The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
IS Presetation.pptx
1. Phishing - An Analysis about types, causes, preventives
and case research in the modern-day situation
Presented By
Iffat Ara Afrose Roll: 2054991008
Jarin Sobah Peu Roll: 2054991011
Sazzadur Rahman Himel Roll: 2054991031
Maisha Hasnin Roll: 2054991034
Md. Tanvir Amin Roll: 2054991035
01
2. Context
What is Phishing
History of Phishing
Evolution of Phishing
The human factor of security
Types of Phishing
Example
Cause of Growing the phishing Attacks
Phishing Preventive
Identifying Phishing Email
Protect Yourself: Refuse the Bait
Got Hooked: Protect Yourself: Act Now
02
3. WHAT IS PHISHING?
According to Wikipedia, Phishing is the
attempt to obtain sensitive information
such as usernames, passwords, and
credit card details (and, indirectly,
money), often for malicious reasons, by
disguising as a trustworthy entity in an
electronic communication.
The best way to protect yourself
from phishing is to learn how to
recognize a phish.
HOW CAN I PROTECT MYSELF
FROM PHISHING?
• For Internet criminals to successfully "phish" your personal information, they must
get YOU to go from an email to a website.
• Phishing emails will almost always tell YOU to click a link that takes you to a site
where your personal information is requested.
• Legitimate organizations would never request this information of you via email.
EMPLOYEES ARE OFTEN THE WEAKEST LINK in a
company's security chain. But with a little knowledge
and foresight you can mitigate the risks .
03
4. Phreaking + Fishing = Phishing
- Phreaking = making phone calls for free back in 70’s
- Fishing = Use bait to lure the target
Phishing in 1995
Target: AOL users
Purpose: getting account passwords for free time
Threat level: low
Techniques: Similar names ( www.ao1.com for www.aol.com ), social
engineering
Phishing in 2001
Target: Ebayers and major banks
Purpose: getting credit card numbers, accounts
Threat level: medium
Techniques: Same in 1995, keylogger
Phishing in 2007
Target: Paypal, banks, ebay
Purpose: bank accounts
Threat level: high
Techniques: browser vulnerabilities, link obfuscation
History of Phishing
04
7. Types of Phishing
Mass Phishing – Mass, large-volume attack intended to reach as many people as
possible
Spear Phishing – Targeted attack directed at specific individuals or companies
using gathered information to personalize the message and make the scam more
difficult to detect
Whaling – Type of spear phishing attack that targets “big fish,” including high-
profile individuals or those with a great deal of authority or access
Clone Phishing – Spoofed copy of a legitimate and previously delivered email, with
original attachments or hyperlinks replaced with malicious versions, which is sent
from a forged email address, so it appears to come from the original sender or
another legitimate source
Advance-Fee Scam: Requests the target to send money or bank account
information to the cybercriminal
07
8. Types of Phishing
Social Engineering - On your Facebook profile or LinkedIn profile, you can
find: Name, Date of Birth, Location, Workplace, Interests, Hobbies, Skills, your
Relationship Status, Telephone Number, Email Address and Favorite Food. This
is everything a Cybercriminal needs in order to fool you into thinking that the
message or email is legitimate.
Link Manipulation - Most methods of phishing use some form of deception
designed to make a link in an email appear to belong to the spoofed organization
or person. Misspelled URLs or the use of subdomains are common tricks used by
phishers. Many email clients or web browsers will show previews of where a link
will take the user in the bottom left of the screen or while hovering the mouse
cursor over a link.
08
10. 1. This email looks like a legit PayPal email that you would normally see. So, the
first thing to do is to see if you recognize the email, or if you have done any kind
of transaction with this email address. Also look through the email for spelling
and grammatical errors, as Cybercriminals will often leave these errors in the
body of the email.
2. Second, see if the item in question is one that you bought or sold. If not, then
delete and move on.
3. Look at the email circled, if this was an official email from PayPal, it would end
in “@paypal.com” not mail2world.
10
11. Cause of Growing the phishing Attacks
Lack of awareness: Users aren't that privy to the devious and devious
approaches of attackers.
Lack of knowledge: Users aren't that acquainted with on-line
transaction policies, making it greater vulnerable to phishing scams
regardless of its technical elegance.
Technical modernization: Attackers constantly appear to improve to
the brand-new technology to be had at the market. While customers are
exceptionally privy to phishing, attackers have an aspect over
customers through growing new and revolutionary strategies to
counteract this awareness.
11
12. Phishing Preventive
Keep your non-public records private: Things like a financial
institution account number, cell phone number, address, passwords,
etc.
Ignore unknown emails: asking for your non-public records and
giving you an exact deadline when they should be cluttered in a longer
period.
Money Scam: Stop believing the emails or messages that claim you
have received a large amount of cash from some valid websites and
ask you to provide non - public details.
Secure device: Update your machine with the trendy and maximum
promising protection software, inclusive of antivirus, antispyware,
firewall, unsolicited mail filter, etc.
12
13. Identifying Phishing Email
Tip 1: Don’t trust the display name
A favorite phishing tactic among cybercriminals is to spoof the display name of an email. Since most banks don’t own the domain “secure.com,” email
authentication defenses will not block this email on My Bank’s behalf. Once delivered, the email appears legitimate because most user inboxes and cell
phones will only present the display name. Always check the email address in the header from—if looks suspicious, flag the email.
Tip 2: Look but don’t click
Cybercriminals love to embed malicious links in legitimate-sounding copy. Hover your mouse over any links you find embedded in the body of your
email. If the link address looks weird, don’t click on it. If you have any reservations about the link, send the email directly to IT.
Tip 3: Check for spelling mistakes
Brands are pretty serious about email. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully and
report anything that seems suspicious.
Tip 4: Analyze the salutation
Is the email addressed to a vague “Valued Customer?” If so, watch out—legitimate businesses will often use a personal salutation with your first and last
name.
Tip 5: Don’t give up personal or company confidential information
Most companies will never ask for personal credentials via email--especially banks. Likewise, most companies will have policies in place preventing
external communications of business IP. Stop yourself before revealing any confidential information over email.
13
14. Identifying Phishing Email
Tip 6: Beware of urgent or threatening language in the subject line
Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim your “account has been
suspended” or ask you to action an “urgent payment request.”
Tip 7: Review the signature
Lack of details about the signer or how you can contact a company strongly suggests a phish. Legitimate businesses always provide
contact details. Check for them!
Tip 8: Don’t click on attachments
Including malicious attachments that contain viruses and malware is a common phishing tactic. Malware can damage files on your
computer, steal your passwords or spy on you without your knowledge. Don’t open any email attachments you weren’t expecting.
Tip 9: Don’t trust the header from email address
Fraudsters not only spoof brands in the display name, but also spoof brands in the header from email address, including the domain
name. Keep in mind that just because the sender’s email address looks legitimate (e.g. sendername@yourcompany.com), it may not
be. A familiar name in your inbox isn’t always who you think it is!
Tip 10: Don’t believe everything you see
Phishers are extremely good at what they do. Many malicious emails include convincing brand logos, language, and a seemingly
valid email address. Be skeptical when it comes to your email messages—if it looks even remotely suspicious, do not open it.
14
15. Protect Yourself: Refuse the Bait
STOP. THINK. CONNECT.
Before you click, look for common baiting tactics
If the message looks suspicious or too good to be true, treat it as such
Install and maintain antivirus software on your electronic devices
Use email filters to reduce spam and malicious traffic
Be wary of messages asking for passwords or other personal information
No one from any certified site will ask for your password
Most reputable businesses and organizations will not ask for this information via email
Never send passwords, bank account numbers or other private information in an email
Do not reply to requests for this information
Verify by contacting the company or individual, but do not use the contact information
included in the message
15
16. Protect Yourself: Refuse the Bait
Do not click on any hyperlinks in the email
User your computer mouse to hover over each link to verify its actual destination, even if the message
appears to be from a trusted source
Pay attention to the URL and look for a variation in spelling or different domain (e.g., ndsu.edu vs.
ndsu.com)
Consider navigating to familiar sites on your own instead of using links within messages
Examine websites closely
Malicious websites may look identical to legitimate sites
Look for “https://” or a lock icon in the address bar before entering any sensitive information on a
website
If you have received a phishing message
Forward it directly to IT helpdesk which keeps intact important information that may help IT staff
identify the source of the scam.
Then delete the message.
16
17. Got Hooked: Protect Yourself: Act Now
If you suspect… You should…
You interacted with or replied to a
phishing scam using your email
account
Immediately contact IT Help Desk
You might have revealed or shared
personal or financial information
Immediately change the password(s) for your account(s). If you use the
same password for multiple accounts and sites, change it for each account.
Do not reuse that password in the future.
Watch for signs of identity theft by reviewing your bank and credit card
statements for unauthorized charges and activity. If you notice anything
unusual, immediately contact your credit card or bank.
Consider reporting the attack to the police and file a report.
17
18. YIKES!!!! I’VE BEEN HOOKED, NOW WHAT???
Please notify Information Technology (IT) Help Desk
ASAP.
To minimize risks, IT will disable your email account.
You will be required to participate in a brief anti -
phishing training.
IT will assess the situation and enable your account
when all risks have been resolved and you have
completed training.
Depending on the severity of the attack, it may take up
to 48 hours to complete this process and restore the use
of your email account.
18