phishing
-
Upload
sandeshsuman -
Category
Education
-
view
339 -
download
6
description
Transcript of phishing
PHISHING
Not the kind of Fishing you are used to.
Presented by: -SANDESH SUMANB.Tech (CSE), 6th SemesterRegd. No: 1101209130
OUTLINE• INTRODUCTION• HISTORY• TECHNIQUES• TARGETS• DAMAGED CAUSED • PHISHING EXAMPLE• ANTI-PHISHING• PRECAUTION• CONCLUSION• REFRENCE
INTRODUCTION
• A collection of techniques used to manipulate people into performing actions or divulging confidential information.
• Steal valuable data.
HISTORY Phreaking + Fishing = Phishing
- Phreaking = making phone calls for free back in 70’s– Fishing = Use bait to lure the target
Phishing in 1995Purpose: getting account passwords for free timeThreat level: lowTechniques: Similar names ( www.ao1.com for www.aol.com )
Phishing in 2001Purpose: getting credit card numbers, accountsThreat level: mediumTechniques: Same in 1995, key logger
Phishing in 2007Purpose: bank accountsThreat level: highTechniques: browser vulnerabilities, link obfuscation
TECHNIQUES• Link Manipulation Example :- www.aol.com to www.ao1.com
• Filter Evasion• Website Forgery• Fake Call
TECHNIQUES
TARGETS
Damaged Caused
• 2,000,000 emails are sent• 5% get to the end user – 100,000 (APWG)• 5% click on the phishing link – 5,000 (APWG)• 2% enter data into the phishing site –100 (Gartner)• $1,200 from each person who enters data (FTC)• Potential reward: $120,000
In 2005 David Levi made over $360,000 from 160 people using an eBay Phishing scam
Damaged Caused
• Over 28,000 unique phishing attacks reported in Dec. 2006, about double the number from 2005
• Estimates suggest phishing affected 2 million US citizens and cost businesses billions of dollars in 2005
• Additional losses due to consumer fears
Anti Phishing
• Social Responses• Legal Responses• Technical Responses
PRECAUTION
• Never respond to an email asking for personal information
• Always check the site to see if it is secure. Call the phone number if necessary
• Never click on the link on the email. Retype the address in a new window
• Keep your browser updated• Keep antivirus definitions updated• Use a firewall
PRECAUTION
CONCLUSION
• No single technology will completely stop phishing. However, a combination of good organization and practice, proper application of current technologies, and improvements in security technology has the potential to drastically reduce the prevalence of phishing and the losses suffered from it
REFERENCES
[1] http://wikipedia.org/ downloaded on 27/12/2013 at 9:00 pm.[2] http://webopedia.com/ downloaded on 27/12/2013 at 9:00 pm.[3] http://computerworld.com/ downloaded on 28/12/2013 at 8:00 pm.[4] http://www.anti-phishing.info/ downloaded on 30/12/2013 at 8:00 pm.[5] http://lorrie.cranor.org/ downloaded on 30/12/2013 at 8:30 pm.