Scribd
Upload
112 views16 pages

Phishing

The document is a seminar presentation on phishing that defines phishing as attempting to acquire personal information under false pretenses. It covers various phishing techniques including link manipulation and website forgery. It also discusses types of phishing like deceptive and malware-based phishing. Causes of phishing include misleading emails and lack of user awareness. Methods to defend against phishing include preventing deception, detecting attacks, and countering compromised information.

Uploaded by

DB
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
112 views16 pages

Phishing

The document is a seminar presentation on phishing that defines phishing as attempting to acquire personal information under false pretenses. It covers various phishing techniques including link manipulation and website forgery. It also discusses types of phishing like deceptive and malware-based phishing. Causes of phishing include misleading emails and lack of user awareness. Methods to defend against phishing include preventing deception, detecting attacks, and countering compromised information.

Uploaded by

DB
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 16

www.studymafia.

org
Seminar
On
Phishing

Submitted To: Submitted By:


www.studymafia.org www.studymafia.org
Content
 Introduction
 Phishing Techniques
 Phishing Examples
 Types of Phishing
 Causes of Phishing
 Anti Phishing
 Effects of Phishing
 Defend against Phishing Attacks
 Conclusion
 Reference
Introduction
 Phishing is the act of attempting to acquire
information such as username, password and credit
card details as a trustworthy entity in an electronic
communication.
 Communications purporting to be from popular
social web sites ,auction sites, online payment
process or IT administrators are commonly used to
lure the unsuspecting public .Phishing emails may
contain links to websites that are infected with
malware.
Phishing Techniques
 LINK MANIPULATION
 FILTER EVASION
 WEBSITE FORGERY
 PHONE PHISHING
Phishing Examples
 In this example, targeted at South Trust Bank users, the phisher
has used an image to make it harder for anti-phishing filters to
detect by scanning for text commonly used in phishing emails.
Phishing Examples
Types of Phishing
 Deceptive - Sending a deceptive email, in bulk, with a “call
to action” that demands the recipient click on a link.
 Malware-Based - Running malicious software on the
user’s machine. Various forms of malware-based phishing are:

 Key Loggers & Screen Loggers


 Session Hijackers

 Web Trojans

 Data Theft
Types of Phishing
 DNS-Based - Phishing that interferes with the integrity of
the lookup process for a domain name. Forms of DNS-based
phishing are:
 Hosts file poisoning
 Polluting user’s DNS cache
 Proxy server compromise
 Man-in-the-Middle Phishing - Phisher positions himself
between the user and the legitimate site.
Types of Phishing
 Content-Injection – Inserting malicious content into legitimate site.

Three primary types of content-injection phishing:

 Hackers can compromise a server through a security vulnerability


and replace or augment the legitimate content with malicious content.

 Malicious content can be inserted into a site through a cross-site


scripting vulnerability.

 Malicious actions can be performed on a site through a SQL injection


vulnerability.
Causes of Phishing
 Misleading e-mails
 No check of source address
 Vulnerability in browsers
 No strong authentication at websites of banks and
financial institutions
 Limited use of digital signatures
 Non-availability of secure desktop tools
 Lack of user awareness
 Vulnerability in applications
Anti Phishing

 A. Social responses
 B. Technical approaches
• 1. Helping to identify legitimate websites.
• 2. Browsers alerting users to fraudulent websites.
• 3. Eliminating Phishing mail.
• 4. Monitoring and takedown.
 C. Legal approaches
Effects of Phishing
 Internet fraud
 Identity theft
 Financial loss to the original institutions
 Difficulties in Law Enforcement Investigations
 Erosion of Public Trust in the Internet.
Defend against Phishing Attacks
 Preventing a phishing attack before it begins
 Detecting a phishing attack
 Preventing the delivery of phishing messages
 Preventing deception in phishing messages and sites
 Counter measures
 Interfering with the use of compromised information
Conclusion
 No single technology will completely stop phishing.
 However, a combination of good organization and
practice, proper application of current technologies,
and improvements in security technology has the
potential to drastically reduce the prevalence of
phishing and the losses suffered from it.
Reference
 www.google.com
 www.wikipedia.com
 www.studymafia.org
Thanks

You might also like