From this ppt you can know about the basic of phishing with having some cases that tracked by the Indian police & also there are some section related to the Phishing.
I think this will be a good ppt for u.........suggestion will be invited on "singh7737777476@gmail.com" thankx for the downloading this & feel free to share your ideas.
2. • It is the act of tricking someone into giving confidential
information (like passwords and credit card information)
on a fake web page or email form pretending to come
from a legitimate company (like their bank).
• The word „Phishing‟ initially emerged in 1990s. The early
hackers often use „ph‟ to replace „f‟ to produce new words
in
the hacker‟s community, since they usually hack by
phones.
6/18/2013 2
3. • A message is sent from the
Phishers to the user.
• A user provides confidential
information to a Phishing
server.
• The Phishers obtains the
confidential information from
the server.
• The confidential information
is used to impersonate the
user.
• The Phishers obtains illicit
monetary gain.
6/18/2013 3
5. • Rs. 13 lakh imposed on ICICI Bank for phishing scam
ICICI Bank has been fined with Rs. 12.85 lakh on account of a phishing fraud.
This has been the first case filed under the Information Technology Act. Tamil
Nadu IT secretary directed ICICI Bank to pay Rs 12.85 lakh to an Abu Dhabi-
based NRI(Umashankar Sivasubramaniam) within 60 days for the loss
suffered by him due to a phishing fraud.
The petition was filed by Umashankar Sivasubramaniam, who had received
a mail in September 2007 from the bank which asked him to provide his
username and password or his account would be closed. After the reply to this
mail he witnessed a transfer of Rs 6.46 lakh from his account to that of a
company which withdrew Rs 4.6 lakh from an ICICI branch in Mumbai and
retained the balance in its account. ICICI defends itself saying that it is the
responsibility of the customer to be conscious while giving out any kind of
personal information on the web. Internet banking needs to be done very
carefully after full scrutiny by the customer. Internet banking is not a risky
proposition if the customer is conscious enough.
6/18/2013 5
6. Dec 2011, BANGALORE
Six months ago, Asha , a consultant for NGOs, got a rude
shock. Her husband received an e-mail from her, stating she
was in a financial crisis and needed help. A bank account
number was also provided. She couldn't log into either of her
e-mail accounts.
Her accounts had been hacked . By afternoon, the couple
was flooded with calls of concern. Some persons even
deposited
money in the account number mentioned. This is the now-
increasingly common modus operandi of cyber criminals.
6/18/2013 6
7. How accounts are hacked?
First, the cyber criminals send a phishing mail that looks
like an alert from the service provider. Once the account
holder replies, the hacker gets all the details he needs to
compromise the account and change the password.
What they do after that?
After the account is hacked, the phishers simply browse the
contacts list and send a common mail. They either say they
are stuck in a far-off place without cash or have plunged in a
deep financial crisis. They seek assistance from the
recipients. Though most persons call up and check, some in
a hurry deposit cash in the account mentioned. This is
withdrawn by the hacker
6/18/2013 7
8. How to retrieve the account?
Most service providers ask for an alternative e-mail ID
before opening an account. The account owner can log
onto this, go to `abuse' and lodge a complaint about the
hack. Account is usually restored within 24 hours.
What was the actions taken against them?
They got punishment of 2year Jail under the act of IPC
420.
6/18/2013 8
9. Recently, the users of the Google email services,
“Gmail” purportedly received a legal notice from the Gmail
team which wanted users to refurbish their account name,
password, occupation, birth date and country of residence
with a warning that users who did not update their details
within 7 days of receiving the warning would lose their
account permanently. However, the spokesperson of the
Google denied any such legal notice coming from them and
stated it to be a phishing attack designed to collect personal
information, called „spoofing‟ or „password phishing‟.
6/18/2013 9
12. • Penalty for damage to computer, computer system, etc.- If
any person without permission of the owner or any other
person who is incharge of a computer, computer system
or computer network,- accesses or secures access to
such computer, computer system or computer network ,
downloads, copies or extracts any data, computer data
base or information from such computer, computer system
or computer network including information or data held or
stored in any removable storage medium.
• damages or causes to be damaged any computer,
computer system or computer network, data, computer
data base or any other programmes residing in such
computer, computer system or computer network;
6/18/2013 12
13. • Section 66A of the IT Act is a relevant section which
penalizes „sending false and offensive messages through
communication services‟.
• Explanation — For the purpose of this section, terms
“electronic mail” and “electronic mail message” means a
message or information created or transmitted or received
on a computer, computer system, computer resource or
communication device including attachments in text,
images, audio, video and any other electronic record,
which may be transmitted with the message.
6/18/2013 13
14. • Any person who sends, by means of a computer resource
or a communication device :
a) any information that is grossly offensive or has menacing
character
b) any information which he knows to be false, but for the
purpose of causing annoyance, inconvenience, danger,
obstruction, insult, injury, criminal intimidation, enmity,
hatred or ill will, persistently by making use of such
computer resource or a communication device
• Punishment - Imprisonment for a term which may extend
to three years and with fine.
6/18/2013 14
15. • Trust Of Authority
• E-mail and webpages can look real
• Use of the same top level domain
• Use of the simplest and least confusing host name
• Misleading e-mails
• No check of source address
• Non-availability of secure desktop tools
• Lack of user awareness
6/18/2013 15
16. • We should use Security Implications both long and short
term.
• Apply phishing filter in your browser setting.
• Delete all emails and SMS from any stranger luring you
with billion dollar lottery prize, jobs in UK and huge wealth
• Delete all emails/SMS/Phone calls that ask for your
personal information such as user name , passwords ,
Pin, credit codes.
• Delete all spam mail as they contain either virus or
spyware enable spam filters in your mail boxes
• Self awareness is the biggest tool against any kind of
cyber crime.