Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Phishing Scams

Phishing Scams


Rajiv Manivannan

February 01, 2020


  1. Rajiv Manivannan

  2. What is Phishing Phishing is the fraudulent attempt to obtain

    sensitive information including user data, login credentials, credit card details through electronic communication.
  3. How? • Attacker send an email that appears to be

    from a legitimate company and ask to provide sensitive information. • Contact through phone call by mimicking the know entity. For example, I am your virtual relationship manager calling from you bank your credit card is block. Kindly share your CCV number and received OTP to activate it. • Using a Phishing kit - It’s a web component. Attackers replicated a known brand or organisation’s legitimate website. Those url will be sent to target by email or other medium. Crowd-sourced lists of known phishing kits https://openphish.com www.phishtank.com
  4. Phishing Technique Spear Phishing - attacks directed at specific individuals

    or companies. Whaling - attacks directed specifically at senior executives and other high-profile targets. Vishing - contact target by telephone mimics known entities to steal sensitive information. …
  5. Punishment Punishment is upto 2 years jail term / fine

    amount / both Such fraudulent are punishable under Indian Penal Code, 1860 (IPC) It’s often invoked along with the Information Technology Act, 2000.
  6. Why it continues to happen • It’s very hard to

    trace the identity of Phishing scammer. • There is a legal principle “Bail is rule and jail is an exception”. • Whoever committed this offence they can easily come out in bail and engage in committing the crime again.
  7. How you can prevent

  8. Verify the URL

  9. Pay attention to the SSL and browser warnings As per

    Anti-Phishing Working Group 2020 report, 75 percent of all phishing sites now use SSL protection
  10. Pay attention to the spam filter warning

  11. Sender Policy Framework (SPF)* Sender Policy Framework (SPF) record- is

    a type of Domain Name Service (DNS) TXT record that identifies which mail servers are permitted to send email on behalf of your domain. * For Organization
  12. DomainKeys Identified Mail (DKIM)* DomainKeys Identified Mail (DKIM)- Organisation take

    responsibility for a message that is in transit. The organisation is a handler of the message, either as its originator or as an intermediary. * For Organization
  13. Cure • Change all your passwords. • For banking related

    frauds Immediately approach your bank give a formal complaint with whatever proof you have. • Report the phishing website url here https:// safebrowsing.google.com
  14. If the transaction happens without user’s Intervention In 2017, RBI

    sent a circular to all the banks if such fraudulent are reported the bank has to take resolution with in 3 days and revert back the money to customer. Limiting Liability of Customers in Unauthorised Electronic Banking Transactions
  15. If the transaction happens by deceiving the user • If

    the action is taken by the bank and phisher’s account is freeze by the bank you can approach the court with proper documents and get direction to get your money back. • If the phisher withdraw the money and gone untraceable, bank have option to claim from their insurance and credit to the customer account.
  16. Thank You !