Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks

16
Phishing Attacks Process of luring a victim to a fake web site by clicking on a link Presented By :- Rahul Jain Submitted To :- Prof. Sachindra Dubey Sir Prof. Anamika Gupta Mam Made By Rahul Jain

Transcript of Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks

Page 1: Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks

Made By Rahul Jain

Phishing AttacksProcess of luring a victim to a fake web site by clicking on a link

Presented By :- Rahul JainSubmitted To :- Prof. Sachindra Dubey Sir Prof. Anamika Gupta Mam

Page 2: Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks

Made By Rahul Jain

Examples :-

• Click Here www.luckydraw.com to claim your $10000000 Prize!• Urgent attention of all true bank account holders.

Page 3: Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks

Made By Rahul Jain

Methods Of Phishing Attacks -1

•Impersonation :- Constructing fake Sites and then deceived by visiting.

Page 4: Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks

Made By Rahul Jain

Methods Of Phishing Attacks -2

•Forwarding :- Amazon, Paypal, eBay, When victim login to forwarding link data will upload on hostile’s server

Page 5: Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks

Made By Rahul Jain

Methods Of Phishing Attacks -3

•Popups :- Creative but of Limited Approaches. Behind the popup stealing of data done.

• First discovered during barrage of phishing attacks on city bank in 2003.

Page 6: Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks

Made By Rahul Jain

Types Of Phishing Attacks -1

•Man-In-The-Middle-Phishing :- Hackers Position themselves between user and legitimate websites.

•URL Obfuscation Attacks :- Following attackers hyperlink to the attacker’s server. • A> Bad Domain Names –• B> Friendly Login URL’s -Many web sites use friendly websites to

attack and steal the user’s data the general information is URL://username:password@hostname/path

Page 7: Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks

Made By Rahul Jain

Types Of Phishing Attacks -2

• C> Third Party Shortened URL’s :- Due to length of Complexity of many websites www.smallurl.com

• D> Host Name Obfuscation:- e.g, http://mybank.com:[email protected]/phishing/fakepage.htm

• In some cases, it may be possible to mix formats (e.g, http://0322.0x86/161.0043/)

Page 8: Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks

Made By Rahul Jain

Types Of Phishing Attacks -3

• E> URL Obfuscation :- Obfuscation is the obscuring of intended meaning in communication, making the message confusing, willfully ambiguous, or harder to understand.

Page 9: Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks

Made By Rahul Jain

Types Of Phishing Attacks -4

• E1> Escape Encoding :-• Percent Encoding or Escaped Encoding • Achieved by encoding the character to be intrepid with the character

%.

• E2> Unicode Encoding :- Method of Referencing and storing characters with multiple bytes by providing a unique number.

Page 10: Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks

Made By Rahul Jain

Types Of Phishing Attacks -5

• E3> Inappropriate UTF-8 Encoding :- • Characteristics of preserving the full US-ASCII character range.• %CO, %AE, %FO %FX %80 %80

• E4> Multiple Encoding :- Phishers may further obfuscate the URL information by encoding characters multiple times. • E.g, “\” character may be encoded as %25 originally but could be

extended to %35C or %25C%35C%63

Page 11: Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks

Made By Rahul Jain

Types Of Phishing Attacks -6

• Hidden Attacks - An attacker may make use of HTML, DHTML and Other Scriptable Code.• Whether its man in the middle attack or fake copy of the site hosted

on the attackers own systems. • A> Hidden Frames

Page 12: Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks

Made By Rahul Jain

Types Of Phishing Attacks -7

• Overriding Page Content :-

Page 13: Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks

Made By Rahul Jain

Types Of Phishing Attacks -8

• Deceptive Phishing :- • Malware Based Phishing :- • DNA Based Phishing :-• Content Injection Phishing :-• Search Engine Phishing :-

Page 14: Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks

Made By Rahul Jain

How To Avoid Phishing Attacks -1

• 1. Be Careful About responding To emails that ask you for sensitive information.• 2. Go to The Site Your self, Rather than clicking on links in suspicious

emails. • 3. If You are on sites that asking you to enter sensitive info check for

signs of any thing suspicious.• 4. Be wary of “Fabulous offers” and “fantastic Prizes” that you will

some times Across on web.

Page 15: Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks

Made By Rahul Jain

How To Avoid Phishing Attacks -2

• Use of Browsers that has a phishing filters.

Page 16: Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks

Made By Rahul Jain

Thank You ..!! For Any Query Ask on-- ideasandtechnology.blogspot.in or mail me at -- [email protected]