Birbhum Institute 0f Engineering & Technology

TOPIC
Phishing and Password
Cracking
Name- ARINDAM TUDU
University Roll No-11801321093
University Registration No-211180101320084 OF 2021-2022
CLASS ROLL NO- CE/D/18/21
Department-CIVIL ENGINEERING
Semester-7th Year-4th
Subject name- CyberLaw & Ethics
Subject Code-CE(OE)701C
Content

• What is Phishing?
• Types of Phishing Attacks
• Examples of Phishing Attacks
• Causes of Phishing
• Effects of Phishing
• What is password cracking?
• What are password cracking techniques?
• What does a password cracking attack look like?
• What are password cracking tools?
• How to prevent password cracking?
What is Phishing?

Phishing email messages, websites, and phone calls

are designed to steal money or sensitive information.
Cybercriminals can do this by installing malicious
software on your computer, tricking you into giving
them sensitive information, or outright stealing personal
information off of your computer.
.
 Types of Phishing Attacks

Social Engineering - On your Facebook profile or LinkedIn

profile, you can find: Name, Date of Birth, Location,
Workplace, Interests, Hobbies, Skills, your Relationship Status,
Telephone Number, Email Address and Favorite Food. This is
everything a Cybercriminal needs in order to fool you into
thinking that the message or email is legitimate.

Link Manipulation - Most methods of phishing use some form

of deception designed to make a link in an email appear to
belong to the spoofed organization or person. Misspelled
URLs or the use of subdomains are common tricks used by
phishers. Many email clients or web browsers will show
previews of where a link will take the user in the bottom left
of the screen or while hovering the mouse cursor over a link.
 Types of Phishing Attacks

Spear phishing - Phishing attempts directed at specific

individuals or companies have been termed spear phishing.
Attackers may gather personal information (social
engineering) about their targets to increase their probability
of success. This technique is, by far, the most successful on
the internet today, accounting for 91% of attacks.

Clone phishing - A type of phishing attack whereby a

legitimate, and previously delivered email containing an
attachment or link has had its content and recipient
address(es) taken and used to create an almost identical or
cloned email. The attachment or link within the email is
replaced with a malicious version and then sent from an
email address spoofed to appear to come from the original
sender.
 Types of Phishing Attacks

Voice Phishing - Voice phishing is the criminal practice of

using social engineering over the telephone system to gain
access to personal and financial information from the public
for the purpose of financial reward. Sometimes referred to
as 'vishing’, Voice phishing is typically used to steal credit
card numbers or other information used in identity theft
schemes from individuals.
Examples of Phishing Attacks
 Examples of Phishing Attack

1. Just like in the previous example, this email looks like a

legit PayPal email that you would normally see. So the
first thing to do is to see if you recognize the email, or
if you have done any kind of transaction with this
email address. Also look through the email for spelling
and grammatical errors, as Cybercriminals will often
leave these errors in the body of the email.
2. Second, see if the item in question is one that you
actually bought or sold. If not, then delete and move
on.
3. Look at the email circled, if this was an official email
from paypal, it would end in “@paypal.com” not
mail2world.
 Causes of Phishing

• Misleading e-mails
• No check of source address
• Vulnerability in browsers
• No strong authentication at websites of banks and
• financial institutions
• Limited use of digital signatures
• Non-availability of secure desktop tools
• Lack of user awareness
• Vulnerability in applications
 Effects of Phishing

• Internet fraud
• Identity theft
• Financial loss to the original institutions
• Difficulties in Law Enforcement Investigations
• Erosion of Public Trust in the Internet.
 What is password cracking?
Password cracking is the process of using an application program
to identify an unknown or forgotten password to a computer or
network resource. It can also be used to help a threat actor obtain
unauthorized access to resources.
A password cracker recovers passwords using various
techniques. The process can involve comparing a list of words to
guess passwords or the use of an algorithm to repeatedly guess
the password.
What are password cracking techniques?

• Brute force. This attack runs through combinations of

characters of a predetermined length until it finds the
combination that matches the password.

• Dictionary search. Here, a password cracker searches each

word in the dictionary for the correct password. Password
dictionaries exist for a variety of topics and combinations of
topics, including politics, movies and music groups.

• Phishing. These attacks are used to gain access to user

passwords without the use of a password cracking tool.
Instead, a user is fooled into clicking on an email attachment.
From here, the attachment could install malware or prompt the
user to use their email to sign into a false version of a website,
revealing their password.
What are password cracking techniques?

• Malware. Similar to phishing, using malware is another

method of gaining unauthored access to passwords without
the use of a password cracking tool. Malware such
as keyloggers, which track keystrokes, or screen scrapers,
which take screenshots, are used instead.

• Rainbow attack. This approach involves using different words

from the original password in order to generate other possible
passwords. Malicious actors can keep a list called a rainbow
table with them. This list contains leaked and previously
cracked passwords, which will make the overall password
cracking method more effective.
What are password cracking techniques?

• Guessing. An attacker may be able to guess a password

without the use of tools. If the threat actor has enough
information about the victim or the victim is using a common
enough password, they may be able to come up with the
correct characters.

 Some password cracking programs may use hybrid attack

methodologies where they search for combinations of
dictionary entries and numbers or special characters. For
example, a password cracker may search for ants01, ants02,
ants03, etc. This can be helpful when users have been advised
to include a number in their password.
What does a password cracking attack look like?

The general process a password cracker follows involves these

four steps:
1. Steal a password via some nefarious means. That password
has likely been encrypted before being stored using
a hash Hashes are mathematical functions that change
arbitrary-length inputs into an encrypted fixed-length output.
2. Choose a cracking methodology, such as a brute-
force or dictionary attack, and select a cracking tool.
3. Prepare the password hashes for the cracking program. This is
done by providing an input to the hash function to create a
hash that can be authenticated.
4. Run the cracking tool.
How to prevent password cracking?
(1) Password policies
• Requiring longer passwords. Longer passwords
and passphrases have been shown to
substantially improve security. However, it’s
still essential to avoid longer passwords that
have been previously compromised or regularly
appear in cracking dictionaries.
• Do not use personal details. This password
policy encourages users to create passwords
with no link to the user’s personal
information.
(2) Password screening
• One of the best ways to prevent dictionary
attacks is to screen them against known lists
of dictionary passwords and compromised
passwords.
• Compromised password screens collect
 What are password cracking tools?
Password crackers can be used maliciously or legitimately to recover lost passwords. Among the password cracking
tools available are the following three:
1. Cain and Abel. This password recovery software can recover passwords for Microsoft Windows user
accounts and Microsoft Access passwords. Cain and Abel uses a graphical user interface, making it
more user-friendly than comparable tools. The software uses dictionary lists and brute-force attack
methods.
2. Ophcrack. This password cracker uses rainbow tables and brute-force attacks to crack passwords. It
runs on Windows, macOS and Linux.
3. John the Ripper. This tool uses a dictionary list approach and is available primarily for macOS and Linux
systems. The program has a command prompt to crack passwords, making it more difficult to use than
software like Cain and Abel.
Conclusion

No single technology will completely stop phishing.However, a combination of

good organization andpractice, proper application of current technologies.and
improvements in security technology has thepotential to drastically reduce the
prevalence ofphishing and the losses suffered fiom it. But now a daysmany of
the password cracking techniques are used for the wrongpurposes. In case you
think you're safe from the attentions of suchcriminal types, or think they'd never
be able to guess your password,perhaps you might be interested to learn just
how wrong you are.