Phishing Scams

Transcript

1. Rajiv Manivannan
   

   View Slide

2. What is Phishing
   Phishing is the fraudulent attempt
   to obtain sensitive information
   including user data, login
   credentials, credit card details
   through electronic communication.
   

   View Slide

3. How?
   • Attacker send an email that appears to be from a legitimate
   company and ask to provide sensitive information.
   • Contact through phone call by mimicking the know entity.
   For example, I am your virtual relationship manager calling
   from you bank your credit card is block. Kindly share your
   CCV number and received OTP to activate it.
   • Using a Phishing kit - It’s a web component. Attackers
   replicated a known brand or organisation’s legitimate
   website. Those url will be sent to target by email or other
   medium.
   Crowd-sourced lists of known phishing kits
   
   https://openphish.com
   
   www.phishtank.com
   

   View Slide

4. Phishing Technique
   Spear Phishing - attacks directed at
   specific individuals or companies.
   Whaling - attacks directed specifically at
   senior executives and other high-profile
   targets.
   Vishing - contact target by telephone
   mimics known entities to steal sensitive
   information.
   …
   

   View Slide

5. Punishment
   Punishment is upto 2 years
   jail term / fine amount / both
   Such fraudulent are
   punishable under Indian
   Penal Code, 1860 (IPC)
   It’s often invoked along with
   the Information Technology
   Act, 2000.
   

   View Slide

6. Why it continues to happen
   • It’s very hard to trace the
   identity of Phishing
   scammer.
   • There is a legal principle
   “Bail is rule and jail is an
   exception”.
   • Whoever committed this
   offence they can easily come
   out in bail and engage in
   committing the crime again.
   

   View Slide

7. How you can prevent
   

   View Slide

8. Verify the URL
   

   View Slide

9. Pay attention to the SSL and browser
   warnings
   As per Anti-Phishing Working Group 2020 report, 75 percent of all phishing sites now use SSL protection
   

   View Slide

10. Pay attention to the spam filter warning
    

    View Slide

11. Sender Policy Framework (SPF)*
    Sender Policy Framework (SPF) record- is a type of Domain
    Name Service (DNS) TXT record that identifies which mail
    servers are permitted to send email on behalf of your domain.
    * For Organization
    

    View Slide

12. DomainKeys Identified Mail (DKIM)*
    DomainKeys Identified Mail (DKIM)- Organisation take
    responsibility for a message that is in transit. The organisation
    is a handler of the message, either as its originator or as an
    intermediary.
    * For Organization
    

    View Slide

13. Cure
    • Change all your passwords.
    • For banking related frauds Immediately approach
    your bank give a formal complaint with whatever
    proof you have.
    • Report the phishing website url here https://
    safebrowsing.google.com
    

    View Slide

14. If the transaction happens without user’s
    Intervention
    In 2017, RBI sent a circular
    to all the banks if such
    fraudulent are reported
    the bank has to take
    resolution with in 3 days
    and revert back the
    money to customer.
    Limiting Liability of Customers in Unauthorised Electronic Banking Transactions
    

    View Slide

15. If the transaction happens by
    deceiving the user
    • If the action is taken by the bank and phisher’s account is
    freeze by the bank you can approach the court with proper
    documents and get direction to get your money back.
    • If the phisher withdraw the money and gone untraceable,
    bank have option to claim from their insurance and credit to
    the customer account.
    

    View Slide

16. Thank You !
    

    View Slide