This ppt is about the overview of Phishing Technology. Here some of the phishing techniques are discussed.

1. PHISHING TECHNOLOGY

2. Agenda
What is Phishing?
Phishing Statistics
Phishing Techniques
Phishing Defenses

3. What is Phishing?
Phishing = Social Engineering + Technical Subterfuge
It is the act of tricking someone into giving confidential
information (like passwords and credit card information)
on a fake web page or email form pretending to come
from a legitimate company (like their bank).

4. Phishing Statistics Unique phishing reports by year
0
200,000
400,000
600,000
800,000
1,000,000
1,200,000
1,400,000
1,600,000
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
Campaigns
Campaigns
Phishing Activity Trends Report By APWG, up to 4th Quarter of
2018
Payment
33%
SAAS / Webmail
30%
Financial
14%
Others
13%
Cloud Storage /
File Hosting
4%
Telecom
3%
Logistics/Shippin
g
3%
MOST TARGETED INDUSTRY SECTORS

5. Some Examples of Paypal Phishing Page

6. Some other examples

7. Phishing Techniques
• Deceptive –
Sending a deceptive email, in bulk,
with a “call to action” that demands
the recipient click on a link.

8. • Malware-Based – Running
malicious software on the user’s
machine. Various forms of malware-
based phishing are:
 Key Loggers & Screen Loggers
 Session Hijackers
 Web Trojans

9. • Content Injection – Inserting
malicious content into legitimate site.
 Hackers can compromise a server
through a security vulnerability and
replace or augment the legitimate
content with malicious content.
 Malicious content can be inserted
into a site through a cross-site
scripting vulnerability.
 Malicious actions can be performed
on a site through a SQL injection
vulnerability.

10. • Man-in-the-middle – Phisher
positions himself between the user
and the legitimate site.

11. Causes Of Phishing
Misleading e-mails
No check of source address
Vulnerability in browsers
No strong authentication at websites of banks and financial institutions
Limited use of digital signatures
Non-availability of secure desktop tools
Lack of user awareness
Vulnerability in applications
… and more

12. • Effects of Phishing
 Internet fraud
 Identity theft
 Financial loss to the original
institutions
 Erosion of Public Trust in the
Internet.

13. • How to combat phishing?
What to do if you receive a suspicious
email:
 Do not respond to the email
 Do not click on a link in an email unless you
are sure of the real target address.
 Verify the identity and security of the web
site.
 Report suspicious email
 Never reveal personal or financial
information in a response to an email
request, no matter who appears to have sent
it.
 Delete the email
What to do if you’ve responded
to a phishing scam:
 Report the incident
 Change the passwords on all your
online accounts
 Routinely review your credit card
and bank statements
 Use the latest products and services
to help warn and protect you from
online scams

14. Protect your computer with anti-
virus software, spy ware filters, e-
mail filters, and firewall programs,
and make sure that they are
regularly updated.
Ensure that your Internet
browser is up to date and security
patches applied.
Be suspicious of any e-mail with
urgent requests for personal
financial information or threats of
termination of online accounts.
When contacting your financial
institution, use only channels that
you know.
Always ensure that you're using
a secure website when submitting
credit card or other sensitive
information via your Web browser.
Regularly log into your online
accounts.
Don’t use the links in an e-mail
to get to any web page, if you
suspect the message might not be
authentic.
Avoid filling out forms in e-mail
messages or pop-up windows that
ask for personal financial
information.
Whattodo
Whatnottodo
Conclusion

15.  https://www.antiphishing.org/
 https://docs.apwg.org/reports/phish
ing-sfectf-report.pdf
 https://www.blackhat.com/presenta
tions/bh-jp-05/bh-jp-05-
grossman.pdf

16. Thank You For your patience!
Questions?