SlideShare ist ein Scribd-Unternehmen logo
1 von 27
Downloaden Sie, um offline zu lesen
Phishing
  Technology

Presented by
Preeti Papneja
B.Tech (cs) 3rd yr
1.Introduction
2.What is Phishing
3.What might be the Phisher ask for
4.How does it Work
5.The simplified flow of information in a phishing attack
6. What should I be aware of when receiving a suspicious email?
7.What do I do if I get a phishing message?
8.What do I do if I am unsure about a fraudulent email message?
9.Why phishing is still popular
10.How to protect yourself from phishing
11. References
Phishing:
Pronounced "fishing“
The word has its Origin from two words “Password
Harvesting” or fishing for Passwords
Phishing is an online form of pretexting, a kind of
deception in which an attacker pretends to be someone
else in order to obtain sensitive information from the
victim
Also known as "brand spoofing“
Phishers are phishing artists.
The purpose of a phishing message is to acquire
sensitive information about a user.
What is phishing
Phishing refers to a person
or a group of cyber-
criminals who create an
imitation or copy of an
existing legitimate web page
to trick users into providing
sensitive personal
information. Responding to
“phishing” emails put your
accounts at risk.
What might the phisher ask
       for?
Your password
Account number, card number, Pin, access code
Personality identifiable information like your date of birth,
Social Security number or address
Confidential information like student records, financial records
or technical information
Phishers typically present a plausible scenario and often take
advantage of the recipient’s fear, greed. They also often present a
sense of urgency. Example include message that:
Tell you that your account was misused by you and will be
disabled
Tell you your account was compromised and will be disabled
How does phishing Phishing attacks are most commonly
work              transmitted via email, but they are
                  also transmitted via:
                        Instant Messaging
                        Social media website such as fb,
                       MySpace and Twitter
                       The communicational may:
                        Ask you to reply with specific
                       information
                        Ask you to visit a web page, then ask
                       you to share specific information
                        Ask you to call a phone number,
                       which will ask you to share specific
                       information
The Imbedded Web Address
 The next way phishing works is by redirecting the victim
to a seemingly legitimate website from an email. The email
may look like
it has been sent from a bank,              the Internal
Revenue Service or an online               financial service
such as PayPal, escrow or an               online financial
rewards system. The website that the victim is redirected
to appears in every way to be real. Upon entering
usernames, passwords or any other vital information, it is
not unlikely that the website appears to crash. This is
because the phisher has what he needs and doesn’t want
the victim to find out about the phony website.
The simplified flow of information in a phishing
attack is:
1. A deceptive message is sent from the phisher to the user.
2. A user provides confidential information to a phishing
server (normally after some interaction with the server).
3. The phisher obtain the confidential information from the
server.
4. The confidential information is used to impersonate the
user.
5. The phisher obtain illicit monetary gain.
The discussion of technology countermeasures will center
on ways to disrupt steps 1,2 and 4, as well as related
technologies outside the information flow proper.
Phishing technology
Phishing technology
Phishing technology
Look for the following clues:
misspelled words, unprofessional tone, bad
grammar, or other problems with the content.
Other things to look for:
they are asking you to verify your confidential
information, will hold you liable if you don't
respond, telling you that the account will be closed if
you don't respond, etc. All these are signs of a phishing
message.
Original website   Phishing website
Report and forward the original email to the Information Security
Office at security@utep.edu.Do not reply to the sender of the
email.
What do I do if I am unsure about a fraudulent email
message?
Following these steps to minimize your chances of becoming a
victim of fraud:
1.Do not click on any links listed within the email message.
2.Do not open any attachments included in the email.
3.Forward the email message to The Information Security Office.
4.Review your credit card and bank statements, and your bills, for
unauthorized charges or withdrawals.
5.Never enter personal information using a pop-up
screen. Legitimate companies will provide secure web forms for
you to fill out.
Phishing had been widely used at least half a decade ago but it still remains as one
of the popular methods to scam internet users .Many of us might still be wondering
why there are so many victims out there even though we had been taught from time
to stay aware of a phishing scam. There are five reasons here why phishing is still a
popular trick and below are the reasons.
#1- it tricks the victim with fear:
one of the most common method is to trick the victim by sending
them an email and tell them that their internet banking account is
being compromised and need to click on a link to resolve the issue.
Once the user followed the link, the user will be redirected to some
forged website that looks similar to the banking website which
requires the user to input his/her username and password. Once that
form is sent, all the data will be transmitted to the attacker controlled
server.
#2-it tricks the victim with special interest:
 Some scammers use the scenario such as winning lottery or viewing
adult material to create a temptation for the victim to click on a link
that redirects to the phishing site.
#3-it is not a rocket science technology:
Phishing attacks involves creating a forged website and it might be
difficult to certain people. However if it is compare to hacking a
banking server, creating website is not that complicated. Therefore
many novice or intermediate scammer will choose to use the
phishing method over any other method in their hacking project.
#4-it can be launched via many types of communication channel:
phishing can happen not only by simply building a forged website
and anticipate for the victim to come to you. It can also involve
sending emails to lure them to the forged website.
Besides that, a phishing scam uses as well the manipulation of a
URL and post it as a comment or forum to trick them to the
forged website. Apart from using the computer knowledge to lure the
victim, phishing can also be done via phone calls. The conclusion is
this type of scam can be done via multiple channels and multiple
techniques.
#5-Compromising one account is not the end.
After stealing one’s credentials is not the end, but it can be the
beginning. Why is it so? Internet users nowadays have many
online accounts for instance Facebook , Twitter, and LinkedIn.
In common, most users will use the same username and
password for each of the account so that remembering them is
not an issue. Hence this can lead to the users’ credentials that
had been stolen can be used as well for other accounts by the
scammers.
How to Protect Yourself from Phishing
The following 10 steps will help protect yourself. Whilst
we have researched and made recommendations of
software that will assist you, Fraud Watch International
makes no warranties or guarantees about the products.
1. Never Click on Hyperlinks within emails
Why?
Hyperlinks within emails are often cloaked, or hidden.
The text you see as a hyperlink may not be where the
hyperlink takes you.
Recommendation:
If you are unsure of the source of the email, you should
not click on hyperlinks within emails that are apparently
from a legitimate company for personally sensitive
information Instead, directly type in the URL in the Internet
browser address bar, or call the company on a contact number
previously verified or known to be genuine.
2. Use Anti-SPAM Filter Software
Why?
Some studies have shown around 85% of all email sent is SPAM,
with a majority fraudulent. This can be costly and time
consuming to end users who receive them. Effective SPAM
filters can reduce the number of fraudulent emails consumers
are exposed to.
3. Use Anti-Virus Software
Why?
To protect against Trojan and worm attacks, anti-virus software
can detect and delete virus files before they can attack a
computer.
It is important to keep all anti-virus software up to date
with vendor updates. These virus programs can search
your computer and pass this information to fraudsters.
4. Use a Personal Firewall
Why?
Firewall's can monitor both incoming and outgoing
Internet traffic from a computer. This can protect the
computer from being hacked into, and a virus being
planted, and can also block unauthorized programs from
accessing the Internet, such as Trojans, worms and
spyware.
5. Keep Software Updated (Operating Systems & Browsers)
Why?
Fraudsters and malicious computer hackers are continually finding
vulnerabilities in software operating systems and Internet Browsers.
Software vendors are constantly updating their software to fix these
vulnerabilities and protect consumers.
Recommendation:
Always ensure operating and browser software is kept up to date using
legitimate upgrades and patches issued by the software vendor. Visit
your operating system vendors website for update information, and
subscribe to any automatic updating service.
6. Always look for "https" and a padlock on a site that requests
personal information
Why?
Information entered on an Internet Web Site can be intercepted
by a third party. Web Sites that are secure protect against this
activity
Recommendation:
When submitting sensitive financial and personal information on the
Internet, look for the locked padlock on the Internet browser's status bar
or the “https://” at the start of the URL in the address bar. Although there
is no guarantee of the site's legitimacy or security if they are present, the
absence of these indicates that the web site is definitely not secure.
7. Keep your Computer clean from Spyware
Why?
Spyware & Adware are files that can be installed on your computer,
even if you don't want them, without you knowing they are there!
They allow companies to monitor your Internet browsing patterns,
see what you purchase and even allow companies to inundate you
with those annoying "pop up" ads!
If you've downloaded some music, files or documents and suddenly
started getting annoying ads popping up on your screen, you could
definitely be infected with Spy Ware and/or Ad Ware!
8. Educate Yourself on Fraudulent Activity on the Internet
Why?
Internet Fraud methods are evolving at a rapid rate.
Consumers need to be aware they are vulnerable as
fraudsters are persuasive and convincing; many victims
thought they were too smart to be scammed.
Consumers should educate themselves on Internet
Fraud, the trends and continual changes in fraudulent
methods used. Fraud Watch International offers
consumer education as a free service to the Internet
community.
9. Check Your Credit Report Immediately, for Free!
Why?
If you have responded to a fraudulent email, you
may be at risk of identity theft. A virus could have been
implanted within the email, which may find and pass on
sensitive personal information about you to fraudsters, or
if you have provided fraudsters with any personal
information, you may be at risk of Identity Theft. You
should check your credit report, and subscribe to a credit
report monitoring service, to be alerted if your personal
information is used fraudulently.
10. Seek Advice - If you are unsure - ask us!
Why?
If unsure as to the legitimacy of an email, consumers should seek
advice from the legitimate corporation using verified contact
details. For other potentially fraudulent emails, consumers can
seek advice from Fraud Watch International by forwarding the
email with their questions to us. This is a free service to assist in
the prevention of Internet Fraud.
Recommendation:
You can seek advice from Fraud Watch International by
forwarding the email with your questions to
scams@fraudwatchinternational.com .
www.identity-theft-scenarios.com/how-does-phishing-
work.html
www.microsoft.com/security/online-privacy/phishing-
symptoms.aspx
www.kbase.gfi.com/showarticle.asp?id=kbid002585
www.antiphishing.org
www.phishing1122.blogspot.com
www.planb-security.net
www.londonancestor.com
Thank You

Weitere ähnliche Inhalte

Was ist angesagt?

Phishing Attack : A big Threat
Phishing Attack : A big ThreatPhishing Attack : A big Threat
Phishing Attack : A big Threatsourav newatia
 
EDU03- MCQpdf.pdf
EDU03- MCQpdf.pdfEDU03- MCQpdf.pdf
EDU03- MCQpdf.pdfAswani34
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gbensonoo
 
Edu 03 assingment
Edu 03 assingmentEdu 03 assingment
Edu 03 assingmentAswani34
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanControlScan, Inc.
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks pptAryan Ragu
 
A Review on Antiphishing Framework
A Review on Antiphishing FrameworkA Review on Antiphishing Framework
A Review on Antiphishing FrameworkIJAEMSJORNAL
 
10 tips to prevent phishing attacks
10 tips to prevent phishing attacks10 tips to prevent phishing attacks
10 tips to prevent phishing attacksNamik Heydarov
 
The Difference between Pharming and Phishing
The Difference between Pharming and PhishingThe Difference between Pharming and Phishing
The Difference between Pharming and PhishingMason Bird
 
S01.L06 - Internet Security
S01.L06 - Internet SecurityS01.L06 - Internet Security
S01.L06 - Internet Securityselcukca84
 
phishing and pharming - evil twins
phishing and pharming - evil twinsphishing and pharming - evil twins
phishing and pharming - evil twinsNilantha Piyasiri
 
Spam & Phishing
Spam & PhishingSpam & Phishing
Spam & PhishingGrittyCC
 
Five habits that might be a cyber security risk
Five habits that might be a cyber security riskFive habits that might be a cyber security risk
Five habits that might be a cyber security riskK. A. M Lutfullah
 
Cyber Security (Hacking)
Cyber Security (Hacking)Cyber Security (Hacking)
Cyber Security (Hacking)Dhrumit Patel
 
A guide to email spoofing
A guide to email spoofingA guide to email spoofing
A guide to email spoofingMattChapman50
 
negative implications of IT
negative implications of ITnegative implications of IT
negative implications of ITMahdiRahmani15
 
Internet Fraud #scichallenge2017
Internet Fraud #scichallenge2017Internet Fraud #scichallenge2017
Internet Fraud #scichallenge2017Alexandru Turcu
 
CDSE Cybsecurity Awareness Posters
CDSE Cybsecurity Awareness PostersCDSE Cybsecurity Awareness Posters
CDSE Cybsecurity Awareness PostersNetLockSmith
 

Was ist angesagt? (20)

Phishing Attack : A big Threat
Phishing Attack : A big ThreatPhishing Attack : A big Threat
Phishing Attack : A big Threat
 
EDU03- MCQpdf.pdf
EDU03- MCQpdf.pdfEDU03- MCQpdf.pdf
EDU03- MCQpdf.pdf
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
 
Edu 03 assingment
Edu 03 assingmentEdu 03 assingment
Edu 03 assingment
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
 
Phishing & Pharming
Phishing & PharmingPhishing & Pharming
Phishing & Pharming
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks ppt
 
A Review on Antiphishing Framework
A Review on Antiphishing FrameworkA Review on Antiphishing Framework
A Review on Antiphishing Framework
 
10 tips to prevent phishing attacks
10 tips to prevent phishing attacks10 tips to prevent phishing attacks
10 tips to prevent phishing attacks
 
The Difference between Pharming and Phishing
The Difference between Pharming and PhishingThe Difference between Pharming and Phishing
The Difference between Pharming and Phishing
 
S01.L06 - Internet Security
S01.L06 - Internet SecurityS01.L06 - Internet Security
S01.L06 - Internet Security
 
phishing and pharming - evil twins
phishing and pharming - evil twinsphishing and pharming - evil twins
phishing and pharming - evil twins
 
Spam & Phishing
Spam & PhishingSpam & Phishing
Spam & Phishing
 
Five habits that might be a cyber security risk
Five habits that might be a cyber security riskFive habits that might be a cyber security risk
Five habits that might be a cyber security risk
 
Cyber Security (Hacking)
Cyber Security (Hacking)Cyber Security (Hacking)
Cyber Security (Hacking)
 
A guide to email spoofing
A guide to email spoofingA guide to email spoofing
A guide to email spoofing
 
negative implications of IT
negative implications of ITnegative implications of IT
negative implications of IT
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Internet Fraud #scichallenge2017
Internet Fraud #scichallenge2017Internet Fraud #scichallenge2017
Internet Fraud #scichallenge2017
 
CDSE Cybsecurity Awareness Posters
CDSE Cybsecurity Awareness PostersCDSE Cybsecurity Awareness Posters
CDSE Cybsecurity Awareness Posters
 

Ähnlich wie Phishing technology

IS Presetation.pptx
IS Presetation.pptxIS Presetation.pptx
IS Presetation.pptxTanvir Amin
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...Okan YILDIZ
 
December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10seadeloitte
 
OWASP_Presentation_FINAl. Cybercrime and cyber security awareness
OWASP_Presentation_FINAl. Cybercrime and cyber security awarenessOWASP_Presentation_FINAl. Cybercrime and cyber security awareness
OWASP_Presentation_FINAl. Cybercrime and cyber security awarenessMaherHamza9
 
Phishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdfPhishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdfEvs, Lahore
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Securityanjuselina
 
IDENTIFYING CYBER THREATS NEAR YOU
IDENTIFYING CYBER THREATS NEAR YOUIDENTIFYING CYBER THREATS NEAR YOU
IDENTIFYING CYBER THREATS NEAR YOUBilly Warero
 
ICT-phishing
ICT-phishingICT-phishing
ICT-phishingMH BS
 
phishing-awareness-powerpoint [Autosaved].pptx
phishing-awareness-powerpoint [Autosaved].pptxphishing-awareness-powerpoint [Autosaved].pptx
phishing-awareness-powerpoint [Autosaved].pptxErrorError22
 
Phish Phry- Analysis paper
Phish Phry- Analysis paper Phish Phry- Analysis paper
Phish Phry- Analysis paper Joydeep Banerjee
 

Ähnlich wie Phishing technology (20)

IS Presetation.pptx
IS Presetation.pptxIS Presetation.pptx
IS Presetation.pptx
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
 
online scams.pdf
online scams.pdfonline scams.pdf
online scams.pdf
 
Phishing
PhishingPhishing
Phishing
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...
 
December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10
 
Phishing mails: Bonnes pratiques
Phishing mails: Bonnes pratiques Phishing mails: Bonnes pratiques
Phishing mails: Bonnes pratiques
 
OWASP_Presentation_FINAl. Cybercrime and cyber security awareness
OWASP_Presentation_FINAl. Cybercrime and cyber security awarenessOWASP_Presentation_FINAl. Cybercrime and cyber security awareness
OWASP_Presentation_FINAl. Cybercrime and cyber security awareness
 
Phishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdfPhishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdf
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Security
 
Security Awareness Training.pptx
Security Awareness Training.pptxSecurity Awareness Training.pptx
Security Awareness Training.pptx
 
IDENTIFYING CYBER THREATS NEAR YOU
IDENTIFYING CYBER THREATS NEAR YOUIDENTIFYING CYBER THREATS NEAR YOU
IDENTIFYING CYBER THREATS NEAR YOU
 
Computer 4 ict
Computer 4 ictComputer 4 ict
Computer 4 ict
 
Phishing 1 vp
Phishing 1 vpPhishing 1 vp
Phishing 1 vp
 
Tittl e
Tittl eTittl e
Tittl e
 
ICT-phishing
ICT-phishingICT-phishing
ICT-phishing
 
phishing-awareness-powerpoint [Autosaved].pptx
phishing-awareness-powerpoint [Autosaved].pptxphishing-awareness-powerpoint [Autosaved].pptx
phishing-awareness-powerpoint [Autosaved].pptx
 
Pp8
Pp8Pp8
Pp8
 
Phish Phry- Analysis paper
Phish Phry- Analysis paper Phish Phry- Analysis paper
Phish Phry- Analysis paper
 

Phishing technology

  • 1. Phishing Technology Presented by Preeti Papneja B.Tech (cs) 3rd yr
  • 2. 1.Introduction 2.What is Phishing 3.What might be the Phisher ask for 4.How does it Work 5.The simplified flow of information in a phishing attack 6. What should I be aware of when receiving a suspicious email? 7.What do I do if I get a phishing message? 8.What do I do if I am unsure about a fraudulent email message? 9.Why phishing is still popular 10.How to protect yourself from phishing 11. References
  • 3. Phishing: Pronounced "fishing“ The word has its Origin from two words “Password Harvesting” or fishing for Passwords Phishing is an online form of pretexting, a kind of deception in which an attacker pretends to be someone else in order to obtain sensitive information from the victim Also known as "brand spoofing“ Phishers are phishing artists. The purpose of a phishing message is to acquire sensitive information about a user.
  • 4. What is phishing Phishing refers to a person or a group of cyber- criminals who create an imitation or copy of an existing legitimate web page to trick users into providing sensitive personal information. Responding to “phishing” emails put your accounts at risk.
  • 5. What might the phisher ask for? Your password Account number, card number, Pin, access code Personality identifiable information like your date of birth, Social Security number or address Confidential information like student records, financial records or technical information Phishers typically present a plausible scenario and often take advantage of the recipient’s fear, greed. They also often present a sense of urgency. Example include message that: Tell you that your account was misused by you and will be disabled Tell you your account was compromised and will be disabled
  • 6. How does phishing Phishing attacks are most commonly work transmitted via email, but they are also transmitted via:  Instant Messaging  Social media website such as fb, MySpace and Twitter The communicational may:  Ask you to reply with specific information  Ask you to visit a web page, then ask you to share specific information  Ask you to call a phone number, which will ask you to share specific information
  • 7. The Imbedded Web Address The next way phishing works is by redirecting the victim to a seemingly legitimate website from an email. The email may look like it has been sent from a bank, the Internal Revenue Service or an online financial service such as PayPal, escrow or an online financial rewards system. The website that the victim is redirected to appears in every way to be real. Upon entering usernames, passwords or any other vital information, it is not unlikely that the website appears to crash. This is because the phisher has what he needs and doesn’t want the victim to find out about the phony website.
  • 8. The simplified flow of information in a phishing attack is: 1. A deceptive message is sent from the phisher to the user. 2. A user provides confidential information to a phishing server (normally after some interaction with the server). 3. The phisher obtain the confidential information from the server. 4. The confidential information is used to impersonate the user. 5. The phisher obtain illicit monetary gain. The discussion of technology countermeasures will center on ways to disrupt steps 1,2 and 4, as well as related technologies outside the information flow proper.
  • 12. Look for the following clues: misspelled words, unprofessional tone, bad grammar, or other problems with the content. Other things to look for: they are asking you to verify your confidential information, will hold you liable if you don't respond, telling you that the account will be closed if you don't respond, etc. All these are signs of a phishing message.
  • 13. Original website Phishing website
  • 14. Report and forward the original email to the Information Security Office at security@utep.edu.Do not reply to the sender of the email. What do I do if I am unsure about a fraudulent email message? Following these steps to minimize your chances of becoming a victim of fraud: 1.Do not click on any links listed within the email message. 2.Do not open any attachments included in the email. 3.Forward the email message to The Information Security Office. 4.Review your credit card and bank statements, and your bills, for unauthorized charges or withdrawals. 5.Never enter personal information using a pop-up screen. Legitimate companies will provide secure web forms for you to fill out.
  • 15. Phishing had been widely used at least half a decade ago but it still remains as one of the popular methods to scam internet users .Many of us might still be wondering why there are so many victims out there even though we had been taught from time to stay aware of a phishing scam. There are five reasons here why phishing is still a popular trick and below are the reasons. #1- it tricks the victim with fear: one of the most common method is to trick the victim by sending them an email and tell them that their internet banking account is being compromised and need to click on a link to resolve the issue. Once the user followed the link, the user will be redirected to some forged website that looks similar to the banking website which requires the user to input his/her username and password. Once that form is sent, all the data will be transmitted to the attacker controlled server.
  • 16. #2-it tricks the victim with special interest: Some scammers use the scenario such as winning lottery or viewing adult material to create a temptation for the victim to click on a link that redirects to the phishing site. #3-it is not a rocket science technology: Phishing attacks involves creating a forged website and it might be difficult to certain people. However if it is compare to hacking a banking server, creating website is not that complicated. Therefore many novice or intermediate scammer will choose to use the phishing method over any other method in their hacking project. #4-it can be launched via many types of communication channel: phishing can happen not only by simply building a forged website and anticipate for the victim to come to you. It can also involve sending emails to lure them to the forged website.
  • 17. Besides that, a phishing scam uses as well the manipulation of a URL and post it as a comment or forum to trick them to the forged website. Apart from using the computer knowledge to lure the victim, phishing can also be done via phone calls. The conclusion is this type of scam can be done via multiple channels and multiple techniques. #5-Compromising one account is not the end. After stealing one’s credentials is not the end, but it can be the beginning. Why is it so? Internet users nowadays have many online accounts for instance Facebook , Twitter, and LinkedIn. In common, most users will use the same username and password for each of the account so that remembering them is not an issue. Hence this can lead to the users’ credentials that had been stolen can be used as well for other accounts by the scammers.
  • 18. How to Protect Yourself from Phishing The following 10 steps will help protect yourself. Whilst we have researched and made recommendations of software that will assist you, Fraud Watch International makes no warranties or guarantees about the products. 1. Never Click on Hyperlinks within emails Why? Hyperlinks within emails are often cloaked, or hidden. The text you see as a hyperlink may not be where the hyperlink takes you. Recommendation: If you are unsure of the source of the email, you should not click on hyperlinks within emails that are apparently from a legitimate company for personally sensitive
  • 19. information Instead, directly type in the URL in the Internet browser address bar, or call the company on a contact number previously verified or known to be genuine. 2. Use Anti-SPAM Filter Software Why? Some studies have shown around 85% of all email sent is SPAM, with a majority fraudulent. This can be costly and time consuming to end users who receive them. Effective SPAM filters can reduce the number of fraudulent emails consumers are exposed to. 3. Use Anti-Virus Software Why? To protect against Trojan and worm attacks, anti-virus software can detect and delete virus files before they can attack a computer.
  • 20. It is important to keep all anti-virus software up to date with vendor updates. These virus programs can search your computer and pass this information to fraudsters. 4. Use a Personal Firewall Why? Firewall's can monitor both incoming and outgoing Internet traffic from a computer. This can protect the computer from being hacked into, and a virus being planted, and can also block unauthorized programs from accessing the Internet, such as Trojans, worms and spyware.
  • 21. 5. Keep Software Updated (Operating Systems & Browsers) Why? Fraudsters and malicious computer hackers are continually finding vulnerabilities in software operating systems and Internet Browsers. Software vendors are constantly updating their software to fix these vulnerabilities and protect consumers. Recommendation: Always ensure operating and browser software is kept up to date using legitimate upgrades and patches issued by the software vendor. Visit your operating system vendors website for update information, and subscribe to any automatic updating service. 6. Always look for "https" and a padlock on a site that requests personal information Why? Information entered on an Internet Web Site can be intercepted by a third party. Web Sites that are secure protect against this activity
  • 22. Recommendation: When submitting sensitive financial and personal information on the Internet, look for the locked padlock on the Internet browser's status bar or the “https://” at the start of the URL in the address bar. Although there is no guarantee of the site's legitimacy or security if they are present, the absence of these indicates that the web site is definitely not secure. 7. Keep your Computer clean from Spyware Why? Spyware & Adware are files that can be installed on your computer, even if you don't want them, without you knowing they are there! They allow companies to monitor your Internet browsing patterns, see what you purchase and even allow companies to inundate you with those annoying "pop up" ads! If you've downloaded some music, files or documents and suddenly started getting annoying ads popping up on your screen, you could definitely be infected with Spy Ware and/or Ad Ware!
  • 23. 8. Educate Yourself on Fraudulent Activity on the Internet Why? Internet Fraud methods are evolving at a rapid rate. Consumers need to be aware they are vulnerable as fraudsters are persuasive and convincing; many victims thought they were too smart to be scammed. Consumers should educate themselves on Internet Fraud, the trends and continual changes in fraudulent methods used. Fraud Watch International offers consumer education as a free service to the Internet community.
  • 24. 9. Check Your Credit Report Immediately, for Free! Why? If you have responded to a fraudulent email, you may be at risk of identity theft. A virus could have been implanted within the email, which may find and pass on sensitive personal information about you to fraudsters, or if you have provided fraudsters with any personal information, you may be at risk of Identity Theft. You should check your credit report, and subscribe to a credit report monitoring service, to be alerted if your personal information is used fraudulently.
  • 25. 10. Seek Advice - If you are unsure - ask us! Why? If unsure as to the legitimacy of an email, consumers should seek advice from the legitimate corporation using verified contact details. For other potentially fraudulent emails, consumers can seek advice from Fraud Watch International by forwarding the email with their questions to us. This is a free service to assist in the prevention of Internet Fraud. Recommendation: You can seek advice from Fraud Watch International by forwarding the email with your questions to scams@fraudwatchinternational.com .