SEMINAR ON INFORMATION TECHNOLOGY ACTNarendra SinghInformation TechnologyRoll no. 029 (09EARIT032)

04/12/2023 1

Phishing: A Simple way to make fool

What Is Phishing??? • It is the act of tricking someone into giving

confidential information (like passwords and credit card information) on a fake web page or email form pretending to come from a legitimate company (like their bank).

• The word ‘Phishing’ initially emerged in 1990s. The early

hackers often use ‘ph’ to replace ‘f’ to produce new words in the hacker’s community, since they usually hack by phones.04/12/2023 2

How it works???• A message is sent from

the Phishers to the user.• A user provides

confidential information to a Phishing server.

• The Phishers obtains the confidential information from the server.

• The confidential information is used to impersonate the user.

• The Phishers obtains illicit monetary gain.

04/12/2023 3

PHISHING TECHNIQUES

• Link Manipulation• Website Forgery• Spam• Key Logger• Session Hacking• Phishing through Search Engines• Phone Phishing

04/12/2023 4

First Case Of Phishing in India

• Rs. 13 lakh imposed on ICICI Bank for phishing scam ICICI Bank has been fined with Rs. 12.85 lakh on account of a phishing fraud. This has been the first case filed under the Information Technology Act. Tamil Nadu IT secretary directed ICICI Bank to pay Rs 12.85 lakh to an Abu Dhabi-based NRI(Umashankar Sivasubramaniam) within 60 days for the loss suffered by him due to a phishing fraud.The petition was filed by Umashankar Sivasubramaniam, who had received a mail in September 2007 from the bank which asked him to provide his username and password or his account would be closed. After the reply to this mail he witnessed a transfer of Rs 6.46 lakh from his account to that of a company which withdrew Rs 4.6 lakh from an ICICI branch in Mumbai and retained the balance in its account. ICICI defends itself saying that it is the responsibility of the customer to be conscious while giving out any kind of personal information on the web. Internet banking needs to be done very carefully after full scrutiny by the customer. Internet banking is not a risky proposition if the customer is conscious enough.

04/12/2023 5

Various Author Cases Of Phishing in India

Dec 2011, BANGALORE Six months ago, Asha , a consultant for NGOs, got a rude shock. Her husband received an e-mail from her, stating she was in a financial crisis and needed help. A bank account number was also provided. She couldn't log into either of her e-mail accounts. Her accounts had been hacked . By afternoon, the couple was flooded with calls of concern. Some persons even deposited money in the account number mentioned. This is the now-increasingly common modus operandi of cyber criminals.

04/12/2023 6

To be continue…How accounts are hacked? First, the cyber criminals send a phishing mail that looks like an alert from the service provider. Once the account holder replies, the hacker gets all the details he needs to compromise the account and change the password.What they do after that?After the account is hacked, the phishers simply browse the contacts list and send a common mail. They either say they are stuck in a far-off place without cash or have plunged in a deep financial crisis. They seek assistance from the recipients. Though most persons call up and check, some in a hurry deposit cash in the account mentioned. This is withdrawn by the hacker

04/12/2023 7

To be continue…How to retrieve the account? Most service providers ask for an alternative e-mail ID before opening an account. The account owner can log onto this, go to `abuse' and lodge a complaint about the hack. Account is usually restored within 24 hours.

What was the actions taken against them? They got punishment of 2year Jail under the act of IPC 420.

04/12/2023 8

Google under Phishing Attack Recently, the users of the Google email services, “Gmail” purportedly received a legal notice from the Gmail team which wanted users to refurbish their account name, password, occupation, birth date and country of residence with a warning that users who did not update their details within 7 days of receiving the warning would lose their account permanently. However, the spokesperson of the Google denied any such legal notice coming from them and stated it to be a phishing attack designed to collect personal information, called ‘spoofing’ or ‘password phishing’.

04/12/2023 9

Few Examples of Phishing Sites

04/12/2023 10

04/12/2023 11

Section 43• Penalty for damage to computer, computer system, etc.-

If any person without permission of the owner or any other person who is incharge of a computer, computer system or computer network,- accesses or secures access to such computer, computer system or computer network , downloads, copies or extracts any data, computer data base or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium.

•  damages or causes to be damaged any computer, computer system or computer network, data, computer data base or any other programmes residing in such computer, computer system or computer network;

04/12/2023 12

Section 66a• Section 66A of the IT Act is a relevant section which

penalizes ‘sending false and offensive messages through communication services’.

• Explanation — For the purpose of this section, terms “electronic mail” and “electronic mail message” means a message or information created or transmitted or received on a computer, computer system, computer resource or communication device including attachments in text, images, audio, video and any other electronic record, which may be transmitted with the message.

04/12/2023 13

To be continue…• Any person who sends, by means of a computer

resource or a communication device :a) any information that is grossly offensive or has

menacing characterb) any information which he knows to be false, but

for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will, persistently by making use of such computer resource or a communication device

• Punishment - Imprisonment for a term which may extend to three years and with fine.

04/12/2023 14

REASONS OF PHISHING

• Trust Of Authority• E-mail and webpages can look real• Use of the same top level domain• Use of the simplest and least confusing host name• Misleading e-mails• No check of source address• Non-availability of secure desktop tools• Lack of user awareness

04/12/2023 15

Conclusion• We should use Security Implications both long and short

term.• Apply phishing filter in your browser setting.• Delete all emails and SMS from any stranger luring you

with billion dollar lottery prize, jobs in UK and huge wealth

• Delete all emails/SMS/Phone calls that ask for your personal information such as user name , passwords , Pin, credit codes.

• Delete all spam mail as they contain either virus or spyware enable spam filters in your mail boxes

• Self awareness is the biggest tool against any kind of cyber crime.

Reference• www.rupeetimes.com/news/car_loans/

fine_worth_rs_13_lakh_imposed_on_icici_bank_for_phishing_scam_3472.html

• http://www.esecurityplanet.com/views/article.php/3875866/Top-Ten-Phishing-Facts.htm

• Jaishankar, K. (2004). ―International perspectives on crime and justice‖ p. 541-556.

• Bocjj P. (2006). ―The dark side of the Internet: protecting yourself and your family from online criminals.‖ 2nd ed, green wood publishing group, pp. 159-161.

• http://articles.timesofindia.indiatimes.com/2009-01-17/bangalore/28031198_1_e-mail-accounts-cyber-criminals-cyber-crime

04/12/2023 17

Q/A???

04/12/2023 18