Presented by

:
Fakhruddin Mustaffa
1
What is “Phishing”???
» Technique for acquiring your personal information and subsequently committing fraud in
your name.
» Include stealing your identity or emptying your checking and savings accounts.
» A form of cyber-crime that's growing faster than the ability of the police or courts to deal
with it.
» Simply a play on the word "fishing" — scammers drop email lures into the sea of Internet
users, hoping to hook your personal information.
» More dangerous variation called ―spear phishing‖
» More insidious than regular phishing.
» Assume that your sensitive information has been captured or is at risk.
» Until you’ve installed and run an anti-spyware program, do not log in to any of your
financial accounts.
» Crimeware will record your password and account information and transmit it to the
crooks, who then sell it to the highest bidder.
2
How does it occur???
» Conducted by email.
» Receive an authentic-looking email message that appears to come
from a legitimate business.
» Ask you to divulge or verify personal data such as an account number,
password, credit card number or Social Security number.
» Possible for you to be phished by mail, telephone or even in person.
» Through the use of Instant Messaging (IM), which can also be used
for identity theft as well as spreading viruses and spyware.
3
Who perpetrates it???
» Phishers are scam artists.
» Send millions of emails, realizing that even few recipients give them
identifying information.
» Purchase software specifically designed to help set up and manage a phishing
scam site.

Who is affected by phishing?
» Popular targets are users of online banking services and auction sites.
» Email address has been made public anywhere on the Internet then you are
more susceptible to phishing.
» Scammers can use spidering or Web-crawling programs to search the
Internet and collect millions of email addresses.

4
Check for
personalization.
Look for
urgency.
Verify a company's
contact information.
Examine images and
company logos carefully.
Beware of pop-up
forms.
Pay attention to
spelling and grammar.
Examine images and
company logos carefully.
Be cautious about
attachments.
5

• Be on guard

• Don't fill out a form on a Web site unless you know it is secure.

• Regularly check your bank, credit and debit card statements (paper and online).

• Ensure that your browser is up to date.

• Install and maintain antivirus and anti-spyware software

• Consider installing a phish-blocking toolbar on your Web browser.

• Stay informed.

6
Be careful not to click on any link inside the
email.
Stay calm.
Create a new email and copy the phishing email,
including its entire original text and header information,
and paste it into your new message.
Send your newly created email to each of the
reportphishing@antiphishing.org
File a complaint with the Internet Fraud Complaint
Center of the FBI. See http://www.ifccfbi.gov/ for
details.
7

*Phishing attacks usually target:
- Bank information – such as VISA and PayPal accounts.
- Username and password information.
- Social Security numbers.
- Mother maiden’s name can be used to retrieve forgotten or lost credentials.
*The above information allows scammers to:
- Make fraudulent charges on your credit or debit card.
- Make use of your credentials on different online services to commit crime
without being caught.

8
Save the
phishing email
Change your
passwords
immediately.
Report the
incident to:

•The company from whom the email appears to come.
•Federal Trade Commission (FTC)
•Internet Fraud Complaint Center (IFCC)
•Local authorities
Continue to
monitor your credit
card, business and
bank statements
(paper and online).
9
• Disturbing signs of evolving.
• Attacks becoming savvier & attackers beginning to share
code and techniques with virus writers called crackers.
• Slow down unless service providers adequately address
consumer security concerns in the form of strong
authentication.
• Time to educate their users on how to spot a phishing
attack.
• Email requests for passwords, credit card numbers, and
other private data are never legitimate.
10
11
Date of searching the information on the internet;
-15 FEBRUARY 2013
 Web;
http://www.ncsu.edu/it/essentials/antivirus_security/phishing/intro.html
http://www.ncsu.edu/it/essentials/antivirus_security/phishing/recognize.h
tml
http://www.ncsu.edu/it/essentials/antivirus_security/phishing/receive.htm
l
http://www.ncsu.edu/it/essentials/antivirus_security/phishing/avoid.html
http://www.ncsu.edu/it/essentials/antivirus_security/phishing/whatdo.htm
l

12