1 / 14

Phishing

Phishing. Internet scams. Phishing. phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Phishing.

ginata
Download Presentation

Phishing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Phishing Internet scams

  2. Phishing • phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication.

  3. Phishing • eBay, PayPal and online banks are common targets. Phishing is typically carried out by email or instant messaging,[1] and often directs users to enter details at a website, although phone contact has also been used. Phishing is an example of social engineering techniques used to fool users. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical measures.

  4. Early Reports • A phishing technique was described in detail as early as 1987, while the first recorded use of the term "phishing" was made in 1996. • The term is a variant of fishing, probably influenced by phreaking, and alludes to the use of increasingly sophisticated baits used in the hope of a "catch" of financial information and passwords

  5. Methods • Most methods of phishing use some form of technical deception designed to make a link in an email (and the spoofed website it leads to) appear to belong to the spoofed organization. Misspelled URLs or the use of subdomains are common tricks used by phishers, such as this example URL, http://www.yourbank.example.com/. Another common trick is to make the anchor text for a link appear to be valid, when the link actually goes to the phishers' site, such as http://en.wikipedia.org/wiki/Genuine.

  6. Methods • An attacker can even use flaws in a trusted website's own scripts against the victim.[35] These types of attacks (known as cross-site scripting) are particularly problematic, because they direct the user to sign in at their bank or service's own web page, where everything from the web address to the security certificates appears correct.

  7. Methods • In reality, the link to the website is crafted to carry out the attack, although it is very difficult to spot without specialist knowledge. Just such a flaw was used in 2006 against PayPal

  8. Phone Phishing • Not all phishing attacks require a fake website. Messages that claimed to be from a bank told users to dial a phone number regarding problems with their bank accounts. • Once the phone number (owned by the phisher, and provided by a Voice over IP service) was dialed, prompts told users to enter their account numbers and PIN. • Vishing (voice phishing) sometimes uses fake caller-ID data to give the appearance that calls come from a trusted organization.[40]

  9. How to tell if an e-mail message is fraudulent • "Verify your account." • Businesses should not ask you to send passwords, login names, Social Security numbers, or other personal information through e-mail. • "If you don't respond within 48 hours, your account will be closed." • These messages convey a sense of urgency so that you'll respond immediately without thinking. Phishing e-mail message might even claim that your response is required because your account might have been compromised.

  10. How to tell if an e-mail message is fraudulent • "Dear Valued Customer." • Phishing e-mail messages are usually sent out in bulk and often do not contain your first or last name. • "Click the link below to gain access to your account." • HTML-formatted messages can contain links or forms that you can fill out just as you'd fill out a form on a Web site. • links that you are urged to click may contain all or part of a real company's name and are usually "masked," meaning that the link you see does not take you to that address but somewhere different, usually a phony Web site.

  11. Ponzi Schemes A Ponzi scheme is a fraudulent investment operation that pays returns to investors from their own money or money paid by subsequent investors rather than from any actual profit earned. The Ponzi scheme usually offers returns that other investments cannot guarantee in order to entice new investors, in the form of short-term returns that are either abnormally high or unusually consistent. The perpetuation of the returns that a Ponzi scheme advertises and pays requires an ever-increasing flow of money from investors in order to keep the scheme going.

  12. Ponzi Schemes The scheme is named after Charles Ponzi,[1] who became notorious for using the technique after emigrating from Italy to the United States in 1903. Ponzi did not invent the scheme (Charles Dickens' 1857 novel Little Dorrit described such a scheme decades before Ponzi was born, for example), but his operation took in so much money that it was the first to become known throughout the United States.

More Related