Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Phishing Scams

Phishing Scams

Rajiv Manivannan

February 01, 2020
Tweet

More Decks by Rajiv Manivannan

Other Decks in Technology

Transcript

  1. What is Phishing Phishing is the fraudulent attempt to obtain

    sensitive information including user data, login credentials, credit card details through electronic communication.
  2. How? • Attacker send an email that appears to be

    from a legitimate company and ask to provide sensitive information. • Contact through phone call by mimicking the know entity. For example, I am your virtual relationship manager calling from you bank your credit card is block. Kindly share your CCV number and received OTP to activate it. • Using a Phishing kit - It’s a web component. Attackers replicated a known brand or organisation’s legitimate website. Those url will be sent to target by email or other medium. Crowd-sourced lists of known phishing kits https://openphish.com www.phishtank.com
  3. Phishing Technique Spear Phishing - attacks directed at specific individuals

    or companies. Whaling - attacks directed specifically at senior executives and other high-profile targets. Vishing - contact target by telephone mimics known entities to steal sensitive information. …
  4. Punishment Punishment is upto 2 years jail term / fine

    amount / both Such fraudulent are punishable under Indian Penal Code, 1860 (IPC) It’s often invoked along with the Information Technology Act, 2000.
  5. Why it continues to happen • It’s very hard to

    trace the identity of Phishing scammer. • There is a legal principle “Bail is rule and jail is an exception”. • Whoever committed this offence they can easily come out in bail and engage in committing the crime again.
  6. Pay attention to the SSL and browser warnings As per

    Anti-Phishing Working Group 2020 report, 75 percent of all phishing sites now use SSL protection
  7. Sender Policy Framework (SPF)* Sender Policy Framework (SPF) record- is

    a type of Domain Name Service (DNS) TXT record that identifies which mail servers are permitted to send email on behalf of your domain. * For Organization
  8. DomainKeys Identified Mail (DKIM)* DomainKeys Identified Mail (DKIM)- Organisation take

    responsibility for a message that is in transit. The organisation is a handler of the message, either as its originator or as an intermediary. * For Organization
  9. Cure • Change all your passwords. • For banking related

    frauds Immediately approach your bank give a formal complaint with whatever proof you have. • Report the phishing website url here https:// safebrowsing.google.com
  10. If the transaction happens without user’s Intervention In 2017, RBI

    sent a circular to all the banks if such fraudulent are reported the bank has to take resolution with in 3 days and revert back the money to customer. Limiting Liability of Customers in Unauthorised Electronic Banking Transactions
  11. If the transaction happens by deceiving the user • If

    the action is taken by the bank and phisher’s account is freeze by the bank you can approach the court with proper documents and get direction to get your money back. • If the phisher withdraw the money and gone untraceable, bank have option to claim from their insurance and credit to the customer account.