1 / 9

Phishing

Phishing. Phishing : An Introduction.

zenda
Download Presentation

Phishing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Phishing

  2. Phishing : An Introduction “Phishingis a way of attempting to acquire sensitive information such as usernames,passwordsand credit card details by masquerading as a trustworthy entity in anelectronic communication.” – WikipediaPhishing, much like the hunting sport after which it is named, is nothing but a manner of extracting data or information, more often than not in an illegal or at the very least immoral manner. In an age where everything from instant messaging logs to bank account details, address books and even legal documents are stored online, there is eternal incentive for mischief mongers to ply their trade. Phishing, due to the relative simplicity of its execution, hence becomes one of the primary such methods of obtaining this information, be it through fraud or even social engineering.

  3. What exactly is Phishing? Simply put, phishing is when people managed to get hold of information you’d rather keep hidden, by posing as someone else; someone familiar. As a result, every page proclaiming to be Facebook, complete with that reassuring blue and the instantly recognizable logo may not actually be Facebook, but simply a page that dupes you into voluntarily giving up your login details. Genius in simplicity, or what?

  4. Who are they? They may be peeved employees aiming to get back at their bosses, professional programmers with nothing to do over the weekend, or simply the teen next door. What do they want? Information – Your information which they can use for a variety of purposes, probably none of which are good for you How do they do it? These individuals are smart and wily. They know what we overlook and they use these naivities to their benefit.

  5. Link Manipulation and Website Forgery This probably is the most common way phishers use to exploit information. As you would’ve already guessed, the user here is deceived by web links which point to phisher’s websites. These links are usually misspelled in such a way that the common eye would miss it, and the user would go ahead and enter the website. These links are usually distributed to the users all over the world by an email.

  6. Phishing Pop-ups This form of phishing came in with the advent of tabbed browsing and popup windows in internet browsers. The phisher sends the tentative victim a link to the original website but with the addition of a pop-up which asks for the victim’s id and password. The user sees the original website with the original URL and assumes it is authentic. It primarily occurs in two ways: 1) Pop-up window that appears to be from a website which is open in an inactive tab 2) Non-functional log-in forms

  7. Tab napping This technique has come up quite recently and is far ahead of all the others in duping unfortunate users. And yet again, it is tabbed browsing which makes the job easier for phishers. We usually have a habit of leaving tabs unattended for long periods of time after opening a dozen of them. While surfing, the user moves to an contaminated site. This site, while open, quietly uses code to alter the content displayed on the page. Thus, to cut the story short, the page has now effective changed when the user left it unattended! The page usually changes to that of an email client, say Gmail. When he returns and moves his tabs again, he comes to this page and thinking that he logged out when he left, logs in by providing his user name and password. And Voila!

  8. Duplicate Networks – The Evil Twins Attack Wireless networks aren’t free of phishers and eavesdroppers. The phishing scam associated with wireless devices is called the Evil Twin attack. In this attack, the attackers who possess the necessary equipment locate a hotspot, which are points via which users connect to the Internet in a wireless network. The effectively replace these hotspots, thus replacing their ‘evil twins’.  Once established, the phisher sets up a fake web site on the network and the rest follows like any other attack.

  9. Misleading Applications It is often that once people log into social networking sites like Facebook, they stop worrying about phishing sites and security risks or threats. But it is usually this trust in sites such as Facebook that the phishers exploit. Recently, Rik Ferguson from Trend Micro enlightened the cyberworld with nasty applications present within Facebook, known as Stream and Post applications.The user is directed to a phishing site where as usual, he is asked to enter his credentials in order to utilise the aforesaid applications. As mentioned, as users stop worrying about security once they’ve logged in, are tricked very easily by these phishers as most of these messages appear on the user’s Facebook

More Related