SlideShare una empresa de Scribd logo

Phishing

Descargar como PPT, PDF
Alka Falwaria
Alka Falwaria
Tecnología
1 de 28
PHISHING
CONTENTS :- Introduction Types of phishing Examples of phishing Techniques of phishing Prevention methods
FISHING
PHISHING
PHISHING PHREAKING FISHING FREAKPHONE
Phishing is an attempt to fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.
Types of phishing Spear phishing Clone phishing Whaling phishing
Characteristics of phishing emails
1. Disguised hyperlinks and sender address- • Appear similar as the genuine institution site. • Sender address of the email also appears as originated from the targeted company.
2. Email consists of a clickable image : • Scam emails arrive as a clickable image file containing fraud request for information. • Clicking anywhere within the email will cause the bogus website to open.
3. Content appears genuine Scam email include logos, styling, contact and copyright information. identical to those used by the targeted institution.
4. Unsolicited requests for sensitive information : • Emails asks to click a link and provide sensitive personal information . • It is highly unlikely that a legitimate institution would request sensitive information in such a way.
5. Generic Greetings • Scam mails are sent in bulk to many recipients and use generic greetings such as "Dear account holder" or "Dear [targeted institution] customer".
Phishing Techniques
Email/Spam • Sending mails that look trustworthy to user • Send the same email to millions of users, requesting them to fill in personal details • Messages have an urgent note • Click on a link which is embedded in your email.
Example of Phishing Email
“Man in the Middle” - attack • Attackers situate between the customer and the real web-based application • The attacker's server then proxies all communications between the customer and the real web-based application server
Link Manipulation By manipulating the links for example www.facb00k.com Instead of www.facebook.com Misspelled URLs or sub domains are common tricks used by Attacker
Key loggers Key loggers are designed to monitor all the key strokes
Content Injection  Inserting malicious content into legitimate site.  Three primary types of content-injection phishing:  Hackers can compromise a server through a security vulnerability and replace or augment the legitimate content with malicious content.  Malicious content can be inserted into a site through a cross-site scripting vulnerability.  Malicious actions can be performed on a site through a SQL injection vulnerability.
Malware-Based Phishing • In this method, phishers used malicious software to attack on the user machine. • This phishing attack spreads due to social engineering or security vulnerabilities. • In social engineering, the user is convinced to open an attachment that attracts the user regarding some important information and download it containing malwares. • Exploiting the security vulnerabilities by injecting worms and viruses is another form of malware based phishing.
Trojan Horse • Trojan is a program that gives complete access of host computer to phishers after being installed at the host computer. • Phishers will make the user to install the trojan software which helps in email propagating and hosting fraudulent websites.
Beast (A Trojan horse software)
Mobile Phishing • Mobile Phishing is a social engineering technique where the attack is invited via mobile texting rather than email. • An attacker targets mobile phone users with a phishing attack for the purpose of soliciting account passwords or sensitive information from the user. • The user is enticed to provide information or go to a compromised web site via text message.
Prevention Against Phishing Attack • Never respond to emails that request personal financial information • Visit bank’s websites by typing the URL into the address bar • Keep a regular check on your accounts • Be cautious with emails and personal data
• Keep your computer secure • Use anti-spam software • Use anti-spyware software • Use the Microsoft Baseline Security Analyser (MBSA) • Use Firewall
Continued… • Protect against DNS pharming attacks • Check the website you are visiting is secure • Use backup system images • Get educated about phishing prevention attack • Always report suspicious activity
It is better to be safer now than feel sorry later. Thank you.

Recomendados

What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?
Quick Heal Technologies Ltd.
 
Phishing
PhishingPhishing
Phishing
Sagar Rai
 
Phishing
PhishingPhishing
Phishing
anjalika sinha
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
ControlScan, Inc.
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing Attacks
SysCloud
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasures
Jorge Sebastiao
 
Phishing attack
Phishing attackPhishing attack
Phishing attack
Raghav Chhabra
 
Phishing
PhishingPhishing
Phishing
SouganthikaSankaresw
 

Recomendados

What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?
Quick Heal Technologies Ltd.
 
Phishing
PhishingPhishing
Phishing
Sagar Rai
 
Phishing
PhishingPhishing
Phishing
anjalika sinha
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
ControlScan, Inc.
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing Attacks
SysCloud
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasures
Jorge Sebastiao
 
Phishing attack
Phishing attackPhishing attack
Phishing attack
Raghav Chhabra
 
Phishing
PhishingPhishing
Phishing
SouganthikaSankaresw
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Security
anjuselina
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks ppt
Aryan Ragu
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
bensonoo
 
Anti phishing presentation
Anti phishing presentationAnti phishing presentation
Anti phishing presentation
BokangMalunga
 
Anti phishing
Anti phishingAnti phishing
Anti phishing
Shethwala Ridhvesh
 
Phishing
PhishingPhishing
Phishing
SaurabhKantSahu1
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
Surya Bathulapalli
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
shindept123
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing Attacks
Jagan Mohan
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on Phishing
Pankaj Yadav
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
William Mann
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
William Gregorian
 
Phishing attack seminar presentation
Phishing attack seminar presentation Phishing attack seminar presentation
Phishing attack seminar presentation
AniketPandit18
 
Phishing
PhishingPhishing
Phishing
Jayaseelan Vejayon
 
Phishing
PhishingPhishing
Phishing
HHSome
 
PHISHING attack
PHISHING attack PHISHING attack
PHISHING attack
Shubh Thakkar
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
Dmitriy Scherbina
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101
mateenzero
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharks
Nalneesh Gaur
 
Phishing awareness
Phishing awarenessPhishing awareness
Phishing awareness
PhishingBox
 
Phishing 101 General Course
Phishing 101 General CoursePhishing 101 General Course
Phishing 101 General Course
Aaron Keating
 
edu 3 ppt.pptx
edu 3 ppt.pptxedu 3 ppt.pptx
edu 3 ppt.pptx
ArchaWashington
 

Más contenido relacionado

La actualidad más candente

Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks ppt
Aryan Ragu
 

La actualidad más candente (20)

Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Security
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks ppt
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
 
Anti phishing presentation
Anti phishing presentationAnti phishing presentation
Anti phishing presentation
 
Anti phishing
Anti phishingAnti phishing
Anti phishing
 
Phishing
PhishingPhishing
Phishing
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing Attacks
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on Phishing
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Phishing attack seminar presentation
Phishing attack seminar presentation Phishing attack seminar presentation
Phishing attack seminar presentation
 
Phishing
PhishingPhishing
Phishing
 
Phishing
PhishingPhishing
Phishing
 
PHISHING attack
PHISHING attack PHISHING attack
PHISHING attack
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharks
 
Phishing awareness
Phishing awarenessPhishing awareness
Phishing awareness
 

Similar a Phishing

phishingppt-160209144204.pdf
phishingppt-160209144204.pdfphishingppt-160209144204.pdf
phishingppt-160209144204.pdf
vinayakjadhav94
 
phishing.pptx
phishing.pptxphishing.pptx
phishing.pptx
ReenuMariaBinoy1
 

Similar a Phishing (20)

Phishing 101 General Course
Phishing 101 General CoursePhishing 101 General Course
Phishing 101 General Course
 
edu 3 ppt.pptx
edu 3 ppt.pptxedu 3 ppt.pptx
edu 3 ppt.pptx
 
Chapter-5.pptx
Chapter-5.pptxChapter-5.pptx
Chapter-5.pptx
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
 
Spam & Phishing
Spam & PhishingSpam & Phishing
Spam & Phishing
 
Pp8
Pp8Pp8
Pp8
 
Phishing
PhishingPhishing
Phishing
 
Phishing
PhishingPhishing
Phishing
 
phishing-technology-730-J1A0e1Q.pptx
phishing-technology-730-J1A0e1Q.pptxphishing-technology-730-J1A0e1Q.pptx
phishing-technology-730-J1A0e1Q.pptx
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
 
Unit iii: Common Hacking Techniques
Unit iii: Common Hacking TechniquesUnit iii: Common Hacking Techniques
Unit iii: Common Hacking Techniques
 
phishing facts be aware and do not take the bait
phishing facts be aware and do not take the baitphishing facts be aware and do not take the bait
phishing facts be aware and do not take the bait
 
Phis
PhisPhis
Phis
 
phishingppt-160209144204.pdf
phishingppt-160209144204.pdfphishingppt-160209144204.pdf
phishingppt-160209144204.pdf
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
phishing.pptx
phishing.pptxphishing.pptx
phishing.pptx
 
Cyber crime & security
Cyber crime & securityCyber crime & security
Cyber crime & security
 

Último

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 

Último (20)

Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 

Phishing

  • 2. CONTENTS :- Introduction Types of phishing Examples of phishing Techniques of phishing Prevention methods
  • 6. Phishing is an attempt to fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.
  • 7. Types of phishing Spear phishing Clone phishing Whaling phishing
  • 9. 1. Disguised hyperlinks and sender address- • Appear similar as the genuine institution site. • Sender address of the email also appears as originated from the targeted company.
  • 10. 2. Email consists of a clickable image : • Scam emails arrive as a clickable image file containing fraud request for information. • Clicking anywhere within the email will cause the bogus website to open.
  • 11. 3. Content appears genuine Scam email include logos, styling, contact and copyright information. identical to those used by the targeted institution.
  • 12. 4. Unsolicited requests for sensitive information : • Emails asks to click a link and provide sensitive personal information . • It is highly unlikely that a legitimate institution would request sensitive information in such a way.
  • 13. 5. Generic Greetings • Scam mails are sent in bulk to many recipients and use generic greetings such as "Dear account holder" or "Dear [targeted institution] customer".
  • 15. Email/Spam • Sending mails that look trustworthy to user • Send the same email to millions of users, requesting them to fill in personal details • Messages have an urgent note • Click on a link which is embedded in your email.
  • 17. “Man in the Middle” - attack • Attackers situate between the customer and the real web-based application • The attacker's server then proxies all communications between the customer and the real web-based application server
  • 18. Link Manipulation By manipulating the links for example www.facb00k.com Instead of www.facebook.com Misspelled URLs or sub domains are common tricks used by Attacker
  • 19. Key loggers Key loggers are designed to monitor all the key strokes
  • 20. Content Injection  Inserting malicious content into legitimate site.  Three primary types of content-injection phishing:  Hackers can compromise a server through a security vulnerability and replace or augment the legitimate content with malicious content.  Malicious content can be inserted into a site through a cross-site scripting vulnerability.  Malicious actions can be performed on a site through a SQL injection vulnerability.
  • 21. Malware-Based Phishing • In this method, phishers used malicious software to attack on the user machine. • This phishing attack spreads due to social engineering or security vulnerabilities. • In social engineering, the user is convinced to open an attachment that attracts the user regarding some important information and download it containing malwares. • Exploiting the security vulnerabilities by injecting worms and viruses is another form of malware based phishing.
  • 22. Trojan Horse • Trojan is a program that gives complete access of host computer to phishers after being installed at the host computer. • Phishers will make the user to install the trojan software which helps in email propagating and hosting fraudulent websites.
  • 24. Mobile Phishing • Mobile Phishing is a social engineering technique where the attack is invited via mobile texting rather than email. • An attacker targets mobile phone users with a phishing attack for the purpose of soliciting account passwords or sensitive information from the user. • The user is enticed to provide information or go to a compromised web site via text message.
  • 25. Prevention Against Phishing Attack • Never respond to emails that request personal financial information • Visit bank’s websites by typing the URL into the address bar • Keep a regular check on your accounts • Be cautious with emails and personal data
  • 26. • Keep your computer secure • Use anti-spam software • Use anti-spyware software • Use the Microsoft Baseline Security Analyser (MBSA) • Use Firewall
  • 27. Continued… • Protect against DNS pharming attacks • Check the website you are visiting is secure • Use backup system images • Get educated about phishing prevention attack • Always report suspicious activity
  • 28. It is better to be safer now than feel sorry later. Thank you.