Académique Documents
Professionnel Documents
Culture Documents
An e-age nuisance
Presented By: Isabela Behera
What is Phishing? Types of Phishing Most common Phishing: Internet Phishing or simply Phishing Who is behind the Phishes & Why? Consumer Advice/ Tips Telephone Phishing Puddle Phishing Spear Phishing Vishing Conclusion References
Way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication
Con artists might send millions of fraudulent email messages that appear to come from Websites you trust
Phreaking + Fishing = Phishing Phreaking = making phone calls for free, back in 70s Fishing = Use bait to lure the target Phishing in 1995 Target: AOL users Purpose: getting account passwords for free time Threat level: low
Phishing in 2001 Target: Ebayers and major banks Purpose: getting credit card numbers, accounts Threat level: medium
Friday, September 21, 2012
20,00,000 emails are sent 5% get to the end user 1,00,000 5% click on the phishing link 5,000 2% enter data into the phishing site 100 $1,200 from each person who enters data Potential reward: $1,20,000
Internet
Phishing or Phishing Telephone Phishing or Phone Phishing Puddle Phishing Spear Phishing Vishing
Act of sending an e-mail to an user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. Email directs the user to visit a Website where they are asked to update personal information. The Web site is bogus and set up only to steal users information.
Phishing e-mails will contain some of these common elements: From Field appears to be from the legitimate company mentioned in the e-mail. The e-mail will usually contain logos or images that have been taken from the Website of the company . The email will contain a clickable link with text suggesting you use the inserted link to validate your information.
People behind phishing e-mails are scam artists Anyone with an email address is at risk of being phished Any email address that has been made public on the Internet (posting in forums, newsgroups or on a Website) is more susceptible
10
Never respond to an email asking for personal information Before submitting financial information through a Website, look for the lock icon on the browsers status bar Never click on the link on the email. Retype the address in a new window Keep your browser updated Keep antivirus definitions updated Use a firewall
11
Using a phone call to obtain a persons personal, financial, or password data Unlike Internet phishing, the victim is not involved and is completely unaware Instead of directing you to a spoofed Web site, an email will prompt you to call a customer support number
12
Call
the person, pretending to be an employee of a company Get the person to call a phone number controlled by the phisher Call a company, pretending to be the person Eavesdrop on the persons cell phone calls
13
Phishing
that is targeted at a small company Being employed against community banks, which are the puddle Websense Security Labs coined the term puddle phishing to describe the phenomenon of targeting customers of small financial institutions
14
Socially aware attacks Mine social relationships from public data Phishing email appears to arrive from someone known to the victim Uses spoofed identity of trusted organization to gain trust Urges victims to update or validate their account Threatens to terminate the account if the victims do not reply Uses gift or bonus as a bait Security promises Context-aware attacks Your bid on eBay has won! 15
Friday, September 21, 2012
Phishing by sending an email that includes a scammercontrolled phone number, or by spoofing an automated phone call from a financial institution using the voiceover-IP system blend of voice and phishing ever got an email prompting you to change your banking password? This particular fraud is called vishing and is on the increase
16
17
Be more careful & watchful Keeping the system updated in terms of Firewall & Antivirus Confirm every connection your firewall allows Phishing Filter (http://www.microsoft.com/athome/security/online/phis hing_filter.mspx) helps protect you from Web fraud and the risks of personal data theft by warning or blocking you from reported phishing Websites Join http://www.antiphishing.org/
18
Bellowing, Steven. Spamming, Phishing, Authentication and Privacy. Inside Risks, December 2004 Mulrean, Jennifer. Phishing scams: How to avoid Getting hooked. Dollar Wise www.webopedia.com www.antiphishing.org www.wikepedia.com
19
20