INTRODUCTION Coined in 1996 by computer hackers. Hackers use e-mail to fish the internet hoping to...

20
PHISHING ATTACK & COUNTER MEASURES

TAGS:

Transcript of INTRODUCTION Coined in 1996 by computer hackers. Hackers use e-mail to fish the internet hoping to...

Page 1: INTRODUCTION Coined in 1996 by computer hackers. Hackers use e-mail to fish the internet hoping to hook users into supplying them the logins, passwords.

PHISHING ATTACK & COUNTER MEASURES

Page 2: INTRODUCTION Coined in 1996 by computer hackers. Hackers use e-mail to fish the internet hoping to hook users into supplying them the logins, passwords.

INTRODUCTIONCoined in 1996 by computer hackers.Hackers use e-mail to fish the internet hoping to hook

users into supplying them the logins, passwords and/or credit card information.

In a typical phishing attack a user will receive an e-mail message impersonated to be sent by a financial institution.

1%-20% users respond to such attacks.

Page 3: INTRODUCTION Coined in 1996 by computer hackers. Hackers use e-mail to fish the internet hoping to hook users into supplying them the logins, passwords.

PHISHING ATTACKSPhishing attacks are combined with malicious code

attacks such as Mimail, Bank Withdrawal Trojan, Mydoom.m worm etc

In such blended attacks these virus/worms carry the payloads which harness email addresses from the internet and affected systems and further launch phishing attacks.

Page 4: INTRODUCTION Coined in 1996 by computer hackers. Hackers use e-mail to fish the internet hoping to hook users into supplying them the logins, passwords.

PHISHING EXAMPLESExample 1.

Page 5: INTRODUCTION Coined in 1996 by computer hackers. Hackers use e-mail to fish the internet hoping to hook users into supplying them the logins, passwords.
Page 6: INTRODUCTION Coined in 1996 by computer hackers. Hackers use e-mail to fish the internet hoping to hook users into supplying them the logins, passwords.
Page 7: INTRODUCTION Coined in 1996 by computer hackers. Hackers use e-mail to fish the internet hoping to hook users into supplying them the logins, passwords.
Page 8: INTRODUCTION Coined in 1996 by computer hackers. Hackers use e-mail to fish the internet hoping to hook users into supplying them the logins, passwords.

Example 2.

Page 9: INTRODUCTION Coined in 1996 by computer hackers. Hackers use e-mail to fish the internet hoping to hook users into supplying them the logins, passwords.
Page 10: INTRODUCTION Coined in 1996 by computer hackers. Hackers use e-mail to fish the internet hoping to hook users into supplying them the logins, passwords.
Page 11: INTRODUCTION Coined in 1996 by computer hackers. Hackers use e-mail to fish the internet hoping to hook users into supplying them the logins, passwords.
Page 12: INTRODUCTION Coined in 1996 by computer hackers. Hackers use e-mail to fish the internet hoping to hook users into supplying them the logins, passwords.

PHISHING TRENDS

APWG is an industry association focused on eliminating the identity theft and fraud that result from phishing and email spoofing.

This group provides forums to discuss phishing issues, trials and evaluations of potential technology solutions.

Publish Phishing Attack Trends Report

Page 13: INTRODUCTION Coined in 1996 by computer hackers. Hackers use e-mail to fish the internet hoping to hook users into supplying them the logins, passwords.

TECHNOLOGICAL SOLUTIONSUltimate solution is training the end users not to reveal

any sensitive information.Basic approach for an effective anti-phishing effort

includes detection, prevention and awareness.Counter measures are in the form of technological

solutions, policy guidelines and user awareness.

Page 14: INTRODUCTION Coined in 1996 by computer hackers. Hackers use e-mail to fish the internet hoping to hook users into supplying them the logins, passwords.

• Anti-phishing solution includes:a. Detection: scanning, flitering and alertingb. Mail server authenticationc. Secure web-authenticationd. Digitally signed e-maile. Mail gateway filteringf. Desktop filtering

Page 15: INTRODUCTION Coined in 1996 by computer hackers. Hackers use e-mail to fish the internet hoping to hook users into supplying them the logins, passwords.

Secure web-authentication

Page 16: INTRODUCTION Coined in 1996 by computer hackers. Hackers use e-mail to fish the internet hoping to hook users into supplying them the logins, passwords.

Digitally signed e-mail

Page 17: INTRODUCTION Coined in 1996 by computer hackers. Hackers use e-mail to fish the internet hoping to hook users into supplying them the logins, passwords.
Page 18: INTRODUCTION Coined in 1996 by computer hackers. Hackers use e-mail to fish the internet hoping to hook users into supplying them the logins, passwords.

Other counter-measures are:a. Changes in policy of financial institutionsb. User awarenessc. Anti-phishing techniques

Page 19: INTRODUCTION Coined in 1996 by computer hackers. Hackers use e-mail to fish the internet hoping to hook users into supplying them the logins, passwords.

CONCLUSIONThe phishing attacks are major threat to e-commerce and e-

banking applications. The scammers are making huge losses by stealing financial data from the users. There is need for adoption of counter-measure steps by the financial institutions and individual customers for fighting phishing attacks. Digital signature usage should be promoted for secure mail transactions.

Page 20: INTRODUCTION Coined in 1996 by computer hackers. Hackers use e-mail to fish the internet hoping to hook users into supplying them the logins, passwords.

THANK YOU!!


Avaya Aura Communication Manager Administrator Logins

Avaya Aura Communication Manager Administrator Logins

Reference Hackers

Reference Hackers

Hoping Liberia

Hoping Liberia

hackers 2 hackers conference III · hackers 2 hackers conference III voip (in)security integrity attacks *caller-id spoofing *problem: easily spoofable/ not always checked / systems

hackers 2 hackers conference III · hackers 2 hackers conference III voip (in)security integrity attacks *caller-id spoofing *problem: easily spoofable/ not always checked / systems

SIGN UPS AND LOGINS

SIGN UPS AND LOGINS

Chapter 6: Testing and Student Logins

Chapter 6: Testing and Student Logins

The DXSpider User Manual v1 - DXUSA.NET · 1. Introduction 1.1 What is a DX Cluster? 1.2 So what is DXSpider? 2. Logins and logouts. 2.1 AX25 logins. 2.2 Netrom logins. 2.3 Telnet

The DXSpider User Manual v1 - DXUSA.NET · 1. Introduction 1.1 What is a DX Cluster? 1.2 So what is DXSpider? 2. Logins and logouts. 2.1 AX25 logins. 2.2 Netrom logins. 2.3 Telnet

Centralized Logins Using LDAP and RADIUS

Centralized Logins Using LDAP and RADIUS

Hacks & hackers

Hacks & hackers

Car hackers

Car hackers

2014 Car Hackers Handbook - OpenGarages Car Hackers Handbook - OpenGarages

2014 Car Hackers Handbook - OpenGarages Car Hackers Handbook - OpenGarages

Logins, Labels and Lasers - LabWare Logins, Labels … · Perhaps more in the works as well ... Logging in and labelling ... 16.0 Logins, Labels and Lasers - Barcode Scanners in the

Logins, Labels and Lasers - LabWare Logins, Labels … · Perhaps more in the works as well ... Logging in and labelling ... 16.0 Logins, Labels and Lasers - Barcode Scanners in the

Go to Select LOGINS Select MyUTK Go to Select LOGINS Select MyUTK FIRST.

Go to Select LOGINS Select MyUTK Go to Select LOGINS Select MyUTK FIRST.

Logins e Senhas - Switches

Logins e Senhas - Switches

Hackers vs Hackers

Hackers vs Hackers

Easy logins for PHP web applications

Easy logins for PHP web applications

Unique logins reduce user security vulnerabilities like ...

Unique logins reduce user security vulnerabilities like ...

Hackers chocos

Hackers chocos

Wanted hackers!!

Wanted hackers!!

Logins, Roles and Credentials

Logins, Roles and Credentials