3. INTRODUCTION
⢠A collection of techniques used to manipulate
people into performing actions or divulging
confidential information.
⢠Steal valuable data.
4. HISTORY
ďŹ Phreaking + Fishing = Phishing
- Phreaking = making phone calls for free back in 70âs
â Fishing = Use bait to lure the target
ďŹ Phishing in 1995
Purpose: getting account passwords for free time
Threat level: low
Techniques: Similar names ( www.ao1.com for www.aol.com )
ďŹ Phishing in 2001
Purpose: getting credit card numbers, accounts
Threat level: medium
Techniques: Same in 1995, key logger
ďŹ Phishing in 2007
Purpose: bank accounts
Threat level: high
Techniques: browser vulnerabilities, link obfuscation
8. Damaged Caused
⢠2,000,000 emails are sent
⢠5% get to the end user â 100,000 (APWG)
⢠5% click on the phishing link â 5,000 (APWG)
⢠2% enter data into the phishing site â100 (Gartner)
⢠$1,200 from each person who enters data (FTC)
⢠Potential reward: $120,000
In 2005 David Levi made over $360,000 from 160 people
using an eBay Phishing scam
9. Damaged Caused
⢠Over 28,000 unique phishing attacks reported in
Dec. 2006, about double the number from 2005
⢠Estimates suggest phishing affected 2 million US
citizens and cost businesses billions of dollars in
2005
⢠Additional losses due to consumer fears
11. PRECAUTION
⢠Never respond to an email asking for personal
information
⢠Always check the site to see if it is secure. Call
the phone number if necessary
⢠Never click on the link on the email. Retype
the address in a new window
⢠Keep your browser updated
⢠Keep antivirus definitions updated
⢠Use a firewall
13. CONCLUSION
⢠No single technology will completely stop
phishing. However, a combination of good
organization and practice, proper application
of current technologies, and improvements in
security technology has the potential to
drastically reduce the prevalence of phishing
and the losses suffered from it
14. REFERENCES
[1] http://wikipedia.org/ downloaded on 27/12/2013
at 9:00 pm.
[2] http://webopedia.com/ downloaded on
27/12/2013 at 9:00 pm.
[3] http://computerworld.com/ downloaded on
28/12/2013 at 8:00 pm.
[4] http://www.anti-phishing.info/ downloaded on
30/12/2013 at 8:00 pm.
[5] http://lorrie.cranor.org/ downloaded on
30/12/2013 at 8:30 pm.