Vous êtes sur la page 1sur 15

Phishing Attack

Presented By Guided By
Name: Binayaka Billiam Suna Name: Dr Sasmita Mishra
Roll No: 36407 Desingnation:
Registration No: 1705105007
 Introduction
 Phishing Techniques
 Phishing Examples
 Types of Phishing
 Causes of Phishing
 Anti Phishing
 Effects of Phishing
 Defend against Phishing Attacks
 Conclusion
 Reference
 Phishing is the attempt to obtain sensitive information such as username,
Passwords, and credit card details (and, indirectly, money), often for malicious
reason, by disguising as a trustworthy entity in an electronic communication.

 Phishing is typically carried out by Email spoofing or instant messaging, and it

Often directs users to enter personal information at a fake website, the look and
Fell of which are identical to the legitimate one and the only difference is the
URL of the website in concern.
 The goal of a phishing attempt is to trick the recipient into taking the attacker's
desired action, such as providing login credentials or other sensitive information.
This website is also fraudulent, designed to look legitimate, but exists solely to
collect login information from phishing victims.

 One is by the purpose of the phishing attempt. Generally, a phishing campaign

tries to get the victim to do one of two things: Hand over sensitive information.
These messages aim to trick the user into revealing important data — often a
username and password that the attacker can use to breach a system or account.
Phishing Techniques

 Spear Phishing
 Email/Spam
 Link Manipulation
 Keylogger
 Phishing through Search Engines
 Phone Phishing
Phishing Examples
In this example, targeted at Facebook User, the phisher has used an image to make it
harder for anti-phishing filters to detect by scanning for text commonly used in
phishing emails.
Types of Phishing

Deceptive - Sending a deceptive email, in bulk, with a “call to action” that

demands the recipient click on a link.

Malware-Based - Running malicious software on the user’s machine.

Various forms of malware-based phishing are

 Key Loggers & Screen Loggers

 Session Hijackers
 Web Trojans
 Data Theft
Types of Phishing
 DNS-Based - Phishing that interferes with the integrity of the lookup
process for a domain name. Forms of DNS-based phishing are:

 Hosts file poisoning

 Polluting user’s DNS cache
 Proxy server compromise

 Man-in-the-Middle Phishing - Phisher positions himself between the

user and the legitimate site.
Types of Phishing
 Content-Injection – Inserting malicious content into legitimate site.

Three primary types of content-injection phishing:

 Hackers can compromise a server through a security vulnerability and

replace or augment the legitimate content with malicious content.

 Malicious content can be inserted into a site through a cross-site scripting


Malicious actions can be performed on a site through a SQL injection

Causes of Phishing
 Misleading e-mails
 No check of source address
 Vulnerability in browsers
 No strong authentication at websites of banks and financial
 Limited use of digital signatures
 Non-availability of secure desktop tools
 Lack of user awareness
 Vulnerability in applications
Anti Phishing
 A. Social responses

 B. Technical approaches
1. Helping to identify legitimate websites.
2. Browsers alerting users to fraudulent websites.
3. Eliminating Phishing mail.
4. Monitoring and takedown.

 C. Legal approaches
Effects of Phishing

 Internet fraud
 Identity theft
 Financial loss to the original institutions
 Difficulties in Law Enforcement
 No single technology will completely stop phishing.

 However, a combination of good organization and practice, proper

application of current technologies, and improvements in security

technology has the potential to drastically reduce the prevalence of

phishing and the losses suffered from it.


 www.google.com

 www.wikipedia.com

 www.studymafia.org