SlideShare uma empresa Scribd logo

Phishing & Pharming Explained.pdf

E
Evs, Lahore

The presentation is all about internet scams and specially describe the concept of Phishing & pharming and all its related type with a comprehensive description.

Tecnologia
1 de 15
Baixar para ler offline
Phishing Phishing is a types of Internet Scam or Cyber Attack, often used to steal user data, including login credentials and credit card numbers. Govt. Science College Presented by Zubair Jamil
How it works? It occurs when an attacker, veiled as a trusted entity, fools a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack or the revealing of sensitive information. Sometime the attacker trick the victim by presenting himself as popular site with its same user interface and is redirected to the login page and by entering login credentials, victim exposes his identity to the attackers.
Example of Email Phishing In this example attacker present himself as your university‘s administration and ask you to renew your password and when you click the link you are redirected to a malicious site which have the same interface as your university have, and he tricks you and ask your old login credentials for renewing your password.
$57.8 Billion According to the FBI's 2019 Internet Crime Report, more than 114,700 people fell victim to phishing scams in 2019. Collectively, they lost $57.8 million, or about $500 each. More than 50% of the development expenditure of HEC ( Total 108 Billion - 2021) According to the FBI's 2017 Internet Crime Report, more than 300,000 people fell victim to phishing scams in 2017 and lost $1.4 billion.
Some Phishing Techniques The way how Attacker attacks in most of the cases Is known as technique. Some of the most common and popular techniques are mentioned here. Spear Phishing Email Phishing MITM Attack Vishing Smishing Angler Phishing Whaling Pharming
Spear Phishing Spear phishing is an email or electronic commun- ications scam targeted to a specific individual, organ- ization often intended to steal data for malicious purposes. An email arrives, apparently from a trustworthy source, but instead it leads the unknowing recipient to a bogus website full of malware. These emails often use clever tactics to get victims' attention. For example, the FBI has warned of spear phishing scams where the emails appeared to be from the National Center for Missing and Exploited Children.
MITM Attack A man in the middle (MITM) attack is a general term for when a perpetrator positions himself in a conversation between a user and an application The goal of an attack is to steal personal information, such as login credentials, account details and credit card numbers. Targets are typically the users of financial applications, SaaS businesses, e-commerce sites and other websites where logging in is required. Information obtained during an attack could be used for many purposes, including identity theft, unapproved fund transfers or an illicit password change.
Smishing &Vishing Smishing and vishing are types of phishing attacks that use text messaging (SMS) and voice calls to manipulate victims into giving over sensitive data to cybercriminals. Smishing, also called SMS phishing, uses social engineering tactics carried out over text messaging. A criminal can us a phone number to send text messages that appear to be from trusted senders, like a bank, a co-worker, or a popular online retailer. The goal is to get you to give the cybercriminal sensitive information. Vishing (stands for voice phishing), is a type of phishing attack conducted over the phone. Vishing attackers fake their caller ID to appear to be calling from a local area code to the victim. Some attackers may use their real voice to appear more trustworthy, This is a popular attack method to use because VoIP users are not required to provide proof to obtain caller ID data, which means they can easily disguise themselves as anyone. (VoIP stands for Voice Over Internet Protocol phones.)
Angler Phishing People disguise themselves as a customer service agent on social media in order to reach a unhappy customer and obtain their personal information or account credentials. Fake accounts will answer people who are airing complaints on social media, usually via Facebook or Twitter. These fake accounts disguise themselves under a handle that includes the name of the financial institution, hoping that the people who are upset won’t realize that they aren’t a valid account. The fake account will attempt to offer the disgruntled person a link that they claim will take them directly to an agent ready to talk to them. Clicking that link, however, will either install malware onto their computer, or lead them to another website that will try to get information and money from them.
Whaling Whaling is a common cyber attack that occurs when an attacker utilizes spear phishing methods to go after a large, high-profile target. n a whaling attack, attackers send an email that looks and seems like a legitimate email from a trusted source, often a contact within the company or with a partner, vendor, or customer account. A whaling email will contain enough personal details or references gleaned from internet research to convince the recipient that it is legitimate. Whaling attacks may also ask a user to click on a link that leads to a spoofed website that looks identical to a legitimate site, where information can be collected, or malware can be downloaded.
Pharming Pharming is a type of social engineering cyberattack in which criminals redirect internet users trying to reach a specific website to a different, fake site. These “spoofed” sites aim to capture a victim’s personally identifiable information (PII) and log-in credentials, such as passwords, social security numbers, account numbers, and so on, or else they attempt to install pharming malware on their computer. Pharmers often target websites in the financial sector, including banks, online payment platforms, or e- commerce sites, usually with identity theft as their ultimate objective.
How To Protect Ourselves? Security Awareness Training & Education Email Gateway Reputation Based Solutions Urgent call to actions & threats First Time or Infrequent Sender 5 Suspicious Linking 1 2 3 4
What If You Are Under Attack? Change all your social accounts passwords. Must Freeze your bank cards immediately. Run virus scans. Take you machine to computer expert in case of ransomware attack. 1 3 2 4
Some Resources From The Internet Types of Phishing >> https://www.webroot.com/us/en/resources/tips-articles/what-is-phishing 1 Hidden Content behind an Email >> https://www.sciencedirect.com/topics/computer-science/malicious-email 2
Thank You With ❤ by Zubair Jamil at Govt. Science College, Lahore.

Recomendados

Malware and security
Malware and securityMalware and security
Malware and security
Gurbakash Phonsa
 
Web application security
Web application securityWeb application security
Web application security
Akhil Raj
 
information security awareness course
information security awareness courseinformation security awareness course
information security awareness course
Abdul Manaf Vellakodath
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks ppt
Aryan Ragu
 
Phishing
PhishingPhishing
Phishing
Sagar Rai
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You Safe
CheapSSLsecurity
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?
Quick Heal Technologies Ltd.
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
Fabiha Shahzad
 

Recomendados

Malware and security
Malware and securityMalware and security
Malware and security
Gurbakash Phonsa
 
Web application security
Web application securityWeb application security
Web application security
Akhil Raj
 
information security awareness course
information security awareness courseinformation security awareness course
information security awareness course
Abdul Manaf Vellakodath
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks ppt
Aryan Ragu
 
Phishing
PhishingPhishing
Phishing
Sagar Rai
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You Safe
CheapSSLsecurity
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?
Quick Heal Technologies Ltd.
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
Fabiha Shahzad
 
Phishing
PhishingPhishing
Phishing
SouganthikaSankaresw
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasures
Jorge Sebastiao
 
Phishing
PhishingPhishing
Phishing
SaurabhKantSahu1
 
Guide to MFA
Guide to MFAGuide to MFA
Guide to MFA
Jack Forbes
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
Suryansh Srivastava
 
Phishing
PhishingPhishing
Phishing
Sreekanth Narendran
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation
Nikolaos Georgitsopoulos
 
Phishing
PhishingPhishing
Phishing
anjalika sinha
 
Malware ppt
Malware pptMalware ppt
Malware ppt
Faiz Khan
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
Rohan Bharadwaj
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
pooja_doshi
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...
Okan YILDIZ
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing Attacks
Jagan Mohan
 
Spoofing Techniques
Spoofing TechniquesSpoofing Techniques
Spoofing Techniques
Raza_Abidi
 
Spoofing
SpoofingSpoofing
Spoofing
Sanjeev
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
krishh sivakrishna
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness Training
Randy Bowman
 
Lesson 5 protecting yourself on the internet
Lesson 5 protecting yourself on the internetLesson 5 protecting yourself on the internet
Lesson 5 protecting yourself on the internet
San Diego Continuing Education
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacks
Ramiro Cid
 
Phishing Attack Awareness and Prevention
Phishing Attack Awareness and PreventionPhishing Attack Awareness and Prevention
Phishing Attack Awareness and Prevention
sonalikharade3
 
Cyber security ATTACK on Retired Personnel, MITIGATION and Best Practices
Cyber security ATTACK on Retired Personnel, MITIGATION and Best PracticesCyber security ATTACK on Retired Personnel, MITIGATION and Best Practices
Cyber security ATTACK on Retired Personnel, MITIGATION and Best Practices
Oluwatobi Olowu
 

Mais conteúdo relacionado

Mais procurados

Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
pooja_doshi
 
Spoofing
SpoofingSpoofing
Spoofing
Sanjeev
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness Training
Randy Bowman
 

Mais procurados (20)

Phishing
PhishingPhishing
Phishing
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasures
 
Phishing
PhishingPhishing
Phishing
 
Guide to MFA
Guide to MFAGuide to MFA
Guide to MFA
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
 
Phishing
PhishingPhishing
Phishing
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation
 
Phishing
PhishingPhishing
Phishing
 
Malware ppt
Malware pptMalware ppt
Malware ppt
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
 
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing Attacks
 
Spoofing Techniques
Spoofing TechniquesSpoofing Techniques
Spoofing Techniques
 
Spoofing
SpoofingSpoofing
Spoofing
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness Training
 
Lesson 5 protecting yourself on the internet
Lesson 5 protecting yourself on the internetLesson 5 protecting yourself on the internet
Lesson 5 protecting yourself on the internet
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacks
 

Semelhante a Phishing & Pharming Explained.pdf

December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10
seadeloitte
 
ICT-phishing
ICT-phishingICT-phishing
ICT-phishing
MH BS
 
Using OTP prevent Phishing attacks
Using OTP prevent Phishing attacksUsing OTP prevent Phishing attacks
Using OTP prevent Phishing attacks
riteshsarode1995
 

Semelhante a Phishing & Pharming Explained.pdf (20)

Phishing Attack Awareness and Prevention
Phishing Attack Awareness and PreventionPhishing Attack Awareness and Prevention
Phishing Attack Awareness and Prevention
 
Cyber security ATTACK on Retired Personnel, MITIGATION and Best Practices
Cyber security ATTACK on Retired Personnel, MITIGATION and Best PracticesCyber security ATTACK on Retired Personnel, MITIGATION and Best Practices
Cyber security ATTACK on Retired Personnel, MITIGATION and Best Practices
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
 
Unit iii: Common Hacking Techniques
Unit iii: Common Hacking TechniquesUnit iii: Common Hacking Techniques
Unit iii: Common Hacking Techniques
 
What is a phishing attack
What is a phishing attackWhat is a phishing attack
What is a phishing attack
 
December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10
 
Phish Phry- Analysis paper
Phish Phry- Analysis paper Phish Phry- Analysis paper
Phish Phry- Analysis paper
 
ICT-phishing
ICT-phishingICT-phishing
ICT-phishing
 
Phishing
PhishingPhishing
Phishing
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
IDENTIFYING CYBER THREATS NEAR YOU
IDENTIFYING CYBER THREATS NEAR YOUIDENTIFYING CYBER THREATS NEAR YOU
IDENTIFYING CYBER THREATS NEAR YOU
 
Using OTP prevent Phishing attacks
Using OTP prevent Phishing attacksUsing OTP prevent Phishing attacks
Using OTP prevent Phishing attacks
 
Tittl e
Tittl eTittl e
Tittl e
 
Internet Fraud
Internet FraudInternet Fraud
Internet Fraud
 
Internet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptx
Internet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptxInternet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptx
Internet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptx
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Phishing.pdf
Phishing.pdfPhishing.pdf
Phishing.pdf
 
Phis
PhisPhis
Phis
 

Último

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 

Último (20)

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 

Phishing & Pharming Explained.pdf

  • 1. Phishing Phishing is a types of Internet Scam or Cyber Attack, often used to steal user data, including login credentials and credit card numbers. Govt. Science College Presented by Zubair Jamil
  • 2. How it works? It occurs when an attacker, veiled as a trusted entity, fools a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack or the revealing of sensitive information. Sometime the attacker trick the victim by presenting himself as popular site with its same user interface and is redirected to the login page and by entering login credentials, victim exposes his identity to the attackers.
  • 3. Example of Email Phishing In this example attacker present himself as your university‘s administration and ask you to renew your password and when you click the link you are redirected to a malicious site which have the same interface as your university have, and he tricks you and ask your old login credentials for renewing your password.
  • 4. $57.8 Billion According to the FBI's 2019 Internet Crime Report, more than 114,700 people fell victim to phishing scams in 2019. Collectively, they lost $57.8 million, or about $500 each. More than 50% of the development expenditure of HEC ( Total 108 Billion - 2021) According to the FBI's 2017 Internet Crime Report, more than 300,000 people fell victim to phishing scams in 2017 and lost $1.4 billion.
  • 5. Some Phishing Techniques The way how Attacker attacks in most of the cases Is known as technique. Some of the most common and popular techniques are mentioned here. Spear Phishing Email Phishing MITM Attack Vishing Smishing Angler Phishing Whaling Pharming
  • 6. Spear Phishing Spear phishing is an email or electronic commun- ications scam targeted to a specific individual, organ- ization often intended to steal data for malicious purposes. An email arrives, apparently from a trustworthy source, but instead it leads the unknowing recipient to a bogus website full of malware. These emails often use clever tactics to get victims' attention. For example, the FBI has warned of spear phishing scams where the emails appeared to be from the National Center for Missing and Exploited Children.
  • 7. MITM Attack A man in the middle (MITM) attack is a general term for when a perpetrator positions himself in a conversation between a user and an application The goal of an attack is to steal personal information, such as login credentials, account details and credit card numbers. Targets are typically the users of financial applications, SaaS businesses, e-commerce sites and other websites where logging in is required. Information obtained during an attack could be used for many purposes, including identity theft, unapproved fund transfers or an illicit password change.
  • 8. Smishing &Vishing Smishing and vishing are types of phishing attacks that use text messaging (SMS) and voice calls to manipulate victims into giving over sensitive data to cybercriminals. Smishing, also called SMS phishing, uses social engineering tactics carried out over text messaging. A criminal can us a phone number to send text messages that appear to be from trusted senders, like a bank, a co-worker, or a popular online retailer. The goal is to get you to give the cybercriminal sensitive information. Vishing (stands for voice phishing), is a type of phishing attack conducted over the phone. Vishing attackers fake their caller ID to appear to be calling from a local area code to the victim. Some attackers may use their real voice to appear more trustworthy, This is a popular attack method to use because VoIP users are not required to provide proof to obtain caller ID data, which means they can easily disguise themselves as anyone. (VoIP stands for Voice Over Internet Protocol phones.)
  • 9. Angler Phishing People disguise themselves as a customer service agent on social media in order to reach a unhappy customer and obtain their personal information or account credentials. Fake accounts will answer people who are airing complaints on social media, usually via Facebook or Twitter. These fake accounts disguise themselves under a handle that includes the name of the financial institution, hoping that the people who are upset won’t realize that they aren’t a valid account. The fake account will attempt to offer the disgruntled person a link that they claim will take them directly to an agent ready to talk to them. Clicking that link, however, will either install malware onto their computer, or lead them to another website that will try to get information and money from them.
  • 10. Whaling Whaling is a common cyber attack that occurs when an attacker utilizes spear phishing methods to go after a large, high-profile target. n a whaling attack, attackers send an email that looks and seems like a legitimate email from a trusted source, often a contact within the company or with a partner, vendor, or customer account. A whaling email will contain enough personal details or references gleaned from internet research to convince the recipient that it is legitimate. Whaling attacks may also ask a user to click on a link that leads to a spoofed website that looks identical to a legitimate site, where information can be collected, or malware can be downloaded.
  • 11. Pharming Pharming is a type of social engineering cyberattack in which criminals redirect internet users trying to reach a specific website to a different, fake site. These “spoofed” sites aim to capture a victim’s personally identifiable information (PII) and log-in credentials, such as passwords, social security numbers, account numbers, and so on, or else they attempt to install pharming malware on their computer. Pharmers often target websites in the financial sector, including banks, online payment platforms, or e- commerce sites, usually with identity theft as their ultimate objective.
  • 12. How To Protect Ourselves? Security Awareness Training & Education Email Gateway Reputation Based Solutions Urgent call to actions & threats First Time or Infrequent Sender 5 Suspicious Linking 1 2 3 4
  • 13. What If You Are Under Attack? Change all your social accounts passwords. Must Freeze your bank cards immediately. Run virus scans. Take you machine to computer expert in case of ransomware attack. 1 3 2 4
  • 14. Some Resources From The Internet Types of Phishing >> https://www.webroot.com/us/en/resources/tips-articles/what-is-phishing 1 Hidden Content behind an Email >> https://www.sciencedirect.com/topics/computer-science/malicious-email 2
  • 15. Thank You With ❤ by Zubair Jamil at Govt. Science College, Lahore.