Slide 1

Slide 1 text

Rajiv Manivannan

Slide 2

Slide 2 text

What is Phishing Phishing is the fraudulent attempt to obtain sensitive information including user data, login credentials, credit card details through electronic communication.

Slide 3

Slide 3 text

How? • Attacker send an email that appears to be from a legitimate company and ask to provide sensitive information. • Contact through phone call by mimicking the know entity. For example, I am your virtual relationship manager calling from you bank your credit card is block. Kindly share your CCV number and received OTP to activate it. • Using a Phishing kit - It’s a web component. Attackers replicated a known brand or organisation’s legitimate website. Those url will be sent to target by email or other medium. Crowd-sourced lists of known phishing kits https://openphish.com www.phishtank.com

Slide 4

Slide 4 text

Phishing Technique Spear Phishing - attacks directed at specific individuals or companies. Whaling - attacks directed specifically at senior executives and other high-profile targets. Vishing - contact target by telephone mimics known entities to steal sensitive information. …

Slide 5

Slide 5 text

Punishment Punishment is upto 2 years jail term / fine amount / both Such fraudulent are punishable under Indian Penal Code, 1860 (IPC) It’s often invoked along with the Information Technology Act, 2000.

Slide 6

Slide 6 text

Why it continues to happen • It’s very hard to trace the identity of Phishing scammer. • There is a legal principle “Bail is rule and jail is an exception”. • Whoever committed this offence they can easily come out in bail and engage in committing the crime again.

Slide 7

Slide 7 text

How you can prevent

Slide 8

Slide 8 text

Verify the URL

Slide 9

Slide 9 text

Pay attention to the SSL and browser warnings As per Anti-Phishing Working Group 2020 report, 75 percent of all phishing sites now use SSL protection

Slide 10

Slide 10 text

Pay attention to the spam filter warning

Slide 11

Slide 11 text

Sender Policy Framework (SPF)* Sender Policy Framework (SPF) record- is a type of Domain Name Service (DNS) TXT record that identifies which mail servers are permitted to send email on behalf of your domain. * For Organization

Slide 12

Slide 12 text

DomainKeys Identified Mail (DKIM)* DomainKeys Identified Mail (DKIM)- Organisation take responsibility for a message that is in transit. The organisation is a handler of the message, either as its originator or as an intermediary. * For Organization

Slide 13

Slide 13 text

Cure • Change all your passwords. • For banking related frauds Immediately approach your bank give a formal complaint with whatever proof you have. • Report the phishing website url here https:// safebrowsing.google.com

Slide 14

Slide 14 text

If the transaction happens without user’s Intervention In 2017, RBI sent a circular to all the banks if such fraudulent are reported the bank has to take resolution with in 3 days and revert back the money to customer. Limiting Liability of Customers in Unauthorised Electronic Banking Transactions

Slide 15

Slide 15 text

If the transaction happens by deceiving the user • If the action is taken by the bank and phisher’s account is freeze by the bank you can approach the court with proper documents and get direction to get your money back. • If the phisher withdraw the money and gone untraceable, bank have option to claim from their insurance and credit to the customer account.

Slide 16

Slide 16 text

Thank You !