PHISHING A THREAT TO NETWORK SECURITY

1Presented by,

Anju ThomasRoll No:09

S5MCA

OUTLINE……

IntroductionWhat Is Phishing??What Kind Of Information

Do The Hackers Want?How Phishing Is Done?Techniques Of PhishingPreventionConclusion

2

INTRODUCTION

Origin of word “Phishing” from two words – ‘Password’ & ‘Harvesting’.

3

There are a number of different phishing techniques used to obtain personal information from users.

As technology becomes more advanced, the phishing techniques being used are also more advanced.

To prevent Internet phishing, users should have knowledge of various types of phishing techniques and we should also be aware of anti-phishing techniques to protect ourselves from getting phished.

4

PHISHINGPhishing is a type of deception designed to

steal your valuable personal data, such as credit card numbers, passwords, account data, or other information.

5

WHAT KIND OF INFORMATION DO THE HACKERS WANT ??

Your name, address and

date of birth Social Security number Driver’s License number Credit Card numbers ATM cards Telephone calling cards

6

SECTORS WHICH PHISHING IS DONE 7

8HOW PHISHING IS DONE ??

http://fbaction.net/

9

10

11

12

Difference between https and httpIf You are using Hypertext Transfer Protocol

Secure (HTTPS) Instead of Hypertext Transfer Protocol (HTTP), then your website is safe and no one can steal your information.

If No, Then The website You are working with is not safe….!

• To verify the website you are connecting to is the genuine website.

• To ensure the privacy of your data during transit.• To ensure the integrity of your data during transit.

Why do we use TLS or SSL? 13

Using https, the computers agree on a “code”

This “code” is running in TLS or SSL so that no one can steal Your personal Information.

14

Why https is safe?

TYPES OF PHISHING

Clone phishingSpear phishing

Whaling phishing

15

Clone Phishing 16 Content of original mail (including link)

copied to create duplicate email. But the link may be replaced with phishers fake or harmful links.

Spear PhishingPhishing attempts directed at specific individuals or companies have been termed Spear Phishing.

Whaling PhishingPhishing attacks have been directed specifically at senior executives and other high profile targets within businesses is known as Whaling Phishing.

Techniques of Phishing

Phishing

Link manipul-

ation

Key loggers

Session hacking

Phone phishing

17

Link manipulation

18

1)Link manipulationLink manipulation is the technique

in which the phisher sends fake link to A website that is usually visited by the victim or the user.

Two Types Of Fake Links.Link Which Redirected to Phishers

website.Malware Links.

19

20

Link Which Redirected to Phishers website.

Malware Links. 21

22

23

Example

24

HOW TO PREVENT? One of the anti-phishing techniques used to prevent

link manipulation is to move the mouse over the link to view the actual address.

To check the http”s” connection in address bar , meaning its a secure connection.

25

KEY LOGGERS

26

WHY KEYLOGGERS ARE A THREAT?key loggers doesn't make any threat to the

system itselfA key logger is a type of software can record

instant messages, e-mail, and any information you type at any time using your keyboard.

As a result, cyber criminals can get PIN codes and account numbers for e-payment systems, passwords to online gaming accounts, email addresses, user names, email passwords etc.

27

HOW TO DETECT AND PREVENT?? Make entries through the virtual keyboard. install an antivirus product and keep its database up

to date. Use anti-spyware software's.

28

29

SESSION HIJACKING

• Session Hijacking (a.k.a. Session Side jacking) is a form of Man In The Middle (MITM) attack.

• In which a malicious attacker has access to the transport layer and can eavesdrop on communications.

• When communications are not protected they can steal the unique session ID and imitate the victim on the target site.

• This grants the attacker access to your account and data.

SESSION HIJACKING 30

Example…! 31

Steps in Session Hijacking1. Place yourself between the victim and the target .2. Monitor the flow of packets3. Predict the sequence number4. Kill the connection to the victim’s machine5. Take over the session6. Start injecting packets to the target server

32

Prevention of session hijacking1.Encription and connectivity.2.Use anti-virus software.

PHONE PHISHING

33

Phone phishingMobile Phishing is a social engineering

technique where the attack is invited via mobile texting rather than email.

Using Fake Calls and will say to dial something. Using fake SMS.

34

Examples of phone phishing 35

So be careful when you use Mobile banking and all..!

36

Email Spoofing Email Trap By Using Fake Email Address. This is the trick

Used by spammers.

37

Defensive tips against email spoofing

Firstly check the salutation Take care of grammar mistakes Must check the links in email Claiming that an email has

come from reliable source Forward spoofed emails to

FTC (Federal Trade Commission)

38

Prevention Against Phishing Attack 39

1.Never respond to emails that request personal financial information 4

0

2.Visit bank’s websites by typing the URL into the address bar

41

3.Keep a regular check on your Accounts and Credit cards. 4

2

4.Be cautious with emails and personal data .43

5.Keep your computer secure

6.Use anti-spam software

44

7.Use anti-spyware software

8. Use Firewall. 9. Check the website you are

visiting is secure.10. Always report suspicious

activity

45

11. GET EDUCATED ABOUT PHISHING PREVENTION ATTACK

“It is better to be safer now, than feel sorry later”

46

47