PHISHING ATTACK &

DRIVE-BY ATTACK
PREPARED BY
JHON RHALF BENTING
ROMEL PASILAN
KENNETH ABANELLA
FLORDELIZ MAE HILONGOS
ROGIE MAE HERRERA
CARLA MARQUEZ QUIÑO
PHISHING ATTACK
PHISHING ATTACK
 PHISHING ATTACK
Phishing is a type of social engineering attack
often used to steal user data, including login
credentials and credit card numbers. It occurs
when an attacker, masquerading as a trusted
entity, dupes a victim into opening an email,
instant message, or text message
KINDS OF PHISHING
 KINDS OF PHISHING

Email Phishing
 KINDS OF PHISHING

Email Phishing
Vishing
 KINDS OF PHISHING

Email Phishing
Vishing
Pharming
 KINDS OF PHISHING

Email Phishing
Vishing
Pharming
Pop-up Phishing
 KINDS OF PHISHING

Email Phishing
Smishing
Vishing
Pharming
Pop-up Phishing
 KINDS OF PHISHING

Email Phishing
Smishing
Vishing
Angler Phishing
Pharming
Pop-up Phishing
 KINDS OF PHISHING

Email Phishing
Smishing
Vishing
Angler Phishing
Pharming
Website Spoofing
Pop-up Phishing
 Email Phishing

In an email phishing scam, the attacker

sends an email that looks legitimate,
designed to trick the recipient into entering
information in reply or on a site that the
hacker can use to steal or sell their data.
 Vishing

Vishing, which is short for "voice phishing,"

is when someone uses the phone to try to
steal information. The attacker may pretend
to be a trusted friend or relative or to
represent them.
 Pharming

In a pharming attack, the victim gets

malicious code installed on their computer.
This code then sends the victim to a fake
website designed to gather their login
credentials.
 Pop-up Phishing
Pop-up phishing often uses a pop-up about
a problem with your computer’s security or
some other issue to trick you into clicking.
You are then directed to download a file,
which ends up being malware, or to call
what is supposed to be a support center.
 Smishing

Smishing is phishing through some form of a

text message or SMS.
 Angler Phishing
Anglers use fake social media posts to get
people to provide login info or download
malware.
 Website Spoofing
With website spoofing, a hacker creates a
fake website that looks legitimate. When
you use the site to log in to an account, your
info is collected by the attacker.
10 Ways To Avoid Phishing Scams
 Keep Informed About Phishing
Techniques
New phishing scams are being developed all the time.
Without staying on top of these new phishing techniques,
you could inadvertently fall prey to one. Keep your eyes
peeled for news about new phishing scams. By finding out
about them as early as possible, you will be at much
lower risk of getting snared by one.
 Think Before You Click

A phishing email may claim to be from a legitimate

company and when you click the link to the website, it
may look exactly like the real website. The email may ask
you to fill in the information but the email may not
contain your name.
 Install an Anti-Phishing Toolbar

Most popular Internet browsers can be customized with

anti-phishing toolbars. Such toolbars run quick checks on
the sites that you are visiting and compare them to lists of
known phishing sites. If you stumble upon a malicious
site, the toolbar will alert you about it.
 Verify a Site’s Security

If you get a message stating a certain website may

contain malicious files, do not open the website. Never
download files from suspicious emails or websites. Even
search engines may show certain links which may lead
users to a phishing webpage which offers low cost
products.
 Check Your Online Accounts
Regularly
Even if you don’t technically need to, check in with each
of your online accounts on a regular basis. Get into the
habit of changing your passwords regularly too. To
prevent bank phishing and credit card phishing scams,
you should personally check your statements regularly.
 Keep Your Browser Up to Date

Security patches are released for popular

browsers all the time. They are released in
response to the security loopholes that phishers
and other hackers inevitably discover and exploit.
 Use Firewalls

High-quality firewalls act as buffers between you,

your computer and outside intruders. You should
use two different kinds: a desktop firewall and a
network firewall.
 Be Wary of Pop-Ups

Pop-up windows often masquerade as legitimate

components of a website. All too often, though,
they are phishing attempts.
 Never Give Out Personal
Information

As a general rule, you should never share

personal or financially sensitive information over
the Internet.
 Use Antivirus Software

There are plenty of reasons to use antivirus

software. Special signatures that are included with
antivirus software guard against known
technology workarounds and loopholes. Just be
sure to keep your software up to date.
Drive-by attacks
 Drive-by attacks

drive-by attack, also known as a drive-by download attack,

refers to a cyberattack in which a malicious script causes a
program to download and install itself on a user device,
without explicit permission from the user. It can happen on
any user device, running any operating system. Often, these
attacks occur when the user navigates to and browses a
compromised web page.
Drive-by attacks
Types of Drive-by Download Attacks
Types of Drive-by Download Attacks
Exploit kits

Malvertising

Cross-site scripting (XSS) attacks

Phishing attacks

Watering hole
 Exploit kits

They’re collections of codes used by

attackers to take advantage of software
vulnerabilities on the victim’s device. You
can get infected this way through emails,
messaging platforms, or even through a
simple visit on a website that hosts an
exploit kit.
 Malvertising

Codes inserted by threat actors in ads on

legitimate websites. When clicked, this ads
will redirect the victim to websites hosting
an exploit kit, or it will automatically
download the kit on the endpoint.
 Cross-site scripting (XSS) attacks

Such attacks happen when a website doesn’t

validate or sanitize the user input before
processing it, leaving space for threat actors
to inject malware and spread them to users
visiting the site.
 Phishing attacks

A well known one, in such attacks threat

actors use social engineering tactics to
tempt the victim into clicking an infected
link or download malware-filled files.
They’re usually conducted through emails,
social media, and online messaging apps.
 Watering hole

These attacks target a specific group of

users who are known to visit particular sites
and resources on a regular basis.
There are two types of drive-by download attacks
There are two types of drive-by download attacks

Active Passive
 Active

Active Drive-by Download Attacks

This type of attack needs the user to interact

with the malicious content. The attacker will
try to fool the victim into clicking an infected
link, or download a file carrying malware.
 Passiv
e

Passive Drive-by Download Attacks

The attacker uses browser vulnerabilities to

infect the victim’s computer with malicious
code without their knowledge or interaction.
To prevent and detect drive by attacks
 To prevent and detect drive by attacks

Avoid suspicious websites

Of course, care should always be taken not to

visit suspicious websites in the first place.Try and
stick to browsing well-known sites with valid
security certificates.
 To prevent and detect drive by attacks

When in doubt, don’t click

To avoid falling victim to a drive-by attack, it’s important to

verify that all links are legitimate before clicking on them.
Pay particular attention to advertisements, and anything that
promises some kind of reward, or encourages you to input
valuable data. Look out for the common signs of suspicious
content, such as low quality images, or spelling mistakes.
 To prevent and detect drive by attacks

Only download software from legitimate sources

When you’re downloading software, make sure the site

you’re downloading from is known, secure, and reputable. In
addition, whenever installing software, make sure not to
install any of the optional extra software (‘bundleware’) that
comes with it, in case it contains malicious code..
 To prevent and detect drive by attacks
Use a comprehensive, modern security strategy
It’s crucial to have robust antivirus and firewall software
solutions in place to detect threats such as malware. These
traditional security solutions provide first-level protection for
the user from malicious Internet content. However, because
they use a signature-based approach, they can detect only
known threats and are wholly ineffective against new
variants and zero day threats.
 To prevent and detect drive by attacks
Keep your software up-to-date, including your operating
system
To ensure the highest levels of protection against malware
and other web-based threats, keep all of your software up-to-
date, including the automatic updates that are run by your
operating system. Often, when security vulnerabilities are
discovered, the software vendor will come up with a patch or
fix to address the issue.
 To prevent and detect drive by attacks
Keep your software up-to-date, including your operating
system
To ensure the highest levels of protection against malware
and other web-based threats, keep all of your software up-to-
date, including the automatic updates that are run by your
operating system. Often, when security vulnerabilities are
discovered, the software vendor will come up with a patch or
fix to address the issue.
End