A PAPER PRESENTATION ON DETECTION AND PREVENTION OF PHISHING ATTACKS: A PAPER PRESENTATION ON DETECTION AND PREVENTION OF PHISHING ATTACKS BY MAHMOOD HASSAN KHAN AND SYED SAJJAD ALI From SHAAZ COLLEGE OF ENGINEERING & TECHNOLOGY CONTENTS: CONTENTS INTRODUCTION PHISHING ATTACK PROCEDURE AND PREVENTION METHODS POSSIBLE SOLUTIONS EXAMPLE CONCLUSION INTRODUCTION : INTRODUCTION Pronounced “Fishing" . The word ‘Phishing’ initially emerged in 1990s. The early hackers often use ‘ph’ to replace ‘f’ to produce new words in the hacker’s community. Phishing is a new type of network attack where the attacker creates a replica of an existing Web page to fool users (e.g., by using specially designed e-mails or instant messages) Scam to steal valuable information such as credit cards, social security numbers, user IDs and passwords. Also known as "brand spoofing" PHISHING ATTACK PROCEDURE AND PREVENTION METHODS : PHISHING ATTACK PROCEDURE AND PREVENTION METHODS THE PROCEDURE OF PHISHING ATTACKS: 1) Phishers set up a counterfeited Web site which looks exactly like the legitimate Web site. 2) Send large amount of spoofed e-mails to target users in the name of those legitimate companies and organizations. 3) Receivers receive the e-mail, open it, click the spoofed hyperlink in the e-mail, and input the required information. 4) Phishers steal the personal information and perform their fraud such as transferring money from the victims’ account. PowerPoint Presentation: APPROACHES TO PREVENT PHISHING ATTACKS: 1) Detect and block the phishing Web sites in time: 2) Enhance the security of the web sites 3) Block the phishing e-mails by various spam ﬁlters: 4)Install online anti-phishing software in user’s computers POSSIBLE SOLUTIONS: POSSIBLE SOLUTIONS Strong Website authentication Mail server authentication Digitally-signed e-mail with desktop verification Digitally-signed e-mail with gateway verification RECENT EXAMPLES OF ATTACKS FROM APWG: RECENT EXAMPLES OF ATTACKS FROM APWG Nov 15 - People's Bank - 'New Mail from People' Nov 10 - Citibank - 'Citibank Alert Service' Nov 9 - PayPal - 'Your Account Will Be Suspended' Nov 2 - Sovereign Bank - 'Sovereign Bank Unauthorized Account Access' Nov 1 - Citibank - 'Security Alert on Microsoft Internet Explorer' Oct 29 - eBay - 'TKO NOTICE: Verify Your Identity' Oct 28 - Verizon - 'Update your Verizon billing profile' Oct 27 - Washington Mutual Bank - 'Washington Mutual Bank : Notification of Washington Mutual Internet Banking Account‘ CITIBANK (NOV 10): CITIBANK (NOV 10) Links to http://220.127.116.11/citi CONCLUSION: CONCLUSION Phishing has becoming a serious network security problem, causing finical lose of billions of dollars to both consumers and e-commerce companies. And perhaps more fundamentally, phishing has made e-commerce distrusted and less attractive to normal consumers. An anti-phishing algorithm is designed , LinkGuard, based on the derived characteristics. Since Phishing Guard is characteristic based, it will not only detect known attacks, but also is effective to the unknown ones. We have implemented LinkGuard for Windows XP. Our experiment showed that LinkGuard is light-weighted and can detect up to 96% unknown phishing attacks in real-time. We believe that LinkGuard is not only useful for detecting phishing attacks, but also can shield users from malicious or unsolicited links in Web pages and Instant messages. Any Questions???: Any Questions???