SlideShare uma empresa Scribd logo

Phishing

Transferir como PPTX, PDF
S
SouganthikaSankaresw

Content: What is phishing, history, how it works, statistics, types of phishing, how to identify it, how to take countermeasures, phishing kit, example of phishing attack.

Tecnologia
1 de 15
SOUGANTHIKA S HARSHENI S K POOJA SHRI V
 Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers.  It is a cyber attack that mostly uses disguised email as a weapon.  The goal is to trick the email recipient into believing that the message is something they want or need and to click a link or download an attachment.
 It's one of the oldest types of cyberattacks, dating back to the 1990s, via America Online, or AOL.  It's still one of the most widespread and pernicious, with phishing messages and techniques becoming increasingly sophisticated.  A group of hackers and pirates that banded together and called themselves the warez community are considered the first “phishers.”  In an early scam, they created an algorithm that allowed them to generate random credit card numbers, which they would then attempt to use to make phony AOL accounts.
 Spear Phishing Attackers will often gather information about their targets to fill emails with more authentic context. Some attackers even hijack business email communications and create highly customized messages.  Clone Phishing Attackers are able to view legitimate, previously delivered email messages, make a nearly identical copy of it—or “clone”—and then change an attachment or link to something malicious.  Whaling Whaling specifically targets high profile and/or senior executives in an organization. The content of a whaling attempt will often present as a legal communication or other high- level executive business.
 Vishing Vishing refers to phishing done over phone calls. Since voice is used for this type of phishing, it is called vishing → voice + phishing = vishing.  Smishing SMS phishing or SMiShing is one of the easiest types of phishing attacks. The user is targeted by using SMS alerts.  In-Session Phishing Pop-up messages are the easiest way to run a successful phishing campaign. Through pop- up messages, attackers get a window to steal the login credentials by redirecting them to a fake website.  Search engine phishing The scammers target certain keywords and create web pages they hope show up in the search results. Visitors clicking on the link from Google may not realize it’s a phishing scam until it’s too late.
 The message is sent from a public email domain  The domain name is misspelled  The email is poorly written  It includes suspicious attachments or links  The message creates a sense of urgency  Legit companies usually call you by your name
 Use HTTPS  A properly configured Web Browser  Monitoring Phishing Sites  Proper Email Client Configuration  Using SPAM Filters
Phishing kits as well as mailing lists are available on the dark web. A couple of sites such as Phishtank and OpenPhis h keep crowd-sourced lists of known phishing kits.
 The story of Austrian aerospace executive Walter Stephan holds the record for being the individual to lose the most money in history from a single scam – around $47 million.  During his tenure as CEO of FACC, which manufactures aircraft components for Boeing and Airbus, cybercriminals faked Stephan’s email and demanded a lower-level employee to transfer the enormous sum to an unknown bank account as part of an “acquisition project”.  FACC’s systems were not hacked. The attacker seems to have simply guessed Stephan’s email correctly, created a look-alike spoof email address, and then targeted an entry-level accountant.  The employee immediately trusted the email and sent the wire. In the aftermath of the loss, Stephan lost his position as CEO, FACC fired its chief financial officer, and the company scrambled to retrieve the money – eventually recouping around one-fifth of the loss.  To avoid the fate of FACC, businesses need to empower employees to verify email communication that appears to come from senior board members.
18IT030 18IT058 18IT089
 The word “phishing” (a play on the word “fishing”) is an attempt, originally via a message or email, to lure computer users to reveal sensitive personal information such as passwords, birthdates, credit cards, and social security numbers. To perpetrate this type of con, the communication pretends to be from an official representative of a website or another institution a person has likely done business with (e.g., PayPal, Amazon, UPS, Bank of America, etc.).  97% do not spot phishing emails  As people became more savvy about messenger scams, phishers switched to email communications, which were easy to create, cheap to send out, and made it nearly impossible for them to get caught  And while most of these phishing messages were poorly constructed and full of grammatical errors at first, they quickly began to get more sophisticated.  There are many different methods and subcategories of phishing, but there is one thing they all have in common: They want to fool you into giving up your personal information.  Spear phishing email messages won’t look as random as more general phishing attempts.  Whaling is not very different from spear phishing, but the targeted group becomes more
 According to Verizon’s 2019 Data Breach Investigations Report, 32% of all cyber attacks involved phishing.  The email itself may contain the company’s logo and phone number, and otherwise look completely legitimate; another common tactic is to make it look like a personal email from a friend or relative who wants to share something with you.  No legitimate organization will contact you from an address that ends ‘@gmail.com’.  The problem is that anyone can buy a domain name from a registrar.  Look not for spelling mistakes but for grammar mistakes  This will either be an infected attachment that you’re asked to download or a link to a bogus website that requests login and other sensitive information. The longer you think about something, the more likely you are to notice things that don’t seem right.  Phishing emails typically use generic salutations such as “Dear valued member,” “Dear account holder,” or “Dear customer.”
 Using HTTPS means that the information passed between the browser and intended server is all encrypted  Browser settings Warn me when sites try to install add-ons, Block reported attack sites, Block reported web forgeries  There are also online tools available that can be used to check a site out before navigating to it. Google Safe Browsing is one of the popular online tools available.  Disable links, and to receive warnings about suspicious domains and email addresses.  Along with proper email client configuration, you want to implement the use of SPAM filters in your email.  Pay attention to is examining the “To” and “From” in the address line of a suspicious email. Ensure the email came from a sender you actually know. Even if it does come from a trusted sender, look in the To line to see if you are the only recipient.  Before opening an email, you can use your mouse to point and then hover over the email to see if the Sender that appears in the from line, is actually the sender. As you hover over a smaller box will appear with metadata information concerning the email.

Recomendados

Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You Safe
CheapSSLsecurity
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing Attacks
Jagan Mohan
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on Phishing
Pankaj Yadav
 
Phishing
PhishingPhishing
Phishing
SaurabhKantSahu1
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation
Nikolaos Georgitsopoulos
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?
Quick Heal Technologies Ltd.
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing Attacks
SysCloud
 
Phishing attack
Phishing attackPhishing attack
Phishing attack
Raghav Chhabra
 

Recomendados

Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You Safe
CheapSSLsecurity
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing Attacks
Jagan Mohan
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on Phishing
Pankaj Yadav
 
Phishing
PhishingPhishing
Phishing
SaurabhKantSahu1
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation
Nikolaos Georgitsopoulos
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?
Quick Heal Technologies Ltd.
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing Attacks
SysCloud
 
Phishing attack
Phishing attackPhishing attack
Phishing attack
Raghav Chhabra
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks ppt
Aryan Ragu
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasures
Jorge Sebastiao
 
Phishing
PhishingPhishing
Phishing
anjalika sinha
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacks
Ramiro Cid
 
Phishing Attack : A big Threat
Phishing Attack : A big ThreatPhishing Attack : A big Threat
Phishing Attack : A big Threat
sourav newatia
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...
ABHAY PATHAK
 
Phishing Attack Awareness and Prevention
Phishing Attack Awareness and PreventionPhishing Attack Awareness and Prevention
Phishing Attack Awareness and Prevention
sonalikharade3
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
shindept123
 
Identity theft ppt
Identity theft pptIdentity theft ppt
Identity theft ppt
Cut 2 Shreds
 
Phishing
PhishingPhishing
Phishing
Sagar Rai
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness Training
Jen Ruhman
 
Phishing
PhishingPhishing
Phishing
Alka Falwaria
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
pooja_doshi
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
Sachin Saini
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
ControlScan, Inc.
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharks
Nalneesh Gaur
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
Ramiro Cid
 
Spoofing Techniques
Spoofing TechniquesSpoofing Techniques
Spoofing Techniques
Raza_Abidi
 
Anti phishing presentation
Anti phishing presentationAnti phishing presentation
Anti phishing presentation
BokangMalunga
 
Phishing
PhishingPhishing
Phishing
Syeda Javeria
 
Phishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdfPhishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdf
Evs, Lahore
 

Mais conteúdo relacionado

Mais procurados

Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks ppt
Aryan Ragu
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
pooja_doshi
 

Mais procurados (20)

Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks ppt
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasures
 
Phishing
PhishingPhishing
Phishing
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacks
 
Phishing Attack : A big Threat
Phishing Attack : A big ThreatPhishing Attack : A big Threat
Phishing Attack : A big Threat
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...
 
Phishing Attack Awareness and Prevention
Phishing Attack Awareness and PreventionPhishing Attack Awareness and Prevention
Phishing Attack Awareness and Prevention
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Identity theft ppt
Identity theft pptIdentity theft ppt
Identity theft ppt
 
Phishing
PhishingPhishing
Phishing
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness Training
 
Phishing
PhishingPhishing
Phishing
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharks
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
Spoofing Techniques
Spoofing TechniquesSpoofing Techniques
Spoofing Techniques
 
Anti phishing presentation
Anti phishing presentationAnti phishing presentation
Anti phishing presentation
 

Semelhante a Phishing

Phishing
PhishingPhishing
Phishing
Syahida
 
phishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptxphishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptx
vdgtkhdh
 
phishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptxphishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptx
amby3
 
December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10
seadeloitte
 
phishing-awareness-powerpoint [Autosaved].pptx
phishing-awareness-powerpoint [Autosaved].pptxphishing-awareness-powerpoint [Autosaved].pptx
phishing-awareness-powerpoint [Autosaved].pptx
ErrorError22
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
temi
 

Semelhante a Phishing (20)

Phishing
PhishingPhishing
Phishing
 
Phishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdfPhishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdf
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
 
IDENTIFYING CYBER THREATS NEAR YOU
IDENTIFYING CYBER THREATS NEAR YOUIDENTIFYING CYBER THREATS NEAR YOU
IDENTIFYING CYBER THREATS NEAR YOU
 
IS Presetation.pptx
IS Presetation.pptxIS Presetation.pptx
IS Presetation.pptx
 
Phishing
PhishingPhishing
Phishing
 
phishing facts be aware and do not take the bait
phishing facts be aware and do not take the baitphishing facts be aware and do not take the bait
phishing facts be aware and do not take the bait
 
phishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptxphishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptx
 
phishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptxphishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptx
 
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10
 
phishing-awareness-powerpoint [Autosaved].pptx
phishing-awareness-powerpoint [Autosaved].pptxphishing-awareness-powerpoint [Autosaved].pptx
phishing-awareness-powerpoint [Autosaved].pptx
 
Spear Phishing 101
Spear Phishing 101Spear Phishing 101
Spear Phishing 101
 
Email threat detection and mitigation
Email threat detection and mitigationEmail threat detection and mitigation
Email threat detection and mitigation
 
Are Phishing Attacks Angling For You?
Are Phishing Attacks Angling For You? Are Phishing Attacks Angling For You?
Are Phishing Attacks Angling For You?
 
Phishing.pdf
Phishing.pdfPhishing.pdf
Phishing.pdf
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
 

Último

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 

Último (20)

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 

Phishing

  • 1. SOUGANTHIKA S HARSHENI S K POOJA SHRI V
  • 2.  Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers.  It is a cyber attack that mostly uses disguised email as a weapon.  The goal is to trick the email recipient into believing that the message is something they want or need and to click a link or download an attachment.
  • 3.  It's one of the oldest types of cyberattacks, dating back to the 1990s, via America Online, or AOL.  It's still one of the most widespread and pernicious, with phishing messages and techniques becoming increasingly sophisticated.  A group of hackers and pirates that banded together and called themselves the warez community are considered the first “phishers.”  In an early scam, they created an algorithm that allowed them to generate random credit card numbers, which they would then attempt to use to make phony AOL accounts.
  • 4.
  • 5.
  • 6.  Spear Phishing Attackers will often gather information about their targets to fill emails with more authentic context. Some attackers even hijack business email communications and create highly customized messages.  Clone Phishing Attackers are able to view legitimate, previously delivered email messages, make a nearly identical copy of it—or “clone”—and then change an attachment or link to something malicious.  Whaling Whaling specifically targets high profile and/or senior executives in an organization. The content of a whaling attempt will often present as a legal communication or other high- level executive business.
  • 7.  Vishing Vishing refers to phishing done over phone calls. Since voice is used for this type of phishing, it is called vishing → voice + phishing = vishing.  Smishing SMS phishing or SMiShing is one of the easiest types of phishing attacks. The user is targeted by using SMS alerts.  In-Session Phishing Pop-up messages are the easiest way to run a successful phishing campaign. Through pop- up messages, attackers get a window to steal the login credentials by redirecting them to a fake website.  Search engine phishing The scammers target certain keywords and create web pages they hope show up in the search results. Visitors clicking on the link from Google may not realize it’s a phishing scam until it’s too late.
  • 8.  The message is sent from a public email domain  The domain name is misspelled  The email is poorly written  It includes suspicious attachments or links  The message creates a sense of urgency  Legit companies usually call you by your name
  • 9.  Use HTTPS  A properly configured Web Browser  Monitoring Phishing Sites  Proper Email Client Configuration  Using SPAM Filters
  • 10. Phishing kits as well as mailing lists are available on the dark web. A couple of sites such as Phishtank and OpenPhis h keep crowd-sourced lists of known phishing kits.
  • 11.  The story of Austrian aerospace executive Walter Stephan holds the record for being the individual to lose the most money in history from a single scam – around $47 million.  During his tenure as CEO of FACC, which manufactures aircraft components for Boeing and Airbus, cybercriminals faked Stephan’s email and demanded a lower-level employee to transfer the enormous sum to an unknown bank account as part of an “acquisition project”.  FACC’s systems were not hacked. The attacker seems to have simply guessed Stephan’s email correctly, created a look-alike spoof email address, and then targeted an entry-level accountant.  The employee immediately trusted the email and sent the wire. In the aftermath of the loss, Stephan lost his position as CEO, FACC fired its chief financial officer, and the company scrambled to retrieve the money – eventually recouping around one-fifth of the loss.  To avoid the fate of FACC, businesses need to empower employees to verify email communication that appears to come from senior board members.
  • 13.  The word “phishing” (a play on the word “fishing”) is an attempt, originally via a message or email, to lure computer users to reveal sensitive personal information such as passwords, birthdates, credit cards, and social security numbers. To perpetrate this type of con, the communication pretends to be from an official representative of a website or another institution a person has likely done business with (e.g., PayPal, Amazon, UPS, Bank of America, etc.).  97% do not spot phishing emails  As people became more savvy about messenger scams, phishers switched to email communications, which were easy to create, cheap to send out, and made it nearly impossible for them to get caught  And while most of these phishing messages were poorly constructed and full of grammatical errors at first, they quickly began to get more sophisticated.  There are many different methods and subcategories of phishing, but there is one thing they all have in common: They want to fool you into giving up your personal information.  Spear phishing email messages won’t look as random as more general phishing attempts.  Whaling is not very different from spear phishing, but the targeted group becomes more
  • 14.  According to Verizon’s 2019 Data Breach Investigations Report, 32% of all cyber attacks involved phishing.  The email itself may contain the company’s logo and phone number, and otherwise look completely legitimate; another common tactic is to make it look like a personal email from a friend or relative who wants to share something with you.  No legitimate organization will contact you from an address that ends ‘@gmail.com’.  The problem is that anyone can buy a domain name from a registrar.  Look not for spelling mistakes but for grammar mistakes  This will either be an infected attachment that you’re asked to download or a link to a bogus website that requests login and other sensitive information. The longer you think about something, the more likely you are to notice things that don’t seem right.  Phishing emails typically use generic salutations such as “Dear valued member,” “Dear account holder,” or “Dear customer.”
  • 15.  Using HTTPS means that the information passed between the browser and intended server is all encrypted  Browser settings Warn me when sites try to install add-ons, Block reported attack sites, Block reported web forgeries  There are also online tools available that can be used to check a site out before navigating to it. Google Safe Browsing is one of the popular online tools available.  Disable links, and to receive warnings about suspicious domains and email addresses.  Along with proper email client configuration, you want to implement the use of SPAM filters in your email.  Pay attention to is examining the “To” and “From” in the address line of a suspicious email. Ensure the email came from a sender you actually know. Even if it does come from a trusted sender, look in the To line to see if you are the only recipient.  Before opening an email, you can use your mouse to point and then hover over the email to see if the Sender that appears in the from line, is actually the sender. As you hover over a smaller box will appear with metadata information concerning the email.

Notas do Editor

  1. The word “phishing” (a play on the word “fishing”) is an attempt, originally via a message or email, to lure computer users to reveal sensitive personal information such as passwords, birthdates, credit cards, and social security numbers. To perpetrate this type of con, the communication pretends to be from an official representative of a website or another institution a person has likely done business with (e.g., PayPal, Amazon, UPS, Bank of America, etc.). 97% do not spot phishing emails 
  2. As people became more savvy about messenger scams, phishers switched to email communications, which were easy to create, cheap to send out, and made it nearly impossible for them to get caught And while most of these phishing messages were poorly constructed and full of grammatical errors at first, they quickly began to get more sophisticated. 
  3. there are many different methods and subcategories of phishing, but there is one thing they all have in common: They want to fool you into giving up your personal information. Spear phishing email messages won’t look as random as more general phishing attempts. Whaling is not very different from spear phishing, but the targeted group becomes more specific and confined in this type of phishing attack.
  4. Considering the ease and enormity of data available in social networks, it is no surprise that phishers communicate confidently over a call in the name of friends, relatives or any related brand, without raising any suspicion.
  5. According to Verizon’s 2019 Data Breach Investigations Report, 32% of all cyber attacks involved phishing. The email itself may contain the company’s logo and phone number, and otherwise look completely legitimate; another common tactic is to make it look like a personal email from a friend or relative who wants to share something with you. No legitimate organisation will contact you from an address that ends ‘@gmail.com’. The problem is that anyone can buy a domain name from a registrar.  Look not for spelling mistakes but for grammar mistakes This will either be an infected attachment that you’re asked to download or a link to a bogus website that requests login and other sensitive information. the longer you think about something, the more likely you are to notice things that don’t seem right. Phishing emails typically use generic salutations such as “Dear valued member,” “Dear account holder,” or “Dear customer.”
  6. Using HTTPS means that the information passed between the browser and intended server is all encrypted Browser settings Warn me when sites try to install add-ons Block reported attack sites Block reported web forgeries There are also online tools available that can be used to check a site out before navigating to it. Google Safe Browsing is one of the popular online tools available. disable links, and to receive warnings about suspicious domains and email addresses. Along with proper email client configuration, you want to implement the use of SPAM filters in your email. pay attention to is examining the “To” and “From” in the address line of a suspicious email. Ensure the email came from a sender you actually know. Even if it does come from a trusted sender, look in the To line to see if you are the only recipient. Before opening an email, you can use your mouse to point and then hover over the email to see if the Sender that appears in the from line, is actually the sender. As you hover over a smaller box will appear with metadata information concerning the email.