PHISHING ATTACK

- Elakkiya.P

AGENDA

• Phishing Basics• Introduction• Techniques• New phish• Reason behind phishing• Latest case study• Survey• Examples• Conclusion

PHISHING BASICS

• Pronounced "fishing“• The word has its Origin from two words

“Password Harvesting” or fishing for Passwords• Phishing a kind of deception in which an

attacker pretends to be someone else in order to obtain sensitive information from the victim

• Also known as "brand spoofing“• Phishers are phishing artists

INTRODUCTION

• Phishing “IDENTITY THEFT” is obtaining sensitive & valuable information about the customer.

• Phishing makes high profit with less or small tecnological investment.

• It tries to trick users with official-looking messages

• Some phishing e-mails also contain malicious or unwantedsoftware

TECHNIQUES

• LINK MANIPULATION• WEB FORGERY

NEW PHISH

• Spear phishing

Who Is Behind The Phishes & Why

PHISH ARTISTSsend out millions of these scam e-mails in the hopes that even a few

recipients will act on them and provide their personal and

financial information

e-mail address that has been made public on the

Internet - more susceptible to phishing

e-mail address can be saved by spiders that search the Internet

Compared to

WHY ?MAIL-ID

They can grab as many e-mail addresses as they can

they can cheaply and easily access millions of valid e-mail addresses to send these scams to

LATEST CASE STUDY

• A very recent and popular case of phishing is that the chinese phishers are targeting GMAIL account of high ranked official of united states,south korea government and military information & chinese political activities.

SURVEY

• A survey found that 9 out of 10 American adult Internet users have made changes to their Internet habits because of the threat of identity theft.

• The 30 percent say that they reduced their overall usage.

• The 25 percent say they have stopped shopping online, while 29 percent of those that still shop online say they have decreased the frequency of their purchases.

Top 10

POPULAR EXAMPLES

EMAIL EXAMPLE

ACCOUNT ALERT Dear Valued Member,

According to our terms of services, you will have to confirm your e-mail by the following link, or your account will be suspended for security reasons.

http://www.uc.edu/confirm.php?account=d.mich.mal@uc.edu

After following the instructions in the sheet, your account will not be interrupted and will continue as normal.

Thanks for your attention to this request. We apologize for any inconvenience.

Sincerely, Uc Abuse Department

POPULAR FRAUDULENT EMAIL PHRASES

"Verify your account.“*** If you receive an e-mail from Microsoft asking you to update your credit card information, do not respond: this is Phishing scam.

"If you don't respond within 48 hours, your account will be closed.“

"Dear Valued Customer.“"Click the link below to gain access

to your account.“

RECENT ACTIVITY

• June 16, 2014 HM Revenue and Customs - Automated Tax Refund Notification

• May 20, 2014Wells Fargo Bank - New Message from Wells Fargo Online

• April 14, 2014Discover Bank - A Massege From Discover Card Service

• March 21, 2014Banco Itau - aviso27: Comunicado importante

IMPACT OF PHISHING

• loss of access to email to substantial financial loss

• Erosion of Public Trust in the Internet. Phishing also decreases the public’s trust in the Internet.

How to avoid Phishing• DON’T CLICK THE LINK– Type the site name in your browser (such as

www.paypal.com)• Never send sensitive account information by e-mail– Account numbers, SSN, passwords

• Never give any password out to anyone• Verify any person who contacts you (phone or email). – If someone calls you on a sensitive topic, thank them, hang

up and call them back using a number that you know is correct, like from your credit card or statement.

CONCLUSION

Awareness of phishing is in as it is a form of criminal conduct that poses increasing threats to consumers, financial institutions, and commercial enterprises in Canada, the United States, and other countries.

THANK YOU !!!