SlideShare uma empresa Scribd logo

IS Presetation.pptx

Transferir como PPTX, PDF
T
Tanvir Amin

It's all about a short presentation on Phishing attacks, Their cause, types, presentations, and research

Tecnologia
1 de 19
Phishing - An Analysis about types, causes, preventives and case research in the modern-day situation Presented By Iffat Ara Afrose Roll: 2054991008 Jarin Sobah Peu Roll: 2054991011 Sazzadur Rahman Himel Roll: 2054991031 Maisha Hasnin Roll: 2054991034 Md. Tanvir Amin Roll: 2054991035 01
Context  What is Phishing  History of Phishing  Evolution of Phishing  The human factor of security  Types of Phishing  Example  Cause of Growing the phishing Attacks  Phishing Preventive  Identifying Phishing Email  Protect Yourself: Refuse the Bait  Got Hooked: Protect Yourself: Act Now 02
WHAT IS PHISHING? According to Wikipedia, Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. The best way to protect yourself from phishing is to learn how to recognize a phish. HOW CAN I PROTECT MYSELF FROM PHISHING? • For Internet criminals to successfully "phish" your personal information, they must get YOU to go from an email to a website. • Phishing emails will almost always tell YOU to click a link that takes you to a site where your personal information is requested. • Legitimate organizations would never request this information of you via email. EMPLOYEES ARE OFTEN THE WEAKEST LINK in a company's security chain. But with a little knowledge and foresight you can mitigate the risks . 03
 Phreaking + Fishing = Phishing - Phreaking = making phone calls for free back in 70’s - Fishing = Use bait to lure the target  Phishing in 1995 Target: AOL users Purpose: getting account passwords for free time Threat level: low Techniques: Similar names ( www.ao1.com for www.aol.com ), social engineering  Phishing in 2001 Target: Ebayers and major banks Purpose: getting credit card numbers, accounts Threat level: medium Techniques: Same in 1995, keylogger  Phishing in 2007 Target: Paypal, banks, ebay Purpose: bank accounts Threat level: high Techniques: browser vulnerabilities, link obfuscation History of Phishing 04
Evolution of Phishing 05
The human factor of security Configuration Neglect Deceit 06
Types of Phishing Mass Phishing – Mass, large-volume attack intended to reach as many people as possible Spear Phishing – Targeted attack directed at specific individuals or companies using gathered information to personalize the message and make the scam more difficult to detect Whaling – Type of spear phishing attack that targets “big fish,” including high- profile individuals or those with a great deal of authority or access Clone Phishing – Spoofed copy of a legitimate and previously delivered email, with original attachments or hyperlinks replaced with malicious versions, which is sent from a forged email address, so it appears to come from the original sender or another legitimate source Advance-Fee Scam: Requests the target to send money or bank account information to the cybercriminal 07
Types of Phishing  Social Engineering - On your Facebook profile or LinkedIn profile, you can find: Name, Date of Birth, Location, Workplace, Interests, Hobbies, Skills, your Relationship Status, Telephone Number, Email Address and Favorite Food. This is everything a Cybercriminal needs in order to fool you into thinking that the message or email is legitimate.  Link Manipulation - Most methods of phishing use some form of deception designed to make a link in an email appear to belong to the spoofed organization or person. Misspelled URLs or the use of subdomains are common tricks used by phishers. Many email clients or web browsers will show previews of where a link will take the user in the bottom left of the screen or while hovering the mouse cursor over a link. 08
Example 09
1. This email looks like a legit PayPal email that you would normally see. So, the first thing to do is to see if you recognize the email, or if you have done any kind of transaction with this email address. Also look through the email for spelling and grammatical errors, as Cybercriminals will often leave these errors in the body of the email. 2. Second, see if the item in question is one that you bought or sold. If not, then delete and move on. 3. Look at the email circled, if this was an official email from PayPal, it would end in “@paypal.com” not mail2world. 10
Cause of Growing the phishing Attacks Lack of awareness: Users aren't that privy to the devious and devious approaches of attackers. Lack of knowledge: Users aren't that acquainted with on-line transaction policies, making it greater vulnerable to phishing scams regardless of its technical elegance. Technical modernization: Attackers constantly appear to improve to the brand-new technology to be had at the market. While customers are exceptionally privy to phishing, attackers have an aspect over customers through growing new and revolutionary strategies to counteract this awareness. 11
Phishing Preventive Keep your non-public records private: Things like a financial institution account number, cell phone number, address, passwords, etc. Ignore unknown emails: asking for your non-public records and giving you an exact deadline when they should be cluttered in a longer period. Money Scam: Stop believing the emails or messages that claim you have received a large amount of cash from some valid websites and ask you to provide non - public details. Secure device: Update your machine with the trendy and maximum promising protection software, inclusive of antivirus, antispyware, firewall, unsolicited mail filter, etc. 12
Identifying Phishing Email Tip 1: Don’t trust the display name A favorite phishing tactic among cybercriminals is to spoof the display name of an email. Since most banks don’t own the domain “secure.com,” email authentication defenses will not block this email on My Bank’s behalf. Once delivered, the email appears legitimate because most user inboxes and cell phones will only present the display name. Always check the email address in the header from—if looks suspicious, flag the email. Tip 2: Look but don’t click Cybercriminals love to embed malicious links in legitimate-sounding copy. Hover your mouse over any links you find embedded in the body of your email. If the link address looks weird, don’t click on it. If you have any reservations about the link, send the email directly to IT. Tip 3: Check for spelling mistakes Brands are pretty serious about email. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully and report anything that seems suspicious. Tip 4: Analyze the salutation Is the email addressed to a vague “Valued Customer?” If so, watch out—legitimate businesses will often use a personal salutation with your first and last name. Tip 5: Don’t give up personal or company confidential information Most companies will never ask for personal credentials via email--especially banks. Likewise, most companies will have policies in place preventing external communications of business IP. Stop yourself before revealing any confidential information over email. 13
Identifying Phishing Email Tip 6: Beware of urgent or threatening language in the subject line Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim your “account has been suspended” or ask you to action an “urgent payment request.” Tip 7: Review the signature Lack of details about the signer or how you can contact a company strongly suggests a phish. Legitimate businesses always provide contact details. Check for them! Tip 8: Don’t click on attachments Including malicious attachments that contain viruses and malware is a common phishing tactic. Malware can damage files on your computer, steal your passwords or spy on you without your knowledge. Don’t open any email attachments you weren’t expecting. Tip 9: Don’t trust the header from email address Fraudsters not only spoof brands in the display name, but also spoof brands in the header from email address, including the domain name. Keep in mind that just because the sender’s email address looks legitimate (e.g. sendername@yourcompany.com), it may not be. A familiar name in your inbox isn’t always who you think it is! Tip 10: Don’t believe everything you see Phishers are extremely good at what they do. Many malicious emails include convincing brand logos, language, and a seemingly valid email address. Be skeptical when it comes to your email messages—if it looks even remotely suspicious, do not open it. 14
Protect Yourself: Refuse the Bait  STOP. THINK. CONNECT. Before you click, look for common baiting tactics If the message looks suspicious or too good to be true, treat it as such  Install and maintain antivirus software on your electronic devices  Use email filters to reduce spam and malicious traffic  Be wary of messages asking for passwords or other personal information No one from any certified site will ask for your password Most reputable businesses and organizations will not ask for this information via email  Never send passwords, bank account numbers or other private information in an email Do not reply to requests for this information Verify by contacting the company or individual, but do not use the contact information included in the message 15
Protect Yourself: Refuse the Bait  Do not click on any hyperlinks in the email  User your computer mouse to hover over each link to verify its actual destination, even if the message appears to be from a trusted source  Pay attention to the URL and look for a variation in spelling or different domain (e.g., ndsu.edu vs. ndsu.com)  Consider navigating to familiar sites on your own instead of using links within messages  Examine websites closely  Malicious websites may look identical to legitimate sites  Look for “https://” or a lock icon in the address bar before entering any sensitive information on a website  If you have received a phishing message  Forward it directly to IT helpdesk which keeps intact important information that may help IT staff identify the source of the scam.  Then delete the message. 16
Got Hooked: Protect Yourself: Act Now If you suspect… You should… You interacted with or replied to a phishing scam using your email account Immediately contact IT Help Desk You might have revealed or shared personal or financial information Immediately change the password(s) for your account(s). If you use the same password for multiple accounts and sites, change it for each account. Do not reuse that password in the future. Watch for signs of identity theft by reviewing your bank and credit card statements for unauthorized charges and activity. If you notice anything unusual, immediately contact your credit card or bank. Consider reporting the attack to the police and file a report. 17
YIKES!!!! I’VE BEEN HOOKED, NOW WHAT???  Please notify Information Technology (IT) Help Desk ASAP.  To minimize risks, IT will disable your email account.  You will be required to participate in a brief anti - phishing training.  IT will assess the situation and enable your account when all risks have been resolved and you have completed training.  Depending on the severity of the attack, it may take up to 48 hours to complete this process and restore the use of your email account. 18
19

Recomendados

10 tips to prevent phishing attacks
10 tips to prevent phishing attacks10 tips to prevent phishing attacks
10 tips to prevent phishing attacksNamik Heydarov
 
IDENTIFYING CYBER THREATS NEAR YOU
IDENTIFYING CYBER THREATS NEAR YOUIDENTIFYING CYBER THREATS NEAR YOU
IDENTIFYING CYBER THREATS NEAR YOUBilly Warero
 
Phishing technology
Phishing technologyPhishing technology
Phishing technologyPreeti Papneja
 
Phishing technology
Phishing technologyPhishing technology
Phishing technologyPreeti Papneja
 
Phishing technology
Phishing technologyPhishing technology
Phishing technologyPreeti Papneja
 
Phishing
PhishingPhishing
PhishingDeepak Kumar (D3)
 
Phishing
PhishingPhishing
PhishingSyeda Javeria
 
Security awareness
Security awarenessSecurity awareness
Security awarenessSanoop Nair
 

Recomendados

10 tips to prevent phishing attacks
10 tips to prevent phishing attacks10 tips to prevent phishing attacks
10 tips to prevent phishing attacksNamik Heydarov
 
IDENTIFYING CYBER THREATS NEAR YOU
IDENTIFYING CYBER THREATS NEAR YOUIDENTIFYING CYBER THREATS NEAR YOU
IDENTIFYING CYBER THREATS NEAR YOUBilly Warero
 
Phishing technology
Phishing technologyPhishing technology
Phishing technologyPreeti Papneja
 
Phishing technology
Phishing technologyPhishing technology
Phishing technologyPreeti Papneja
 
Phishing technology
Phishing technologyPhishing technology
Phishing technologyPreeti Papneja
 
Phishing
PhishingPhishing
PhishingDeepak Kumar (D3)
 
Phishing
PhishingPhishing
PhishingSyeda Javeria
 
Security awareness
Security awarenessSecurity awareness
Security awarenessSanoop Nair
 
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSLESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSlesteraporado16
 
Cybersecurity Awareness Posters - Set #2
Cybersecurity Awareness Posters - Set #2Cybersecurity Awareness Posters - Set #2
Cybersecurity Awareness Posters - Set #2NetLockSmith
 
Phishing
PhishingPhishing
PhishingSouganthikaSankaresw
 
phishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptxphishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptxvdgtkhdh
 
phishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptxphishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptxamby3
 
phishing facts be aware and do not take the bait
phishing facts be aware and do not take the baitphishing facts be aware and do not take the bait
phishing facts be aware and do not take the baitssuser64f8f8
 
Are Phishing Attacks Angling For You?
Are Phishing Attacks Angling For You? Are Phishing Attacks Angling For You?
Are Phishing Attacks Angling For You? The TNS Group
 
Security-Awareness-Training.pptx
Security-Awareness-Training.pptxSecurity-Awareness-Training.pptx
Security-Awareness-Training.pptxWizer - Cyber Security Awareness
 
Phishing
PhishingPhishing
PhishingSagar Rai
 
Phishing
PhishingPhishing
Phishingshivli0769
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafeCheapSSLsecurity
 
Unit 3 - Cyber Crime.pptx
Unit 3 - Cyber Crime.pptxUnit 3 - Cyber Crime.pptx
Unit 3 - Cyber Crime.pptxssuserb73103
 
S_A_T.pptx
S_A_T.pptxS_A_T.pptx
S_A_T.pptxPurnanandaSwarupAcha
 
Identity theft in the internet
Identity theft in the internetIdentity theft in the internet
Identity theft in the internetmohmd-kutbi
 
How to check a suspicious link without clicking on it?
How to check a suspicious link without clicking on it?How to check a suspicious link without clicking on it?
How to check a suspicious link without clicking on it?Ankush Sarkar
 
Phishing 1 vp
Phishing 1 vpPhishing 1 vp
Phishing 1 vpomaralrshdi
 
phishing-awareness-powerpoint [Autosaved].pptx
phishing-awareness-powerpoint [Autosaved].pptxphishing-awareness-powerpoint [Autosaved].pptx
phishing-awareness-powerpoint [Autosaved].pptxErrorError22
 
Phishing
PhishingPhishing
Phishingguest7831c0
 
Phishing
PhishingPhishing
Phishingguest4b5c234
 
Lesson learned from linked in
Lesson learned from linked inLesson learned from linked in
Lesson learned from linked inPayza
 
Multirate signal processing
Multirate signal processingMultirate signal processing
Multirate signal processingTanvir Amin
 
Optical add drop multiplexer in Optical Fiber Communication
Optical add drop multiplexer in Optical Fiber CommunicationOptical add drop multiplexer in Optical Fiber Communication
Optical add drop multiplexer in Optical Fiber CommunicationTanvir Amin
 

Mais conteúdo relacionado

Semelhante a IS Presetation.pptx

LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSLESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSlesteraporado16
 
Cybersecurity Awareness Posters - Set #2
Cybersecurity Awareness Posters - Set #2Cybersecurity Awareness Posters - Set #2
Cybersecurity Awareness Posters - Set #2NetLockSmith
 
phishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptxphishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptxvdgtkhdh
 
phishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptxphishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptxamby3
 
phishing facts be aware and do not take the bait
phishing facts be aware and do not take the baitphishing facts be aware and do not take the bait
phishing facts be aware and do not take the baitssuser64f8f8
 
Are Phishing Attacks Angling For You?
Are Phishing Attacks Angling For You? Are Phishing Attacks Angling For You?
Are Phishing Attacks Angling For You? The TNS Group
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafeCheapSSLsecurity
 
Unit 3 - Cyber Crime.pptx
Unit 3 - Cyber Crime.pptxUnit 3 - Cyber Crime.pptx
Unit 3 - Cyber Crime.pptxssuserb73103
 
Identity theft in the internet
Identity theft in the internetIdentity theft in the internet
Identity theft in the internetmohmd-kutbi
 
How to check a suspicious link without clicking on it?
How to check a suspicious link without clicking on it?How to check a suspicious link without clicking on it?
How to check a suspicious link without clicking on it?Ankush Sarkar
 
phishing-awareness-powerpoint [Autosaved].pptx
phishing-awareness-powerpoint [Autosaved].pptxphishing-awareness-powerpoint [Autosaved].pptx
phishing-awareness-powerpoint [Autosaved].pptxErrorError22
 
Lesson learned from linked in
Lesson learned from linked inLesson learned from linked in
Lesson learned from linked inPayza
 

Semelhante a IS Presetation.pptx (20)

LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSLESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
 
Cybersecurity Awareness Posters - Set #2
Cybersecurity Awareness Posters - Set #2Cybersecurity Awareness Posters - Set #2
Cybersecurity Awareness Posters - Set #2
 
Phishing
PhishingPhishing
Phishing
 
phishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptxphishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptx
 
phishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptxphishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptx
 
phishing facts be aware and do not take the bait
phishing facts be aware and do not take the baitphishing facts be aware and do not take the bait
phishing facts be aware and do not take the bait
 
Are Phishing Attacks Angling For You?
Are Phishing Attacks Angling For You? Are Phishing Attacks Angling For You?
Are Phishing Attacks Angling For You?
 
Security-Awareness-Training.pptx
Security-Awareness-Training.pptxSecurity-Awareness-Training.pptx
Security-Awareness-Training.pptx
 
Phishing
PhishingPhishing
Phishing
 
Phishing
PhishingPhishing
Phishing
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You Safe
 
Unit 3 - Cyber Crime.pptx
Unit 3 - Cyber Crime.pptxUnit 3 - Cyber Crime.pptx
Unit 3 - Cyber Crime.pptx
 
S_A_T.pptx
S_A_T.pptxS_A_T.pptx
S_A_T.pptx
 
Identity theft in the internet
Identity theft in the internetIdentity theft in the internet
Identity theft in the internet
 
How to check a suspicious link without clicking on it?
How to check a suspicious link without clicking on it?How to check a suspicious link without clicking on it?
How to check a suspicious link without clicking on it?
 
Phishing 1 vp
Phishing 1 vpPhishing 1 vp
Phishing 1 vp
 
phishing-awareness-powerpoint [Autosaved].pptx
phishing-awareness-powerpoint [Autosaved].pptxphishing-awareness-powerpoint [Autosaved].pptx
phishing-awareness-powerpoint [Autosaved].pptx
 
Phishing
PhishingPhishing
Phishing
 
Phishing
PhishingPhishing
Phishing
 
Lesson learned from linked in
Lesson learned from linked inLesson learned from linked in
Lesson learned from linked in
 

Mais de Tanvir Amin

Multirate signal processing
Multirate signal processingMultirate signal processing
Multirate signal processingTanvir Amin
 
Optical add drop multiplexer in Optical Fiber Communication
Optical add drop multiplexer in Optical Fiber CommunicationOptical add drop multiplexer in Optical Fiber Communication
Optical add drop multiplexer in Optical Fiber CommunicationTanvir Amin
 
Circuit switched network in Optical Fiber Communication
Circuit switched network in Optical Fiber CommunicationCircuit switched network in Optical Fiber Communication
Circuit switched network in Optical Fiber CommunicationTanvir Amin
 
Light Fidelity (Li-Fi)
Light Fidelity (Li-Fi)Light Fidelity (Li-Fi)
Light Fidelity (Li-Fi)Tanvir Amin
 
Hydro Electric Power Plant
Hydro Electric Power Plant Hydro Electric Power Plant
Hydro Electric Power Plant Tanvir Amin
 

Mais de Tanvir Amin (6)

Multirate signal processing
Multirate signal processingMultirate signal processing
Multirate signal processing
 
Optical add drop multiplexer in Optical Fiber Communication
Optical add drop multiplexer in Optical Fiber CommunicationOptical add drop multiplexer in Optical Fiber Communication
Optical add drop multiplexer in Optical Fiber Communication
 
Circuit switched network in Optical Fiber Communication
Circuit switched network in Optical Fiber CommunicationCircuit switched network in Optical Fiber Communication
Circuit switched network in Optical Fiber Communication
 
Light Fidelity (Li-Fi)
Light Fidelity (Li-Fi)Light Fidelity (Li-Fi)
Light Fidelity (Li-Fi)
 
Ip addressing
Ip addressingIp addressing
Ip addressing
 
Hydro Electric Power Plant
Hydro Electric Power Plant Hydro Electric Power Plant
Hydro Electric Power Plant
 

Último

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 

Último (20)

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 

IS Presetation.pptx

  • 1. Phishing - An Analysis about types, causes, preventives and case research in the modern-day situation Presented By Iffat Ara Afrose Roll: 2054991008 Jarin Sobah Peu Roll: 2054991011 Sazzadur Rahman Himel Roll: 2054991031 Maisha Hasnin Roll: 2054991034 Md. Tanvir Amin Roll: 2054991035 01
  • 2. Context  What is Phishing  History of Phishing  Evolution of Phishing  The human factor of security  Types of Phishing  Example  Cause of Growing the phishing Attacks  Phishing Preventive  Identifying Phishing Email  Protect Yourself: Refuse the Bait  Got Hooked: Protect Yourself: Act Now 02
  • 3. WHAT IS PHISHING? According to Wikipedia, Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. The best way to protect yourself from phishing is to learn how to recognize a phish. HOW CAN I PROTECT MYSELF FROM PHISHING? • For Internet criminals to successfully "phish" your personal information, they must get YOU to go from an email to a website. • Phishing emails will almost always tell YOU to click a link that takes you to a site where your personal information is requested. • Legitimate organizations would never request this information of you via email. EMPLOYEES ARE OFTEN THE WEAKEST LINK in a company's security chain. But with a little knowledge and foresight you can mitigate the risks . 03
  • 4.  Phreaking + Fishing = Phishing - Phreaking = making phone calls for free back in 70’s - Fishing = Use bait to lure the target  Phishing in 1995 Target: AOL users Purpose: getting account passwords for free time Threat level: low Techniques: Similar names ( www.ao1.com for www.aol.com ), social engineering  Phishing in 2001 Target: Ebayers and major banks Purpose: getting credit card numbers, accounts Threat level: medium Techniques: Same in 1995, keylogger  Phishing in 2007 Target: Paypal, banks, ebay Purpose: bank accounts Threat level: high Techniques: browser vulnerabilities, link obfuscation History of Phishing 04
  • 6. The human factor of security Configuration Neglect Deceit 06
  • 7. Types of Phishing Mass Phishing – Mass, large-volume attack intended to reach as many people as possible Spear Phishing – Targeted attack directed at specific individuals or companies using gathered information to personalize the message and make the scam more difficult to detect Whaling – Type of spear phishing attack that targets “big fish,” including high- profile individuals or those with a great deal of authority or access Clone Phishing – Spoofed copy of a legitimate and previously delivered email, with original attachments or hyperlinks replaced with malicious versions, which is sent from a forged email address, so it appears to come from the original sender or another legitimate source Advance-Fee Scam: Requests the target to send money or bank account information to the cybercriminal 07
  • 8. Types of Phishing  Social Engineering - On your Facebook profile or LinkedIn profile, you can find: Name, Date of Birth, Location, Workplace, Interests, Hobbies, Skills, your Relationship Status, Telephone Number, Email Address and Favorite Food. This is everything a Cybercriminal needs in order to fool you into thinking that the message or email is legitimate.  Link Manipulation - Most methods of phishing use some form of deception designed to make a link in an email appear to belong to the spoofed organization or person. Misspelled URLs or the use of subdomains are common tricks used by phishers. Many email clients or web browsers will show previews of where a link will take the user in the bottom left of the screen or while hovering the mouse cursor over a link. 08
  • 10. 1. This email looks like a legit PayPal email that you would normally see. So, the first thing to do is to see if you recognize the email, or if you have done any kind of transaction with this email address. Also look through the email for spelling and grammatical errors, as Cybercriminals will often leave these errors in the body of the email. 2. Second, see if the item in question is one that you bought or sold. If not, then delete and move on. 3. Look at the email circled, if this was an official email from PayPal, it would end in “@paypal.com” not mail2world. 10
  • 11. Cause of Growing the phishing Attacks Lack of awareness: Users aren't that privy to the devious and devious approaches of attackers. Lack of knowledge: Users aren't that acquainted with on-line transaction policies, making it greater vulnerable to phishing scams regardless of its technical elegance. Technical modernization: Attackers constantly appear to improve to the brand-new technology to be had at the market. While customers are exceptionally privy to phishing, attackers have an aspect over customers through growing new and revolutionary strategies to counteract this awareness. 11
  • 12. Phishing Preventive Keep your non-public records private: Things like a financial institution account number, cell phone number, address, passwords, etc. Ignore unknown emails: asking for your non-public records and giving you an exact deadline when they should be cluttered in a longer period. Money Scam: Stop believing the emails or messages that claim you have received a large amount of cash from some valid websites and ask you to provide non - public details. Secure device: Update your machine with the trendy and maximum promising protection software, inclusive of antivirus, antispyware, firewall, unsolicited mail filter, etc. 12
  • 13. Identifying Phishing Email Tip 1: Don’t trust the display name A favorite phishing tactic among cybercriminals is to spoof the display name of an email. Since most banks don’t own the domain “secure.com,” email authentication defenses will not block this email on My Bank’s behalf. Once delivered, the email appears legitimate because most user inboxes and cell phones will only present the display name. Always check the email address in the header from—if looks suspicious, flag the email. Tip 2: Look but don’t click Cybercriminals love to embed malicious links in legitimate-sounding copy. Hover your mouse over any links you find embedded in the body of your email. If the link address looks weird, don’t click on it. If you have any reservations about the link, send the email directly to IT. Tip 3: Check for spelling mistakes Brands are pretty serious about email. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully and report anything that seems suspicious. Tip 4: Analyze the salutation Is the email addressed to a vague “Valued Customer?” If so, watch out—legitimate businesses will often use a personal salutation with your first and last name. Tip 5: Don’t give up personal or company confidential information Most companies will never ask for personal credentials via email--especially banks. Likewise, most companies will have policies in place preventing external communications of business IP. Stop yourself before revealing any confidential information over email. 13
  • 14. Identifying Phishing Email Tip 6: Beware of urgent or threatening language in the subject line Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim your “account has been suspended” or ask you to action an “urgent payment request.” Tip 7: Review the signature Lack of details about the signer or how you can contact a company strongly suggests a phish. Legitimate businesses always provide contact details. Check for them! Tip 8: Don’t click on attachments Including malicious attachments that contain viruses and malware is a common phishing tactic. Malware can damage files on your computer, steal your passwords or spy on you without your knowledge. Don’t open any email attachments you weren’t expecting. Tip 9: Don’t trust the header from email address Fraudsters not only spoof brands in the display name, but also spoof brands in the header from email address, including the domain name. Keep in mind that just because the sender’s email address looks legitimate (e.g. sendername@yourcompany.com), it may not be. A familiar name in your inbox isn’t always who you think it is! Tip 10: Don’t believe everything you see Phishers are extremely good at what they do. Many malicious emails include convincing brand logos, language, and a seemingly valid email address. Be skeptical when it comes to your email messages—if it looks even remotely suspicious, do not open it. 14
  • 15. Protect Yourself: Refuse the Bait  STOP. THINK. CONNECT. Before you click, look for common baiting tactics If the message looks suspicious or too good to be true, treat it as such  Install and maintain antivirus software on your electronic devices  Use email filters to reduce spam and malicious traffic  Be wary of messages asking for passwords or other personal information No one from any certified site will ask for your password Most reputable businesses and organizations will not ask for this information via email  Never send passwords, bank account numbers or other private information in an email Do not reply to requests for this information Verify by contacting the company or individual, but do not use the contact information included in the message 15
  • 16. Protect Yourself: Refuse the Bait  Do not click on any hyperlinks in the email  User your computer mouse to hover over each link to verify its actual destination, even if the message appears to be from a trusted source  Pay attention to the URL and look for a variation in spelling or different domain (e.g., ndsu.edu vs. ndsu.com)  Consider navigating to familiar sites on your own instead of using links within messages  Examine websites closely  Malicious websites may look identical to legitimate sites  Look for “https://” or a lock icon in the address bar before entering any sensitive information on a website  If you have received a phishing message  Forward it directly to IT helpdesk which keeps intact important information that may help IT staff identify the source of the scam.  Then delete the message. 16
  • 17. Got Hooked: Protect Yourself: Act Now If you suspect… You should… You interacted with or replied to a phishing scam using your email account Immediately contact IT Help Desk You might have revealed or shared personal or financial information Immediately change the password(s) for your account(s). If you use the same password for multiple accounts and sites, change it for each account. Do not reuse that password in the future. Watch for signs of identity theft by reviewing your bank and credit card statements for unauthorized charges and activity. If you notice anything unusual, immediately contact your credit card or bank. Consider reporting the attack to the police and file a report. 17
  • 18. YIKES!!!! I’VE BEEN HOOKED, NOW WHAT???  Please notify Information Technology (IT) Help Desk ASAP.  To minimize risks, IT will disable your email account.  You will be required to participate in a brief anti - phishing training.  IT will assess the situation and enable your account when all risks have been resolved and you have completed training.  Depending on the severity of the attack, it may take up to 48 hours to complete this process and restore the use of your email account. 18
  • 19. 19