Embed Size (px)
Citation preview
PhishingSUBMITTED BY:-GOURAV GOYAL
5708213
C.S.E (8th Sem)
Citibank (sep 10)
Links tohttp://82.90.165.65/citi
Two question arose in mind
Where the money gone?
How?
Phishing Basics (1) Pronounced "fishing"
Scam to steal valuable information such as credit cards, social security numbers, user IDs and passwords.
Also known as "brand spoofing"
Official-looking e-mail sent to potential victims ◦ Pretends to be from their ISP, retail store, etc.,
◦ Due to internal accounting errors or some other pretext, certain information must be updated to continue the service.
How hacker do all this!!!!
Four step to bieng a cyber thief!! 1. Prepare a scam web page(of wesite whose u want to know
the password like:any social networking site,bank site etc)
How to prepare a scam page
1. Open the web site page
2. Save the source code of that page.
3. Make some changes i.e give a coding which includes
(a).Website of hacker
(b). Coding which take that id and password to hacker’s website.
2. Now hacker attach that page with his email send it to 20 or more e-mail id’s.
(Now he might catch a fish atleastone who give his id and password on that scam web page.)
3. Hacker will just note that id and password from his personal site as described in the coding while preparing scam page.
4. now the hacker just use that id and password to transfer money from bholla’s account to his account.
Now let me show how serious problem is phishing!!!
Serious Problem
“Illegal access to checking accounts, often gained via phishing scams, has become the fastest-growing form of consumer theft in the United States, accounting for a staggering $2.4 billion in fraud in the previous 12 months.”
-- Gartner Group
APWG Regular Reports
Phishing Activity Trends Report sep. 2010
4942: Number of active phishing sites reported in Oct 2010
25%: Average monthly growth rate in phishing sites July through sep
44: # brands hijacked sep
USA: country hosting most phishing Websites.
Examples of Some fake pages sent as an e-mail by hacker
People’s Bank
Not the proper domain for peoples.com
Citibank (Nov 10)
Links tohttp://82.90.165.65/citi
How to identify the attack and some counter measure!!!
1. Allways check the url
Based on a slide copyright © 2004 Don Holden, CISSPUsed with permission (and thanks).
Not the realaddress bar
See http://www.antiphishing.org/news/03-31-10_Alert-FakeAddressBar.html
2. Always open the site manually
Not the proper domain for peoples.com
3. Always give wrong password first time
If accepts wrong password means it is a fake page
Thank you
Queries
