Phishing AttacksProcess of luring a victim to a fake web site by clicking on a link

Presented By :- Rahul JainSubmitted To :- Prof. Sachindra Dubey

Prof. Anamika Gupta Mam

Made By Rahul Jain

Phishing AttacksProcess of luring a victim to a fake web site by clicking on a link

Dubey SirGupta Mam

Made By Rahul Jain

Examples :-

Click Here www.luckydraw.com to claim your $10000000 Prize!Urgent attention of all true bank account holders.

Made By Rahul Jain

to claim your $10000000 Prize!Urgent attention of all true bank account holders.

Made By Rahul Jain

Methods Of Phishing Attacks

•Impersonation :- Constructing fake Sites and then deceived by visiting

Made By Rahul Jain

Methods Of Phishing Attacks -1

Constructing fake Sites and then deceived by visiting.

Made By Rahul Jain

Methods Of Phishing Attacks

•Forwarding :When victim login to forwarding link data will upload on hostile’s server

Made By Rahul Jain

Methods Of Phishing Attacks -2

Forwarding :- Amazon, Paypal, eBay, When victim login to forwarding link data will upload on hostile’s

Made By Rahul Jain

Methods Of Phishing Attacks

•Popups :- Creative but of Limited Approaches. Behind the popup stealing of data done.

First discovered during barrage of phishing attacks on city bank in 2003.

Made By Rahul Jain

Methods Of Phishing Attacks -3

Creative but of Limited Approaches. Behind the popup

First discovered during barrage of phishing attacks on city bank in

Made By Rahul Jain

Types Of Phishing Attacks

• Man-In-The-Middle-Phishingbetween user and legitimate websites.

• URL Obfuscation Attacks :- Following attackers hyperlink to the attacker’s server. A> Bad Domain Names –B> Friendly Login URL’s -Many web sites use friendly websites to attack and steal the user’s data the general information is URL://username:password@hostname/path

Made By Rahul Jain

Types Of Phishing Attacks -1

Phishing :- Hackers Position themselves between user and legitimate websites.

Following attackers hyperlink to the

Many web sites use friendly websites to attack and steal the user’s data the general information is URL://username:password@hostname/path

Made By Rahul Jain

Types Of Phishing Attacks

C> Third Party Shortened URL’s length of Complexity of many websites

D> Host Name Obfuscationhttp://mybank.com:ebanking@evilsite.com/phishing/fakepage.htm

In some cases, it may be possible to mix formats (http://0322.0x86/161.0043/)

Made By Rahul Jain

Types Of Phishing Attacks -2

Third Party Shortened URL’s :- Due to length of Complexity of many websites www.smallurl.com

Host Name Obfuscation:- e.g, http://mybank.com:ebanking@evilsite.com/phishing/fakepage.htm

In some cases, it may be possible to mix formats (e.g,

Made By Rahul Jain

Types Of Phishing Attacks

E> URL Obfuscation :of intended meaning in communication, making the message confusing, willfully ambiguous, or harder to understand

Made By Rahul Jain

Types Of Phishing Attacks -3

URL Obfuscation :- Obfuscation is the obscuring in communication, making the message

ambiguous, or harder to understand.

Made By Rahul Jain

Types Of Phishing Attacks

E1> Escape Encoding :-Percent Encoding or Escaped Encoding Achieved by encoding the character to be intrepid with the character %.

E2> Unicode Encoding :-storing characters with multiple bytes by providing a unique number.

Made By Rahul Jain

Attacks -4

Percent Encoding or Escaped Encoding Achieved by encoding the character to be intrepid with the character

- Method of Referencing and storing characters with multiple bytes by providing a unique number.

Made By Rahul Jain

Types Of Phishing Attacks

E3> Inappropriate UTF-8 Encoding Characteristics of preserving the full US%CO, %AE, %FO %FX %80 %80

E4> Multiple Encoding :the URL information by encoding characters multiple times. E.g, “\” character may be encoded as %25 originally but could be extended to %35C or %25C%35C%63

Made By Rahul Jain

Types Of Phishing Attacks -5

8 Encoding :-Characteristics of preserving the full US-ASCII character range.

:- Phishers may further obfuscate the URL information by encoding characters multiple times.

” character may be encoded as %25 originally but could be extended to %35C or %25C%35C%63

Made By Rahul Jain

Types Of Phishing Attacks Types Of Phishing Attacks

Hidden Attacks - An attacker may make use of HTML, DHTML and Other Scriptable Code.Whether its man in the middle attack or fake copy of the site hosted on the attackers own systems. A> Hidden Frames

Hidden Attacks - An attacker may make use of HTML, DHTML and Other Scriptable Code.Whether its man in the middle attack or fake copy of the site hosted on the attackers own systems. A> Hidden Frames

Made By Rahul Jain

Types Of Phishing Attacks -6Types Of Phishing Attacks -6

An attacker may make use of HTML, DHTML and Other Scriptable Code.Whether its man in the middle attack or fake copy of the site hosted

An attacker may make use of HTML, DHTML and Other Scriptable Code.Whether its man in the middle attack or fake copy of the site hosted

Made By Rahul Jain

Types Of Phishing Attacks

Overriding Page Content :-

Made By Rahul Jain

Types Of Phishing Attacks -7

Made By Rahul Jain

Types Of Phishing Attacks

Deceptive Phishing :-Malware Based Phishing :-DNA Based Phishing :-Content Injection Phishing :-Search Engine Phishing :-

Made By Rahul Jain

Types Of Phishing Attacks -8

Made By Rahul Jain

How To Avoid Phishing Attacks

1. Be Careful About responding To emails that ask you for sensitive information.2. Go to The Site Your self, Rather than clicking on links in suspicious emails. 3. If You are on sites that asking you to enter sensitive info check for signs of any thing suspicious.4. Be wary of “Fabulous offers” and “fantastic Prizes” that you will some times Across on web.

1. Be Careful About responding To emails that ask you for sensitive information.2. Go to The Site Your self, Rather than clicking on links in suspicious emails. 3. If You are on sites that asking you to enter sensitive info check for signs of any thing suspicious.4. Be wary of “Fabulous offers” and “fantastic Prizes” that you will some times Across on web.

Made By Rahul Jain

How To Avoid Phishing Attacks -1

1. Be Careful About responding To emails that ask you for sensitive

2. Go to The Site Your self, Rather than clicking on links in suspicious

3. If You are on sites that asking you to enter sensitive info check for

4. Be wary of “Fabulous offers” and “fantastic Prizes” that you will

1. Be Careful About responding To emails that ask you for sensitive

2. Go to The Site Your self, Rather than clicking on links in suspicious

3. If You are on sites that asking you to enter sensitive info check for

4. Be wary of “Fabulous offers” and “fantastic Prizes” that you will

Made By Rahul Jain

How To Avoid Phishing Attacks

Use of Browsers that has a phishing filters.

Made By Rahul Jain

How To Avoid Phishing Attacks -2

Use of Browsers that has a phishing filters.

Made By Rahul Jain

Thank You ..!! ☺For Any Query Ask on-- ideasandtechnology.blogspot.in or mail me at-- rahuljaincse51@gmail.com

Made By Rahul JainMade By Rahul Jain