3. What is Phishing?
Phishing = Social Engineering + Technical Subterfuge
It is the act of tricking someone into giving confidential
information (like passwords and credit card information)
on a fake web page or email form pretending to come
from a legitimate company (like their bank).
4. Phishing Statistics Unique phishing reports by year
0
200,000
400,000
600,000
800,000
1,000,000
1,200,000
1,400,000
1,600,000
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
Campaigns
Campaigns
Phishing Activity Trends Report By APWG, up to 4th Quarter of
2018
Payment
33%
SAAS / Webmail
30%
Financial
14%
Others
13%
Cloud Storage /
File Hosting
4%
Telecom
3%
Logistics/Shippin
g
3%
MOST TARGETED INDUSTRY SECTORS
7. Phishing Techniques
• Deceptive –
Sending a deceptive email, in bulk,
with a “call to action” that demands
the recipient click on a link.
8. • Malware-Based – Running
malicious software on the user’s
machine. Various forms of malware-
based phishing are:
Key Loggers & Screen Loggers
Session Hijackers
Web Trojans
9. • Content Injection – Inserting
malicious content into legitimate site.
Hackers can compromise a server
through a security vulnerability and
replace or augment the legitimate
content with malicious content.
Malicious content can be inserted
into a site through a cross-site
scripting vulnerability.
Malicious actions can be performed
on a site through a SQL injection
vulnerability.
10. • Man-in-the-middle – Phisher
positions himself between the user
and the legitimate site.
11. Causes Of Phishing
Misleading e-mails
No check of source address
Vulnerability in browsers
No strong authentication at websites of banks and financial institutions
Limited use of digital signatures
Non-availability of secure desktop tools
Lack of user awareness
Vulnerability in applications
… and more
12. • Effects of Phishing
Internet fraud
Identity theft
Financial loss to the original
institutions
Erosion of Public Trust in the
Internet.
13. • How to combat phishing?
What to do if you receive a suspicious
email:
Do not respond to the email
Do not click on a link in an email unless you
are sure of the real target address.
Verify the identity and security of the web
site.
Report suspicious email
Never reveal personal or financial
information in a response to an email
request, no matter who appears to have sent
it.
Delete the email
What to do if you’ve responded
to a phishing scam:
Report the incident
Change the passwords on all your
online accounts
Routinely review your credit card
and bank statements
Use the latest products and services
to help warn and protect you from
online scams
14. Protect your computer with anti-
virus software, spy ware filters, e-
mail filters, and firewall programs,
and make sure that they are
regularly updated.
Ensure that your Internet
browser is up to date and security
patches applied.
Be suspicious of any e-mail with
urgent requests for personal
financial information or threats of
termination of online accounts.
When contacting your financial
institution, use only channels that
you know.
Always ensure that you're using
a secure website when submitting
credit card or other sensitive
information via your Web browser.
Regularly log into your online
accounts.
Don’t use the links in an e-mail
to get to any web page, if you
suspect the message might not be
authentic.
Avoid filling out forms in e-mail
messages or pop-up windows that
ask for personal financial
information.
Whattodo
Whatnottodo
Conclusion