Phishing & Pharming
devendray
8,682 views
12 slides
May 09, 2009
Slide 1 of 12
1
2
3
4
5
6
7
8
9
10
11
12
About This Presentation
Phishing & Pharming - stealing personal information over the Internet
Slide Content
Devendra Yadav
31/05/2007
31/05/2007
Introduction11
Phishing Techniques22
Pharming Techniques33
Phishing Statistical Highlights44
Phishing/Pharming Demo55
Phishing Techniques22
Pharming Techniques33
Phishing Statistical Highlights44
Phishing/Pharming Demo55
In Computing both Phishing and Pharming are
criminal activity
Both Phishing and Pharming are methods used to
steal personal information over the Internet
User Id/Password
Credit Card Number
PIN
Phishing is typically carried out using email or an
instant message, and often directs users to give
details at a website
Pharming is a hacker's attack aiming to redirect a
website's traffic to another (bogus) website.
criminal activity
Both Phishing and Pharming are methods used to
steal personal information over the Internet
User Id/Password
Credit Card Number
PIN
Phishing is typically carried out using email or an
instant message, and often directs users to give
details at a website
Pharming is a hacker's attack aiming to redirect a
website's traffic to another (bogus) website.
Pharming is more dangerous than Phishing
In Phishing incorrect client request is sent
and if user is little bit intelligent he/she can
identify it very easily
In Pharming correct Client request is sent and
that get redirected to wrong server. So
identifying it is difficult for intelligent users
also
In Phishing incorrect client request is sent
and if user is little bit intelligent he/she can
identify it very easily
In Pharming correct Client request is sent and
that get redirected to wrong server. So
identifying it is difficult for intelligent users
also
1
2
4
3
Hacker Creates Fake website
Send link of website to user using
mail/instant messaging
User opens link provided by Hacker
User start sending/receiving information
from Fake website
Hacker
1
Fake website
2
4
3
User
Technique -1 Link manipulation
In this technique hackers manipulate links in such manner that it’s
difficult for user to identify whether is page is served form correct
website or fake website. Few of such techniques are
1. Misspelled URLs
e.g. http://www.0rkut.com
2. Sub domains
e.g. http://www.yourbank.com.example.com/
3. Using “@”
e.g. http://[email protected]/
Technique -2 Website forgery
In this technique hackers alter the address bar
1. Hiding Address bar
2. Altering the content of Address bar using scripts
3. putting image with legitimate URL over address bar
2
4
3
Hacker Creates Fake website
Send link of website to user using
mail/instant messaging
User opens link provided by Hacker
User start sending/receiving information
from Fake website
Hacker
1
Fake website
2
4
3
User
Technique -1 Link manipulation
In this technique hackers manipulate links in such manner that it’s
difficult for user to identify whether is page is served form correct
website or fake website. Few of such techniques are
1. Misspelled URLs
e.g. http://www.0rkut.com
2. Sub domains
e.g. http://www.yourbank.com.example.com/
3. Using “@”
e.g. http://[email protected]/
Technique -2 Website forgery
In this technique hackers alter the address bar
1. Hiding Address bar
2. Altering the content of Address bar using scripts
3. putting image with legitimate URL over address bar
In Pharming attackers try to redirect the user’s requests (web
traffic) to a bogus website, for doing this commonly used
techniques are:
◦Altering Host File
Host File location
%windir%/system32/drivers/etc/hosts (Windows)
/etc/hosts (Unix)
Sample Host file
◦Hijacking DNS Server/Local Network Router
traffic) to a bogus website, for doing this commonly used
techniques are:
◦Altering Host File
Host File location
%windir%/system32/drivers/etc/hosts (Windows)
/etc/hosts (Unix)
Sample Host file
◦Hijacking DNS Server/Local Network Router
Web Server
IP : 64.233.187.99
google.com
64.233.187.99
64.233.187.99
google.com
1
2
3
42
IP add. is not specified in
Host file
IP add. is specified in Host
file
DNS & Host File
IP : 64.233.187.99
google.com
64.233.187.99
64.233.187.99
google.com
1
2
3
42
IP add. is not specified in
Host file
IP add. is specified in Host
file
DNS & Host File
Number of unique phishing reports received in April:
23656
Number of unique phishing sites received in April: 55643
Number of brands hijacked by phishing campaigns in April: 172
Country hosting the most phishing websites in April:
United States
No hostname just IP address: 6 %
Percentage of sites not using port 80: 1.5 %
Average time online for site: 3.8
days
Longest time online for site: 27 days
Source: APWG(http://www.antiphishing.org)
23656
Number of unique phishing sites received in April: 55643
Number of brands hijacked by phishing campaigns in April: 172
Country hosting the most phishing websites in April:
United States
No hostname just IP address: 6 %
Percentage of sites not using port 80: 1.5 %
Average time online for site: 3.8
days
Longest time online for site: 27 days
Source: APWG(http://www.antiphishing.org)
Source: APWG(http://www.antiphishing.org)
1.United State 28.44%
2.France 26.9%
3.Republic of Korea 21.05%,
4.Romania 2.04%
5.China 1.9%
6.Germany 1.9%
7.Russia 1.75%
8.United Kingdom 1.46%
9.Turkey 1.46%,
10.Netherlands 1.17%.
Source: APWG(http://www.antiphishing.org)
2.France 26.9%
3.Republic of Korea 21.05%,
4.Romania 2.04%
5.China 1.9%
6.Germany 1.9%
7.Russia 1.75%
8.United Kingdom 1.46%
9.Turkey 1.46%,
10.Netherlands 1.17%.
Source: APWG(http://www.antiphishing.org)
Live Phishing URLs
http://website.lineone.net/~farrago/cia/phish/ebay2.htm
http://www.popsite-almere.nl/fotos/nieuws/data/www.anz.com/anzbank/ANZ/Bankmain.htm
http://posssit.freehostia.com/bancoposta.online.it/bpol/poste//login-privati1.html
http://www.safe-surf.org/cgi-bin/cgiproxy/nph-proxy.pl/000100A/http/www.myspace.com/
http://halifax-online-co-uk.idiotica.co.uk/_mem_/formslogin.asp/
http://session-7393533.nationalcity.com.userpro.tw/corporate/onlineservices/TreasuryMgmt/
http://website.lineone.net/~farrago/cia/phish/ebay2.htm
http://www.popsite-almere.nl/fotos/nieuws/data/www.anz.com/anzbank/ANZ/Bankmain.htm
http://posssit.freehostia.com/bancoposta.online.it/bpol/poste//login-privati1.html
http://www.safe-surf.org/cgi-bin/cgiproxy/nph-proxy.pl/000100A/http/www.myspace.com/
http://halifax-online-co-uk.idiotica.co.uk/_mem_/formslogin.asp/
http://session-7393533.nationalcity.com.userpro.tw/corporate/onlineservices/TreasuryMgmt/
Thank You !
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 8,682
- Slides 12
- Favorites 3
- Age 6072 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
85 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
80 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
76 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
62 views
21
Know for Certain
DaveSinNM
37 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
41 views