PHISHING

Not the kind of Fishing you are used to.

Presented by: -SANDESH SUMANB.Tech (CSE), 6th SemesterRegd. No: 1101209130

OUTLINE• INTRODUCTION• HISTORY• TECHNIQUES• TARGETS• DAMAGED CAUSED • PHISHING EXAMPLE• ANTI-PHISHING• PRECAUTION• CONCLUSION• REFRENCE

INTRODUCTION

• A collection of techniques used to manipulate people into performing actions or divulging confidential information.

• Steal valuable data.

HISTORY Phreaking + Fishing = Phishing

- Phreaking = making phone calls for free back in 70’s– Fishing = Use bait to lure the target

Phishing in 1995Purpose: getting account passwords for free timeThreat level: lowTechniques: Similar names ( www.ao1.com for www.aol.com )

Phishing in 2001Purpose: getting credit card numbers, accountsThreat level: mediumTechniques: Same in 1995, key logger

Phishing in 2007Purpose: bank accountsThreat level: highTechniques: browser vulnerabilities, link obfuscation

TECHNIQUES• Link Manipulation Example :- www.aol.com to www.ao1.com

• Filter Evasion• Website Forgery• Fake Call

TECHNIQUES

TARGETS

Damaged Caused

• 2,000,000 emails are sent• 5% get to the end user – 100,000 (APWG)• 5% click on the phishing link – 5,000 (APWG)• 2% enter data into the phishing site –100 (Gartner)• $1,200 from each person who enters data (FTC)• Potential reward: $120,000

In 2005 David Levi made over $360,000 from 160 people using an eBay Phishing scam

Damaged Caused

• Over 28,000 unique phishing attacks reported in Dec. 2006, about double the number from 2005

• Estimates suggest phishing affected 2 million US citizens and cost businesses billions of dollars in 2005

• Additional losses due to consumer fears

Anti Phishing

• Social Responses• Legal Responses• Technical Responses

PRECAUTION

• Never respond to an email asking for personal information

• Always check the site to see if it is secure. Call the phone number if necessary

• Never click on the link on the email. Retype the address in a new window

• Keep your browser updated• Keep antivirus definitions updated• Use a firewall

PRECAUTION

CONCLUSION

• No single technology will completely stop phishing. However, a combination of good organization and practice, proper application of current technologies, and improvements in security technology has the potential to drastically reduce the prevalence of phishing and the losses suffered from it

REFERENCES

[1] http://wikipedia.org/ downloaded on 27/12/2013 at 9:00 pm.[2] http://webopedia.com/ downloaded on 27/12/2013 at 9:00 pm.[3] http://computerworld.com/ downloaded on 28/12/2013 at 8:00 pm.[4] http://www.anti-phishing.info/ downloaded on 30/12/2013 at 8:00 pm.[5] http://lorrie.cranor.org/ downloaded on 30/12/2013 at 8:30 pm.