Presentation is loading. Please wait.

Presentation is loading. Please wait.

Phishing A practical case study. What is phishing? Phishing involves fraudulently acquiring sensitive information (e.g. passwords, credit card details.

Published byErica Miles Modified over 8 years ago

Similar presentations

Presentation on theme: "Phishing A practical case study. What is phishing? Phishing involves fraudulently acquiring sensitive information (e.g. passwords, credit card details."— Presentation transcript:

1 Phishing A practical case study

2 What is phishing? Phishing involves fraudulently acquiring sensitive information (e.g. passwords, credit card details etc) by masquerading as a trusted entity.

3 The sites www.noodlebank.com (i.e NOODLEBANK.com) www.noodlebank.com www.nood1ebank.com (i.e NOOD1EBANK.com) www.nood1ebank.com

4 The real site

5

6

7

8

9 The spoofed email

10 The spoofing The link appears as www.noodlebank.comwww.noodlebank.com (i.e NOODLEBANK.com) But actually it links to www.nood1ebank.comwww.nood1ebank.com (i.e NOOD1EBANK.com)

11 The fake site

12

13

14

15

16

17

18 The “steal” When Debasis entered his username- password at the spoofed website, the username-password was sent across to the criminal carrying out the phishing attack. In this case study the username-password is sent across to a spamavert email address so that it can be seen by everyone trying out this case study.

19

20 More examples… In this case study, the user was enticed with a misleading URL. Such urls can be created easily using simple html code such as: http://www.noodlebank.com This link displays the correct url but on clicking takes the user to the spoofed url.

21 Using a url with an ip address http://www.NOODLEBANK.com@67.19.217.53 This url does not lead to noodlebank.com, it leads to the website on the IP address 67.19.217.53

22 Using a split domain name http://www.NOODLEBANK.com.securitycheck.se cure-login.nood1ebank.com/login.asp This url does not lead to noodlebank.com, it leads to the spoofed website.

23 Using an obfuscated url http://www.NOODLEBANK.com%00@%36%37% 2e%31%39%2e%32%31%37%2e%35%33 This url does not lead to noodlebank.com, it leads to the website on the IP address 67.19.217.53

24 Hex to ASCII converter http://www.dolcevie.com/js/converter.html

25 Useful urls To try out the genuine website: http://www.noodlebank.com To try out the spoofed website: http://www.nood1ebank.com To see the usernames-passwords being “stolen” http://spamavert.com/mail.php?alias=noodlebank_com

26 Questions?

Download ppt "Phishing A practical case study. What is phishing? Phishing involves fraudulently acquiring sensitive information (e.g. passwords, credit card details."

Similar presentations

Phishing Scams use spoofed emails and websites as lures to prompt people to voluntarily hand over sensitive information Phishing emails may contain.

Phishing Scams use spoofed s and websites as lures to prompt people to voluntarily hand over sensitive information Phishing s may contain.
Protect Yourself Against Phishing. The good news: The number of US adult victims of identity fraud decreased from 9.3 million in 2005, to 8.4 million.

Protect Yourself Against Phishing. The good news: The number of US adult victims of identity fraud decreased from 9.3 million in 2005, to 8.4 million.
ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.

ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.
How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.

How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.
Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.

Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.

Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
Learn to protect yourself... a 21 st Century Scam.. Phishing.

Learn to protect yourself... a 21 st Century Scam.. Phishing.
A few simple steps, hints and tips to figure out if it is indeed fake. - By Emily Breuss.

A few simple steps, hints and tips to figure out if it is indeed fake. - By Emily Breuss.
Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.

Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.
Jason Rich CIS - 158 1.  The purpose of this project is to inform the audience about the act of phishing. Phishing is when fake websites are created.

Jason Rich CIS  The purpose of this project is to inform the audience about the act of phishing. Phishing is when fake websites are created.
  Cyberbullying can be as simple as continuing to send e- mail or text harassing someone who has said they want no further contact with the sender.

  Cyberbullying can be as simple as continuing to send e- mail or text harassing someone who has said they want no further contact with the sender.
Phishing (pronounced “fishing”) is the process of sending e-mail messages to lure Internet users into revealing personal information such as credit card.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
Internet Phishing Not the kind of Fishing you are used to.

Internet Phishing Not the kind of Fishing you are used to.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Threats To A Computer Network

Threats To A Computer Network
Cryptography: Keeping Your Information Safe. Information Assurance/Information Systems –What do we do? Keep information Safe Keep computers Safe –What.

Cryptography: Keeping Your Information Safe. Information Assurance/Information Systems –What do we do? Keep information Safe Keep computers Safe –What.
URL Obscuring COEN 152/252 Computer Forensics  Thomas Schwarz, S.J. 2004.

URL Obscuring COEN 152/252 Computer Forensics  Thomas Schwarz, S.J
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
AI&SS Administrative Group April, 2015. Meal Reimbursements. Invoices, Check Requests Year end deadlines for Accounting De-obligation of Accounts “Phishing”

AI&SS Administrative Group April, Meal Reimbursements. Invoices, Check Requests Year end deadlines for Accounting De-obligation of Accounts “Phishing”
Access the forum from the Support section of the GWB Student website or go directly to forum.gwb.com.

Access the forum from the Support section of the GWB Student website or go directly to forum.gwb.com.

Similar presentations

Ads by Google