Upload
ethel-cooper
View
214
Download
0
Embed Size (px)
Citation preview
BY : MUHAMMAD KHUZAIMI B. ISHAK
4 ADIL
PUAN MAZITA
INFORMATION AND COMMUNICATION OF TECHNOLOGY
What is Phishing ?What is Phishing ? The The practice of sending out fake practice of sending out fake
emails, or spam, written to appear as emails, or spam, written to appear as if they have been sent by banks or if they have been sent by banks or other reputable organizations,other reputable organizations, with the with the intent of luring the recipient into intent of luring the recipient into revealing sensitive informationrevealing sensitive information
E.g - usernames, passwords, account IDs, E.g - usernames, passwords, account IDs, ATM PINs or credit card detailsATM PINs or credit card details
attacks will direct the recipient to a web page designed to mimic a target organisation's own visual identity
to harvest the user's personal information
often leaving the victim unaware of the attack
Obtaining this type of personal data is attractive to blackhats
Who Is Behind The Phishes Who Is Behind The Phishes & Why& Why
SCAM SCAM ARTISTSARTISTS
send out millions of these scam e-mails in the hopes that even a few recipients will act on them and provide their personal and
financial informatione-mail address e-mail address that has been that has been
made public on made public on the Internet - the Internet -
more more susceptible to susceptible to
phishingphishing
e-mail address e-mail address can be saved can be saved by spiders that by spiders that search the search the InternetInternet
Compared to
WHY ?
They can grab as many e-mail addresses as they can
they can cheaply and easily access millions of valid e-mail addresses to send these scams to
Examples of PhishingExamples of Phishing PayPal phishing examplePayPal phishing example
An example of a phishing An example of a phishing email targeted at PayPal email targeted at PayPal users.users.
In an example PayPal phish , In an example PayPal phish , spelling mistakes in the spelling mistakes in the email and the presence of email and the presence of an IP address in the link an IP address in the link (visible in the tooltip under (visible in the tooltip under the yellow box) are both the yellow box) are both clues that this is a phishing clues that this is a phishing attempt. Another giveaway attempt. Another giveaway is the lack of a personal is the lack of a personal greeting, although the greeting, although the presence of personal details presence of personal details is not a guarantee of is not a guarantee of legitimacy.legitimacy.
SouthTrust Bank SouthTrust Bank exampleexample
In this second example, In this second example, targeted at SouthTrust targeted at SouthTrust Bank users, the phisher Bank users, the phisher has used an image to has used an image to make it harder for anti-make it harder for anti-phishing filters to phishing filters to detect by scanning for detect by scanning for text commonly used in text commonly used in phishing emailsphishing emails..
Damage causesDamage causes
loss of access to email to substantial loss of access to email to substantial financial lossfinancial loss
Its more popular because of the ease Its more popular because of the ease with which unsuspecting people often with which unsuspecting people often divulge personal information to divulge personal information to phishersphishers
Once this information is acquired, the Once this information is acquired, the phishers may use a person's details to phishers may use a person's details to create fake accounts in a victim's create fake accounts in a victim's namename
Anti-phishing softwareAnti-phishing software consists of computer programs that consists of computer programs that
attempt to identify phishing content attempt to identify phishing content contained in websites and e-mailcontained in websites and e-mail
often integrated with web browsers and often integrated with web browsers and email clients as a toolbar that displays email clients as a toolbar that displays the real domain name for the website the real domain name for the website the viewer is visiting, in an attempt to the viewer is visiting, in an attempt to prevent fraudulent websites from prevent fraudulent websites from masquerading as other legitimate web masquerading as other legitimate web sitessites
may also be included as a built-in may also be included as a built-in capability of some web browserscapability of some web browsers
Anti-Phishing ProgramsAnti-Phishing Programs Microsoft Windows Internet Explorer Microsoft Windows Internet Explorer
7 7 Firefox 2.0 Firefox 2.0 Netscape 8.1 Netscape 8.1 Netcraft Toolbar Netcraft Toolbar Google Safe Browsing (usable with Google Safe Browsing (usable with
Firefox) Firefox) eBay Toolbar eBay Toolbar Phishtank SiteCheckerPhishtank SiteChecker