PHISHING

PHISHING

PRESENTED BY:ARQAM PASHA

AGENDA• What is Phishing?• Phishing Statistics• Phishing Techniques• Recent Examples• Damages Caused by Phishing• How to avoid being a Phishing Victim?

What is Phishing?

“Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication”. 

What is Phishing?• The purpose of a phishing message is to

acquire sensitive information about a user. For doing so the message needs to deceive the intended recipient.

• Typically carried out by email or IM.• Official-looking e-mail sent to potential

victims.• Pretends to be from their Service

Provider such as Retail Store, Bank, Club etc.

What is Phishing?• Link in an e-mail message directs the

user to a Web page• Asks for Financial Information• Page looks genuine• Easy to fake valid Web site• Any HTML page on the real Web can be

copied and thus modified.

Phishing Statistics

Global Phishing Survey 2010• In 2H2010, there were at least 67,677 phishing

attacks worldwide. This is greater than the 48,244 observed in 1H2010, but significantly less than the record 126,697 in 2H2009.

• Phishing remains concentrated in certain namespaces. Sixty percent of attacks occurred in just four TLDs: .COM, .CC, .NET, and .ORG. And 89 percent of malicious domain registrations were made in four TLDs: .COM, .TK, .NET, and .INFO.

Phishing Techniques

Phishing Techniques

Recent Examples

An example of a phishing e-mail, disguised as an official e-mail from a (fictional) bank. The sender is attempting to trick the recipient into revealing confidential information by "confirming" it at the phisher's website. Note the misspelling of the words received and discrepancy. Also note that although the URL of the bank's webpage appears to be legitimate, the hyperlink would actually be pointed at the phisher's webpage.

Ebay

This link takes you tohttp://signinebay.com/cgibin.tk/eBaydll.php

Citibank

Not the real address

People’s Bank

Not the proper link for peoples.com

Damages Caused by Phishing

• Threatens effective communication• Undermines goodwill and trust• Drives people away from usage of

Internet• Direct harm to customers from stolen

IDs, passwords

Damages Caused by Phishing

• Diminishes value of brand• Could affect shareholders• Possibility of liability for failure to

exercise due diligence in protecting trademark

How to avoid being a victim?1. Never respond to requests for personal

information via email. When in doubt, call the institution that claims to have sent you the email.– phishers typically include upsetting or exciting (but

false)statements in their emails to get people to react immediately (i.e., claiming they will shut off your account)

– phishers typically ask for confidential information such as usernames, passwords, credit card numbers, social security numbers, etc.

How to Avoid being a victim?

2. If you suspect the message might not be authentic, don't use the links within the email to get to a web page– call the company on the telephone or log onto

the website directly by typing their Web address in your browser.

3. Never fill out forms in email messages that ask for confidential information

How to avoid being a victim?

4. Always ensure that you're using a secure website when submitting credit card or other sensitive information via your web browser– check the beginning of the Web address in your

browsers address bar - it should be ‘https://’ rather than just ‘http://’

– look for the locked padlock icon on your browser (i.e. Internet Explorer/Mozilla)

How to avoid being a victim?

5. Regularly check your bank, credit and debit card statements to ensure that all transactions are legitimate and if anything is suspicious, contact your bank and all card issuers immediately

6. Ensure that your browser and OS software is up-to-date and that latest security patches are applied

Works CitedAPWG. "Global Phishing Survey: Trends and Domain Name Use in 2H 2010.“

"Avoid Getting 'Hooked' By Phishers." Welcome to Fraud.org, Online Home of NCL's Fraud Center.

Patil, DJ. "Building Data Science Teams - O'Reilly Radar." O'Reilly Radar - Insight, Analysis, and Research about Emerging Technologies.

"ScienceDirect - Computer Fraud & Security : Internet War: Picking on the Finance Sector – Survey: More Vulnerabilities & Phishing." ScienceDirect - Home.

Urmann, David. "Phishing Techniques." Ezine Articles.

Wikipedia. "Phishing." Wikipedia, the Free Encyclopedia.

Time’s Up!Thank you for listening!