IMPACT OF ICT ON SOCIETY

PHISHING
NAMA : MUHAMMAD AIMAN BIN RUSLAN
IC NUMBER: 000117-14-1027
CLASS: 4 BETA
 CONTENT

WHAT IS PHISHING?
HOW THEY ATTACK?
HOW TO DETECT?
DAMAGE CAUSED BY PHISHING.
DEFINITION OF PHISHING
CONCLUSION
SOURCES OF REFERENCES.
 DEFINITION OF PHISHING
Phishing is similar to fishing in a lake, but instead of trying to capture fish, phishers attempt to steal your
personal information. They send out e-mails that appear to come from legitimate websites such as eBay,
PayPal, or other banking institutions. The e-mails state that your information needs to be updated or validated
and ask that you enter your username and password, after clicking a link included in the e-mail.

However, even if you visit the false website and just enter your username and password, the phisher may be
able to gain access to more information by just logging in to you account.

http://techterms.com/definition/phishing
 WHAT IS PHISHING?
Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details
(and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in
an electronic communication. The word is a neologism created as a homophone of fishing due to the
similarity of using a bait in an attempt to catch a victim. Communications purporting to be from popular
social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to
lure unsuspecting victims

Phishing is a continual threat, and the risk is even larger in social media such as Facebook, Twitter, and
Google+. Hackers could create a clone of a website and tell you to enter personal information, which is then
emailed to them. Hackers commonly take advantage of these sites to attack people using them at their
workplace, homes, or in public in order to take personal and security information that can affect the user or
company (if in a workplace environment).

https://en.wikipedia.org/wiki/Phishing
 HOW THEY ATTACK
Phishers are targeting the customers of banks and online payment services. Emails, supposedly from the
Internal Revenue Service, have been used to glean sensitive data from U.S. taxpayers.]While the first such
examples were sent indiscriminately in the expectation that some would be received by customers of a given
bank or service, recent research has shown that phishers may in principle be able to determine which banks
potential victims use, and target bogus emails accordingly.

Attackers who broke into TD Ameritrade's database and took 6.3 million email addresses (though they were
not able to obtain social security numbers, account numbers, names, addresses, dates of birth, phone numbers
and trading activity) also wanted the account usernames and passwords, so they launched a follow-up spear
phishing attack.

https://en.wikipedia.org/wiki/Phishing
 HOW TO DETECT
Use Dedicated Systems for Payments including requests and approval processes. Consider disabling email
access on any system involved with payment processing. If a hacker cannot compromise the systems in
payment processing, they will have a harder time obtaining payment usernames and passwords, and an even
harder time actually requesting/approving a transfer.

Block Internet Access for systems involved in payment processing. If the system genuinely has no Internet
access, malware would be unable to talk back to its controlling systems and attacker.

https://www.globalsign.com/en/resources/white-paper-phishing-attacks.pdf
 DAMAGE CAUSED PHISHING
The damage caused by phishing ranges from denial of access to email to substantial financial loss. It is
estimated that between May 2004 and May 2005, approximately 1.2 million computer users in the United
States suffered losses caused by phishing, totaling approximately US$929 million. United States businesses
lose an estimated US$2 billion per year as their clients become victims. In 2007, phishing attacks escalated.
3.6 million adults lost US$3.2 billion in the 12 months ending in August 2007.

https://en.wikipedia.org/wiki/Phishing
 CONCLUSION
When you type in your login details into a site look for a padlock this practically means there is encryption.
Encryption is the process where you details are transmitted via the internet and your details are meaningless
they are all numbers and letters so even If a hacker did capture them It would be worthless to them.
 REFERENCES
1. INTERNET

https://en.wikipedia.org/wiki/Phishing

https://www.globalsign.com/en/resources/white-paper-phishing-attacks.pdf

http://techterms.com/definition/phishing
THE END