Phishing

Presented by:-

Shivli karmakar

MCA Vth sem

Guided by:-

Dr. V.K. Patle sir

Mrs. Savitri Bhagat mam

Introduction

History of phishing scam

What does a phishing scam look like

How to know an email msg is spam

Watch your steps

How to protect your self

How to turn the Internet Explorer Phishing Filter or the

SmartScreen Filter on or off

What happens once phishing is reported to authorities

conclusion

IntroductionPhishing is a type of deception

designed to steal your valuable personal

data, such as credit card numbers,

passwords, account data, or other

information.

Phisher might send millions of

fraudulent e-mail messages that appear

to come from Web sites you trust, like

your bank or credit card company, and

request that you provide personal

information.

Phreaking + Fishing = PhishingPhreaking = making phone calls for free back in 70’sFishing = Use bait to lure the target

Phishing in 1995Target: AOL usersPurpose: getting account passwords for free timeThreat level: lowTechniques: Similar names ( www.ao1.com for www.aol.com ), social engineering

Phishing in 2001Target: Ebayers and major banksPurpose: getting credit card numbers, accountsThreat level: mediumTechniques: Same in 1995

Phishing in 2007

Target: Paypal, banks, ebay

Purpose: bank accounts

Threat level: high

Techniques: browser, link

Phishing in 2012

Social networking sites are now a prime target of phishing, since the

personal details in such sites can be used in identity theft.

Social Media PhishingWe have all fallen for this

Want to play a game or use an application that is not created by Facebook ?

Provide this app your email

Basic Information

Allow it to post to your wall so others can see it and sign up!

Date Phished Victim Attack details

2011\11 Stores 110 millions customer & credit card records stolen

2013\03 RSA Security RSA staff phished RSA secureID security token being stolen

2014\09 Home Depot 2200 home depot stores posted for sale on hacking web sites

Phishing

Spear Phishing

Clone Phishing

Whaling

Phone Phishing

The damage caused by phishing ranges from denial of access to email

to substantial financial loss. It is estimated that between May 2004 and

May 2005, approximately 1.2 million computer users in theUnited

States suffered losses caused by phishing, totaling

approximately US$929 million. United States businesses lose an

estimated US$2 billion per year as their clients become victims. In

2007, phishing attacks escalated. 3.6 million adults lost US$3.2

billion in the 12 months ending in August 2007. Microsoft claims these

estimates are grossly exaggerated and puts the annual phishing loss in

the US at US$60 million.

What Does a Phishing Scam Look

Like?

•As scam artists become more sophisticated, so do

their phishing e-mail messages and pop-up windows.

• They often include official-looking logos from real

organizations and other identifying information taken

directly from legitimate Web sites.

Here are a few phrases to look for if you think an e-mail

message is a phishing scam "Verify your account.“

"If you don't respond within 48 hours, your account will be closed."

"Dear Valued Customer.“

"Click the link below to gain access to your account."For example, the URL "www.microsoft.com" could appear instead as:

www.micosoft.com

www.mircosoft.com

www.verify-microsoft.com

• Never respond to an email asking for personal information

•Always check the site to see if it is secure. Call the phone number if necessary

• Never click on the link on the email. Retype the address in a new window

• Keep your browser updated

• Keep antivirus definitions updated

• Use a firewall

How to turn the Internet Explorer Phishing Filter or the

SmartScreen Filter on or offInternet Explorer 8

To turn the SmartScreen Filter on or off, follow these steps:Start Window Internet

Explorer 8.

On the Safety menu, point to SmartScreen Filter, and then click one of the

following:

Turn On SmartScreen Filter

Turn Off SmartScreen Filter

Browser features – IE8

Domain highlighting

SmartScreen filtering – block access to malicious

sites and file downloads

16

For Firefox (version 2 and later):

Open Firefox.

Click on Tools, click on Options, and then click on Security.

Ensure that Warn me when sites try to install add-ons, Block reported attack

sites, and Block reported web forgeries are all checked.

Browser features - Firefox

Anti-phishing and anti-malware protection –

detects and blocks access to known malicious sites

and downloads

18

Browser features - Firefox

Instant Website ID – provides detailed identity information, if available, about the site:

Turn off phishing and malware detection

Click the Chrome menu on the browser toolbar.

Select Settings.

Click Show advanced settings and find the "Privacy"

section.

Uncheck the box next to "Enable phishing and malware

protection." Note: When you turn off these warnings

you also turn off other malware and uncommon

download warnings.

Client-based anti-phishing programsavast!

Avira Premium Security Suite

Firefox

Google Chrome

Google Safe Browsing (usable with Firefox)

Kaspersky Internet Security

McAfee SiteAdvisor

Microsoft Internet Explorer

Mozilla Thunderbird - e-mail client which warns users of e-mails which may be part of an e-mail scam.

Netcraft Toolbar

Netscape

Norton 360

Norton Internet Security

Opera

Phishtank SiteChecker

PineApp Mail-SeCure

Safari

Web Of Trust extension for browsers

Windows Mail, an e-mail client that comes with Windows Vista

Phishing Filter runs in the background while you browse the web and uses

three methods to help protect you from phishing scams.

First, it compares the addresses of websites you visit against a list of sites

reported to Microsoft as legitimate. This list is stored on your computer.

Second, it helps analyze the sites you visit to see if they have the

characteristics common to a phishing website.

Third, with your consent, Phishing Filter sends some website addresses to

Microsoft to be further checked against a frequently updated list of

reported phishing websites.

24

What happens once phishing is

reported to authorities…

Once the thieves have “fished out the pond" so to

speak, they move on. Normally, the link will

shows a "cannot be displayed" page.

Phishing has becoming a serious network security problem,

causing financial lose of billions of dollars to both consumers

and e-commerce companies. And perhaps more fundamentally,

phishing has made e-commerce distrusted and less attractive to

normal consumers.

The explosive growth of Internet commerce has given rise to a

new breed of online criminals who may attempt to steal your

passwords, your credit card numbers, and other personal

information by impersonating authority figures from your

bank or other institutions you frequent. The best defence

against this growing threat is to be aware of the problem and

to be alert when transacting business online.

http://www.uab.edu/it/email/spoofs.html

http://phishinginfo.org/

http://keepitsafe.auburn.edu/index3.html

http://www.sonicwall.com/phishing/index.html

http://www.marshal.com/trace/phishing_statistics.asp

Thank You

For Your