs to have a root list of trusted CAs (Certification Authorities).  Fundamental flaws in security model of secure browsing – (a) users tend to overlook the security indicators (b) users have learned to bypass most of the warnings and treat through all the warnings with same disdain, resulting in a “click through disdain” (c) gaining security authentication are very costly for websites resulting in negligence (d) threat models tend to re-invent themselves as much faster pace  Browsers alerting users of fraudulent websites – IE7, Mozilla Firefox 2.0 onwards uses Google’s anti-phishing software, Chrome, Safari 3.2, Opera 9.1 uses live blacklist from Phishtank and GeoTrust as well as live whitelist from GeoTrust  Augmenting Password Log-ins – avoid being logged on for continuous periods even when not using the services, using virtual keyboards is safer when entering passwords 11
Anti - Phishing  Eliminating Phishing Emails – use specialized filters to eliminate phishing emails, keep your inboxes free from spams  Monitoring and takedown – contribute by reporting to both volunteer and industry groups such as PhishTank, report to cyber cells and help them takedown the guilty  Transaction verification and signing – steps are implemented to connect mobile phones with internet accounts. It informs the users when transactions are being made or any other security issues.  Legal Responses : there is pride in being an evidence against a crime, support legal cases against cyber crimes and help punish the guilty 12
Conclusion  Con artists have been there in the society for centuries but      with web & internet they get access to a larger group of people They live on our mistakes Final technical solution to phishing involves major changes in internet infrastructure. These changes are beyond any one institution However, there are steps that can be deployed It is all up to US Be cautious, be careful Stop Phishing 13
Thank you for your patience and attention . Comments and Questions. 14

Empfohlen

Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark World
Avishek Datta
 
Phishing scams in banking ppt
Phishing scams in banking pptPhishing scams in banking ppt
Phishing scams in banking ppt
Krishma Sandesra
 
Phishing
PhishingPhishing
Phishing
Deepak Kumar (D3)
 
Phishing
PhishingPhishing
Phishing
Alka Falwaria
 
My presentation
My presentationMy presentation
My presentation
Devashri Balinge
 
Phishing
PhishingPhishing
Phishing
defquon
 
Phishing demo
Phishing demoPhishing demo
Phishing demo
Jennifer Leone Thompson
 
A presentation on Phishing
A presentation on PhishingA presentation on Phishing
A presentation on Phishing
Creative Technology
 

Empfohlen

Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark World
Avishek Datta
 
Phishing scams in banking ppt
Phishing scams in banking pptPhishing scams in banking ppt
Phishing scams in banking ppt
Krishma Sandesra
 
Phishing
PhishingPhishing
Phishing
Deepak Kumar (D3)
 
Phishing
PhishingPhishing
Phishing
Alka Falwaria
 
My presentation
My presentationMy presentation
My presentation
Devashri Balinge
 
Phishing
PhishingPhishing
Phishing
defquon
 
Phishing demo
Phishing demoPhishing demo
Phishing demo
Jennifer Leone Thompson
 
A presentation on Phishing
A presentation on PhishingA presentation on Phishing
A presentation on Phishing
Creative Technology
 
Phishing exposed
Phishing exposedPhishing exposed
Phishing exposed
tamfin
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
Sachin Saini
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharks
Nalneesh Gaur
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
bensonoo
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniques
Sushil Kumar
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?
Quick Heal Technologies Ltd.
 
Phishing
PhishingPhishing
Phishing
Syeda Javeria
 
PHISHING PROJECT REPORT
PHISHING PROJECT REPORTPHISHING PROJECT REPORT
PHISHING PROJECT REPORT
vineetkathan
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
shindept123
 
Ict Phishing (Present)
Ict Phishing (Present)Ict Phishing (Present)
Ict Phishing (Present)
aleeya91
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing Attacks
Jagan Mohan
 
Phishing
PhishingPhishing
Phishing
Jayaseelan Vejayon
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
Sanjay Kumar
 
Phishing
PhishingPhishing
Phishing
Esraa Yaseen
 
Strategies to handle Phishing attacks
Strategies to handle Phishing attacksStrategies to handle Phishing attacks
Strategies to handle Phishing attacks
Sreejith.D. Menon
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing Attacks
SysCloud
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation
Nikolaos Georgitsopoulos
 
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Er. Rahul Jain
 
Phishing
PhishingPhishing
Phishing
Sagar Rai
 
Phishing and hacking
Phishing and hackingPhishing and hacking
Phishing and hacking
Md. Mehadi Hassan Bappy
 
What is SPAM?
What is SPAM?What is SPAM?
What is SPAM?
Yavuz Adabalı
 
Spamming and Spam Filtering
Spamming and Spam FilteringSpamming and Spam Filtering
Spamming and Spam Filtering
iNazneen
 

Weitere ähnliche Inhalte

Was ist angesagt?

Phishing exposed
Phishing exposedPhishing exposed
Phishing exposed
tamfin
 
PHISHING PROJECT REPORT
PHISHING PROJECT REPORTPHISHING PROJECT REPORT
PHISHING PROJECT REPORT
vineetkathan
 
Ict Phishing (Present)
Ict Phishing (Present)Ict Phishing (Present)
Ict Phishing (Present)
aleeya91
 

Was ist angesagt? (20)

Phishing exposed
Phishing exposedPhishing exposed
Phishing exposed
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharks
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniques
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?
 
Phishing
PhishingPhishing
Phishing
 
PHISHING PROJECT REPORT
PHISHING PROJECT REPORTPHISHING PROJECT REPORT
PHISHING PROJECT REPORT
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Ict Phishing (Present)
Ict Phishing (Present)Ict Phishing (Present)
Ict Phishing (Present)
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing Attacks
 
Phishing
PhishingPhishing
Phishing
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Phishing
PhishingPhishing
Phishing
 
Strategies to handle Phishing attacks
Strategies to handle Phishing attacksStrategies to handle Phishing attacks
Strategies to handle Phishing attacks
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing Attacks
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation
 
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
 
Phishing
PhishingPhishing
Phishing
 
Phishing and hacking
Phishing and hackingPhishing and hacking
Phishing and hacking
 

Andere mochten auch

E Mail & Spam Presentation
E Mail & Spam PresentationE Mail & Spam Presentation
E Mail & Spam Presentation
newsan2001
 
Facebook advertisement
Facebook advertisementFacebook advertisement
Facebook advertisement
Rishabh Dubey
 
Aulas virtuales educacion 2014
Aulas virtuales educacion 2014Aulas virtuales educacion 2014
Aulas virtuales educacion 2014
luis98martinez
 
Ten strategies for best in-class public sector procurement slides -slideshar...
Ten strategies for best in-class public sector procurement slides -slideshar...Ten strategies for best in-class public sector procurement slides -slideshar...
Ten strategies for best in-class public sector procurement slides -slideshar...
Tejari Pakistan
 

Andere mochten auch (17)

What is SPAM?
What is SPAM?What is SPAM?
What is SPAM?
 
Spamming and Spam Filtering
Spamming and Spam FilteringSpamming and Spam Filtering
Spamming and Spam Filtering
 
Spam Filtering
Spam FilteringSpam Filtering
Spam Filtering
 
Spam
SpamSpam
Spam
 
Introduction to phishing
Introduction to phishingIntroduction to phishing
Introduction to phishing
 
E Mail & Spam Presentation
E Mail & Spam PresentationE Mail & Spam Presentation
E Mail & Spam Presentation
 
運を引き寄せる
運を引き寄せる運を引き寄せる
運を引き寄せる
 
Week10 lec1
Week10 lec1Week10 lec1
Week10 lec1
 
Facebook advertisement
Facebook advertisementFacebook advertisement
Facebook advertisement
 
Sweater for women by geoffrey kachale banda
Sweater for women by geoffrey kachale bandaSweater for women by geoffrey kachale banda
Sweater for women by geoffrey kachale banda
 
Tourism achievements under the New Thracian Gold project in 2013
Tourism achievements under the New Thracian Gold project in 2013Tourism achievements under the New Thracian Gold project in 2013
Tourism achievements under the New Thracian Gold project in 2013
 
KENYA GREEN HUB
KENYA GREEN HUB KENYA GREEN HUB
KENYA GREEN HUB
 
Stregthen collaboration
Stregthen collaborationStregthen collaboration
Stregthen collaboration
 
Membina Keyakinan & Kesetiaan Pelanggan
Membina Keyakinan & Kesetiaan PelangganMembina Keyakinan & Kesetiaan Pelanggan
Membina Keyakinan & Kesetiaan Pelanggan
 
Aulas virtuales educacion 2014
Aulas virtuales educacion 2014Aulas virtuales educacion 2014
Aulas virtuales educacion 2014
 
Ten strategies for best in-class public sector procurement slides -slideshar...
Ten strategies for best in-class public sector procurement slides -slideshar...Ten strategies for best in-class public sector procurement slides -slideshar...
Ten strategies for best in-class public sector procurement slides -slideshar...
 
Освоение мира иной культуры
Освоение мира иной культурыОсвоение мира иной культуры
Освоение мира иной культуры
 

Ähnlich wie Phishing & spamming

Crimes in digital marketing..pptx
Crimes in digital marketing..pptxCrimes in digital marketing..pptx
Crimes in digital marketing..pptx
RajviNikeetaRathore
 
need help with a term paper 8 pages Write a term paper that discusse.pdf
need help with a term paper 8 pages Write a term paper that discusse.pdfneed help with a term paper 8 pages Write a term paper that discusse.pdf
need help with a term paper 8 pages Write a term paper that discusse.pdf
anjandavid
 
phishingppt-160209144204.pdf
phishingppt-160209144204.pdfphishingppt-160209144204.pdf
phishingppt-160209144204.pdf
vinayakjadhav94
 

Ähnlich wie Phishing & spamming (20)

Phishing.pdf
Phishing.pdfPhishing.pdf
Phishing.pdf
 
Edu 03 assingment
Edu 03 assingmentEdu 03 assingment
Edu 03 assingment
 
The Major Types of Cybercrime
The Major Types of CybercrimeThe Major Types of Cybercrime
The Major Types of Cybercrime
 
Phishing
PhishingPhishing
Phishing
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
Cyber Crime Types & Tips
Cyber Crime Types & TipsCyber Crime Types & Tips
Cyber Crime Types & Tips
 
Crimes in digital marketing..pptx
Crimes in digital marketing..pptxCrimes in digital marketing..pptx
Crimes in digital marketing..pptx
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & Forensics
 
need help with a term paper 8 pages Write a term paper that discusse.pdf
need help with a term paper 8 pages Write a term paper that discusse.pdfneed help with a term paper 8 pages Write a term paper that discusse.pdf
need help with a term paper 8 pages Write a term paper that discusse.pdf
 
Security Primer
Security PrimerSecurity Primer
Security Primer
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
phishingppt-160209144204.pdf
phishingppt-160209144204.pdfphishingppt-160209144204.pdf
phishingppt-160209144204.pdf
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
ccs12-18022310494mghmgmyy3 (1).pdf
ccs12-18022310494mghmgmyy3 (1).pdfccs12-18022310494mghmgmyy3 (1).pdf
ccs12-18022310494mghmgmyy3 (1).pdf
 
CyberCrime attacks on Small Businesses
CyberCrime attacks on Small BusinessesCyberCrime attacks on Small Businesses
CyberCrime attacks on Small Businesses
 
Cyber crime ethics and un ethics
Cyber crime ethics and un ethicsCyber crime ethics and un ethics
Cyber crime ethics and un ethics
 
Phishing
PhishingPhishing
Phishing
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and Security
 
web-security-1215757214755670-9.pdf
web-security-1215757214755670-9.pdfweb-security-1215757214755670-9.pdf
web-security-1215757214755670-9.pdf
 

Phishing & spamming

  • 1. PHISHING AND SPAMMING Submitted by : Kavis Pandey Department of Electronics, ETC 2 1004093 email: kavis.pandey@yahoo.co.in mob: 8984523393 1
  • 2. Phishing & Spamming  Phreaking + Fishing = Phishing -Phreaking = making phone calls for free in 70’s -Fishing = use bait to lure the target  Defn: act of obtaining username, passwords, credit card and other personal details by masquerading as a trustworthy entity in electronic comm.  Popular on social websites, auction sites, banks, online payment processors and most commonly in the inboxes of almost everyone’s email 2
  • 3. History & current status of phishing  First mentioned in the context of “AOHELL” – a     hacking tool for AOL users Recently, a popular case involved Chinese phishing campaign targeting US and South Korean’s gov military and political activities. In the past most popular phishing attack dates back to 1995 – phishers posed as AOL staffs and sent instant messages to victims to reveal their passwords Post 9/11 ID check scam Thousands of cases reported to customerfraudreporting.org in that period 3
  • 4. History & current status……..  Bank -56% , retailer - 14% , gov - 13% , spearphish 7% , payment processors - 5%, others - 5% …… targets of phishing attacks  Haiti earthquake scam  FIFA world cup 2010 scam  Tax rebate scams in UK  PiP scams 4
  • 5. Identifying a fraud  Name of the company mentioned as scam on        customerfraudreporting.org Email format matches one of the several mentioned on the above website The org. has no website and can’t be located on Google Email asks for personal info like account info, driver license no, passport no etc The email claims you’ve won a lottery in which you haven’t participated The prize promoters ask for a fee in advance The email addresses you as dear customer rather than using specific names and details To get the prize you might need to travel overseas at own cost 5
  • 6. Phishing Techniques  Email / Spam – emails sent to thousands asking for their personal       info Web based delivery – “Man in the middle”, hacker located b/w the website and user Instant messaging – user receives a msg with a link directing them to a fake website looking similar to a legitimate website Trojan hosts – invisible hackers trying to hack into the machine to extract personal info Link manipulation – phishers send a false link to a website. Key loggers – softwares used to identify inputs from keyboard Session hacking – “Session sniffing”, phishers exploit web session control mechanism to steal info 6
  • 7. Phishing Techniques  System reconfiguration – For eg, “Turn off your firewall to     run this software “ etc Content injection – phishers changes part of the content on a webpage luring the user to go to a page outside the legitimate website Phishing through search engines – users may be redirected to fake websites offering cheap products Phone phishing – phishers make calls to the user about exciting offers and products so as to reveal their details for buying the products Malware phishing – malware attached to spam emails and upon clicking these malwares may harm the system 7
  • 8. Why phishing works? 1. Lack of knowledge a) Lack of computer system knowledge b)Lack of knowledge of security indicators 2. Visual deception a) Visually deceptive text – “paypai” instead of “paypal”, using “1” instead of “l” , “o” instead of “0” etc , this is called typejacking. b)Images masking underlying text c)Images mimicking windows d)Windows masking underlying windows e)Deceptive look and feel 3. Bounded attention a)Lack on attention to security indicators b)Lack of attention to the absence of security indicators 8
  • 9. Anti - Phishing  Social responses – train people to recognize phishing attacks. People need to slightly modify their browsing habits in order to prevent being scammed.  Technical responses – use of anti phishing measures such as extensions or toolbars for browsers, anti phishing software  Helping to identify legitimate websites – complain about the fake websites. SFIO deals with internet frauds in India. There are also cyber cells where we can make complaints. 9
  • 10. Anti - Phishing  Secure connection – from 1990s to late 2000s Mozilla used padlocks as a symbol for secure connection, now certificates and “https” are also included.  Which site – check if the url of the website matches the site that you are looking for 10
  • 11. Anti Phishing  Who is the authority – The browser needs to state who the real authority is who is issuing the EV (Extended Validation) certificate for a website. The browser needs to have a root list of trusted CAs (Certification Authorities).  Fundamental flaws in security model of secure browsing – (a) users tend to overlook the security indicators (b) users have learned to bypass most of the warnings and treat through all the warnings with same disdain, resulting in a “click through disdain” (c) gaining security authentication are very costly for websites resulting in negligence (d) threat models tend to re-invent themselves as much faster pace  Browsers alerting users of fraudulent websites – IE7, Mozilla Firefox 2.0 onwards uses Google’s anti-phishing software, Chrome, Safari 3.2, Opera 9.1 uses live blacklist from Phishtank and GeoTrust as well as live whitelist from GeoTrust  Augmenting Password Log-ins – avoid being logged on for continuous periods even when not using the services, using virtual keyboards is safer when entering passwords 11
  • 12. Anti - Phishing  Eliminating Phishing Emails – use specialized filters to eliminate phishing emails, keep your inboxes free from spams  Monitoring and takedown – contribute by reporting to both volunteer and industry groups such as PhishTank, report to cyber cells and help them takedown the guilty  Transaction verification and signing – steps are implemented to connect mobile phones with internet accounts. It informs the users when transactions are being made or any other security issues.  Legal Responses : there is pride in being an evidence against a crime, support legal cases against cyber crimes and help punish the guilty 12
  • 13. Conclusion  Con artists have been there in the society for centuries but      with web & internet they get access to a larger group of people They live on our mistakes Final technical solution to phishing involves major changes in internet infrastructure. These changes are beyond any one institution However, there are steps that can be deployed It is all up to US Be cautious, be careful Stop Phishing 13
  • 14. Thank you for your patience and attention . Comments and Questions. 14