Phishing-AttackA threat to network Security

Presented by:Sachin Saini (1120029)

Content• Introduction.• Phishing Motives.• Basic Terminology.• Type of Phishing and its techniques.• Why Phishing Works.• Impact of Phishing.• Real live example.• Avoidance, Solution and Protection of Phishing.• SSL and its working.• HTTPS with their Working.• Conclusion.

What is Phishing??• “Phishing” Keyword is a variation of “Fishing”.

(Since Fishing is a process in which bait is thrown out with the hopes that while most will ignore

the bait but some will be tempted into biting.)

Also called - (Brand Spoofing)• A technique used to trick computer users into

revealing personal or financial information.

• A common online phishing scam starts with an e-mail message that appears to come from a trusted source(legitimate site) but actually directs recipients to provide information to a fraudulent Web site.

Continue…• Sending email that falsely claims to be from a

legitimate organisation.• Phishing is typically carried out by email

spoofing(trick, imitation) or instant messaging.

Phishing Motives• The primary motives behind phishing attacks,

from an attacker’s perspective, are:

• Financial Gain: Phishers can use stolen banking credentials to their financial benefits.

• Identity Hiding: Instead of using stolen identities directly, phishers might sell the identities to others whom might be criminals seeking ways to hide their identities and activities.

• Fame and Notoriety: Phishers might attack victims for the sake of peer recognition.

7

Basic Terminology• MALWARE is a general term used to refer to

viruses, worms, spywares, Adware etc. It infects our system, making it behave in a way, which you do not approve of.

• SPYWARE: It is a software which is installed on your computer to spy on your activities and report this data to people willing to pay for it.

• ADWARE: These are the programs that deliver unwanted ads to your computer generally in Pop-Ups form.

Malware

Spyware

Adware Virus

Worms

05/03/2023 8

Spamming• Spamming refers to the sending of bulk-mails

by an identified or unidentified source. In non-malicious form, bulk-advertising mail is sent to many accounts.

• In malicious form, the attacker keeps on sending bulk mail until the mail-server runs out of disk space. Yes !! Mail

Sent Successfull

y.

Why is it harmful??1. It reduces productivity.2. It eats up the time as requires

deletions.3. Contains fraudulent materials.4. Even used to spread viruses.5. Offensive contents.

Do take care of the mails that appears to be official. Do not

reply with your personal details. That might be a SPAM Mail.!!

9

Types of Phishing

SPEAR Phishing.CLONE Phishing.WHALING

Phishing.

10

Spear Phishing• Spear phishing is an email that appears to be

from an individual or business that you know. But it isn't. It's from the same criminal hackers who want your credit card and bank account numbers, passwords, and the financial information.

• The email seems to come from someone you know.

• Spear phishing is a targeted email scam with the sole purpose of obtaining unauthorized access to sensitive data.

11

Clone Phishing• It works by an already delivered email with

attachments being cloned replacing the attachment or link with a malicious version.

12

Whale Phishing• Whale phishing is a term used to describe a

phishing attack that is specifically aimed at wealthier individuals. Because of their relative wealth, if such a user becomes the victim of a phishing attack he can be considered a “big phish,” or, alternately, a whale.

• Whaling attack emails comprise of a legal summon, consumer complaint, or managerial issues that require an urgent reply from the receiver.

Phishing Technique

13

Phishing

Link manipul

ationKey

loggers

Session hijackin

g

Phone phishin

g

Deceptive

Phishing

Malware

Phishing

Man in the

middle

14

Deceptive Phishing• Deceptive(misleading) Messages like : need to

verify account information, system failure requiring users to re-enter their information, undesirable account changes, new free services requiring quick action and many other scams are broadcast to a wide group of recipients with the hope that the user will respond by clicking a link to or signing onto a fraud site where their confidential information can be collected.

15

Malware Phishing• It refers to scams that involve running malicious

software on users' PCs. Malware can be introduced as an email attachment, as a downloadable file from a web site, or by exploiting known security vulnerabilities--a particular issue for small and medium businesses (SMBs) who are not always able to keep their software applications up to date.

16

Keyloggers & Screenloggers

• These are particular varieties of malware that track keyboard input and send relevant information to the hacker via the Internet.

• Similarly Screenloggers send Screenshots after a specified interval of time (5-15 sec.)

• They can embed themselves into users' browsers as small utility programs known as helper objects that run automatically when the browser is started as well as into system files as device drivers or screen monitors.

17

Session Hijacking• Session hijacking, sometimes also known as

cookie hijacking is the exploitation of a valid computer session - sometimes also called a session key- to gain unauthorized access to information or services in a computer system

• Type MITM, session sniffing, etc.

18

Man in the middle Phishing(MITM)

• In these attacks hackers position themselves between the user and the legitimate website or system. They record the information being entered but continue to pass it on, so that users' transactions are not affected.

• Later they can sell or use the information or credentials collected when the user is not active on the system.

19

Phone Phishing• Phishers also use the

phone to hunt for personal information. Some, posing as employers, call or send emails to people who have listed themselves on job search Web site.

20

Link Manipulation• Link manipulation is the technique in which the

phisher sends a link to a website. When the user clicks on the deceptive link, it opens up the phisher’s website instead of the website mentioned in the link. One of the anti-phishing techniques used to prevent link manipulation is to hover over the link to view the actual address.

21

Why phishing works?1. Lack of knowledge

• Most of the phishers-exploit the user’s lack of knowledge of computer, applications, emails, internet etc.

• Such users does not know about how things work and what are the differences for example:

www.ebay-members-security.com & www.ebay.com• Knowledge of security & security indicators.

(PadlockIcon)

22

2. Visual Deception • Users are fooled using the syntax of the domain name. like

as : www.paypa1.com instead of www.paypal.com(Substituted digit ‘1’ instead of letter ‘l’.)

• Phishers use a legitimate image as hyperlink which actually links to the fraudulent website.

Example : • Omitted character - www.amazon.com V/S

www.amzon.com.

• Missing dots - www.microsoft.com V/Swwwmicrosoft.com

• Singular/plural - www.apple.com V/S www.apples.com

• Repeated characters - www.google.com V/S www.gooogle.com

05/03/2023Footer Text 23

• This is a original Facebook webpage secured via HTTPS protocol, having padlock icon.

24

• This is a fake webpages having URL- http://fbaction.net/ , to gain your Credentials.

25

• Webpages of original PayPal websites.

26

• This webpages having different URL than PayPal.(www.PAYPA1.com)

27

Impact of Phishing• The Impact of phishing are both domestically and

international, that are concern with the commercial and financial sectors.

• Direct Financial Loss. Phishing technique is mainly done to make financial loss to a person or an organization. In this, consumers and businesses may lose from a few hundred dollars to millions of dollars.

• Erosion of Public Trust in the Internet. Phishing also decreases the public’s trust in the Internet.

28

Continue…• A survey found that 9 out of 10 American adult

Internet users have made changes to their Internet habits because of the threat of identity theft.

• The 25% say they have stopped shopping online, while 29% of those that still shop online say they have decreased the frequency of their purchases.

• Cross-Border Operations by Criminal Organizations.

In this people sitting outside the country are performing criminal activities by using the

technique of phishing.

29

Affected Sector

Phishing in the news.

The attack on the AP Twitter Account on April, 2013 has a serious impact on the Stock Market.

A single malicious email sent to workers at the South Carolina Department of Revenue on Nov-2012 , enabled an international hacker to crack into state computers and gain access to 3.8 million tax returns, including Social Security numbers and bank account information.

32

How to avoid Phishing Attack

Don’t click on links, download files or open attachments in emails from unknown senders.

Never email personal or financial information, even if you are close with the recipient.

Check your online accounts and bank statements regularly.

Do not divulge personal information over the phone unless you initiate the call.

Verify any person who contacts you. (phone or email).

33

Solution to Phishing Threats

Active Protection• Anti-Virus & Anti Spyware

Software.• Regular Updates.• Frequent Full System scans.• Use Anti-Spam software.• Enable Firewall• Authorization &

Authentication.

Preventive Measures• Disable Cookies• Keep your Email-Id private• Use proper file access.• Be careful with email.• Use caution when

downloading files on the internet.

34

Protection against Phishing Attack

• Two Factor Authentication.• HTTPS Instead of HTTP.• Extended Validation.• Anti-Spam Software.• Hyperlink in Email.• Firewall.

35

Two-Factor Authentication

• Gmail, Facebook, Dropbox, Microsoft, Apple’s iCloud and Twitter etc. is using two-factor authentication. In this process you login with a password and a secret code you will receive on your mobile phone so unless the hacker has access to your mobile too, having just your email and your password is not enough to break into your account.

36

HTTPS instead of HTTP

• HTTPS is a more secure protocol than HTTP as it encrypts your browser and all the information you send or receive.

• If you are looking to make online payments or transactions, opt for an HTTPS website.

• Such HTTPS websites are equipped with SSL (secure socket layer) that creates a secure channel for information transition.

37

SSL Encryption• SSL (Secure Sockets Layer) is the standard security

technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.

• SSL uses a cryptographic system that uses two keys to encrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message.

• Most Web browsers support SSL. By convention, URLs that require an SSL connection start with https instead of http.

38

How SSL Works?

39

HTTPS• Hyper Text Transfer Protocol Secure (HTTPS) is the

secure version of HTTP.• The protocol over which data is sent between

your browser and the website that you are connected to.

• HTTPS is often used to protect highly confidential online transactions like online banking and online shopping order forms.

• Web browsers such as Internet Explorer, Firefox and Chrome also display a padlock icon in the address bar to visually indicate that a HTTPS connection is in effect.

• The use of HTTPS protects against eavesdropping and man-in-the-middle attacks.

40

How HTTPS Works?

41

Extended Validation

• Many websites have EV (extended validation) SSL certificates that turn address bars into a green bar so users easily get idea about authenticate websites.

42

Anti-Spam Software• With use of anti spam software user can reduce

phishing attacks. Users can control spam mail thus securing himself from phishing.

• These software can also help with browser hijacking, usually finding the problem and providing a solution.

43

Hyperlink in Email• Never click hyperlinks received in emails from an

unknown or unverified source. Such links contain malicious codes and you be asked for login details or personal information when you reach the page you are led to from the hyperlink.

44

Firewall• With a firewall, users can prevent many browser

hijacks.

• It is important to have both desktop and network firewalls as firewalls check where the traffic is coming from, whether it is an acceptable domain name or Internet protocol.

• It is also effective against virus attacks and spyware.

45

Conclusion• Phishing is a growing crime and one that we must

be aware of. Although laws have been enacted, education is the best defence against phishing.

• Being a bit suspicious of all electronic communications and websites is recommended.

• Lookout for the common characteristics - sense of urgency, request for verification, and grammar and spelling errors.

• Digital signature usage should be promoted for secure mail transactions.

46

Get Educated about Phishing Prevention

“It is better to be safer

now, than feel

sorry later”

47

Thank You !!