PHISHING

An e-age nuisance
Presented By: Isabela Behera

Friday, September 21, 2012

What is Phishing? Types of Phishing Most common Phishing: Internet Phishing or simply Phishing Who is behind the Phishes & Why? Consumer Advice/ Tips Telephone Phishing Puddle Phishing Spear Phishing Vishing Conclusion References

Friday, September 21, 2012

Way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication

Con artists might send millions of fraudulent email messages that appear to come from Websites you trust

Friday, September 21, 2012

Phreaking + Fishing = Phishing Phreaking = making phone calls for free, back in 70s Fishing = Use bait to lure the target Phishing in 1995 Target: AOL users Purpose: getting account passwords for free time Threat level: low

Phishing in 2001 Target: Ebayers and major banks Purpose: getting credit card numbers, accounts Threat level: medium
Friday, September 21, 2012

20,00,000 emails are sent 5% get to the end user 1,00,000 5% click on the phishing link 5,000 2% enter data into the phishing site 100 $1,200 from each person who enters data Potential reward: $1,20,000

Friday, September 21, 2012

 Internet

Phishing or Phishing Telephone Phishing or Phone Phishing Puddle Phishing Spear Phishing Vishing

Friday, September 21, 2012

Act of sending an e-mail to an user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. Email directs the user to visit a Website where they are asked to update personal information. The Web site is bogus and set up only to steal users information.

Friday, September 21, 2012

Phishing e-mails will contain some of these common elements: From Field appears to be from the legitimate company mentioned in the e-mail. The e-mail will usually contain logos or images that have been taken from the Website of the company . The email will contain a clickable link with text suggesting you use the inserted link to validate your information.

Friday, September 21, 2012

Friday, September 21, 2012

People behind phishing e-mails are scam artists Anyone with an email address is at risk of being phished Any email address that has been made public on the Internet (posting in forums, newsgroups or on a Website) is more susceptible

Friday, September 21, 2012

10

Never respond to an email asking for personal information Before submitting financial information through a Website, look for the lock icon on the browsers status bar Never click on the link on the email. Retype the address in a new window Keep your browser updated Keep antivirus definitions updated Use a firewall

Friday, September 21, 2012

11

Using a phone call to obtain a persons personal, financial, or password data Unlike Internet phishing, the victim is not involved and is completely unaware Instead of directing you to a spoofed Web site, an email will prompt you to call a customer support number

Friday, September 21, 2012

12

 Call

the person, pretending to be an employee of a company Get the person to call a phone number controlled by the phisher Call a company, pretending to be the person Eavesdrop on the persons cell phone calls

Friday, September 21, 2012

13

 Phishing

that is targeted at a small company Being employed against community banks, which are the puddle Websense Security Labs coined the term puddle phishing to describe the phenomenon of targeting customers of small financial institutions

Friday, September 21, 2012

14

Socially aware attacks Mine social relationships from public data Phishing email appears to arrive from someone known to the victim Uses spoofed identity of trusted organization to gain trust Urges victims to update or validate their account Threatens to terminate the account if the victims do not reply Uses gift or bonus as a bait Security promises Context-aware attacks Your bid on eBay has won! 15
Friday, September 21, 2012

Phishing by sending an email that includes a scammercontrolled phone number, or by spoofing an automated phone call from a financial institution using the voiceover-IP system blend of voice and phishing ever got an email prompting you to change your banking password? This particular fraud is called vishing and is on the increase

Friday, September 21, 2012

16

Friday, September 21, 2012

17

Be more careful & watchful Keeping the system updated in terms of Firewall & Antivirus Confirm every connection your firewall allows Phishing Filter (http://www.microsoft.com/athome/security/online/phis hing_filter.mspx) helps protect you from Web fraud and the risks of personal data theft by warning or blocking you from reported phishing Websites Join http://www.antiphishing.org/

Friday, September 21, 2012

18

Bellowing, Steven. Spamming, Phishing, Authentication and Privacy. Inside Risks, December 2004 Mulrean, Jennifer. Phishing scams: How to avoid Getting hooked. Dollar Wise www.webopedia.com www.antiphishing.org www.wikepedia.com

Friday, September 21, 2012

19

Friday, September 21, 2012

20