Phishing

Fishing Vs Phishing
Phreaking + Fishing = Phishing
- Phreaking = Making phone calls for free
- Fishing = Use bait to lure the target

+ =

Phreaking Fishing Phishing

What is Phishing?

Phishing is a type of cyber attack often used to steal user

data, including login credentials and debit/ credit card
numbers.
Phishing example:
 Several things can occur by clicking the link. For
example:
1. The user is redirected to myuniversity.edurenewal.com, a
bogus page appearing exactly like the real renewal page, where
both new and existing passwords are requested. The attacker,
monitoring the page, hijacks the original password to gain access
to secured areas on the university network.

2. The user is sent to the actual password renewal page.

However, while being redirected, a malicious script activates in
the background to hijack the user’s session.
Types of Phishing:
1. E-mail Phishing:

Most phishing attacks are sent by email. The crook will

register a fake domain that mimics a genuine organisation
and sends thousands out thousands of generic requests. 

The fake domain often involves character substitution, like

using ‘r’ and ‘n’ next to each other to create ‘rn’ instead of
‘m’. 
www.iimindore.org
www.iirnindore.org
Types of Phishing:
1. E-mail Phishing:
This is an example of a “bulk”
phishing email. It doesn’t
address the target by name
and doesn’t contain any
personal information. But,
because it appears to come
from a trusted brand
(Netflix) someone is likely to
click the link. 
 Types of Phishing:
1. E-mail Phishing:
Attachments or links
Spelling errors
Poor grammar
Unprofessional graphics
Unnecessary urgency about
verifying your email address or
other personal information
immediately
Generic greetings like "Dear
Customer" instead of your name.
Types of Phishing:
2. Spear Phishing:
There is another type of email phishing, more sophisticated, types of
phishing involving email. Spear phishing, describes malicious emails sent to
a specific person. Criminals who do this will already have some or all of the
following information about the victim:

•Their name; 
•Place of employment; 
•Designation; 
•Email address; and 
•Specific information about their job role. 
Types of Phishing:
2. Spear Phishing:
Spear phishing is a targeted
phishing attack. The target
receives an email that
addresses them directly — by
name.
Threaten to terminate the
account if the victims not
reply.
 Use gift or bonus as a bait.
 Security promises.
Types of Phishing:
3. Whaling:
Whaling attacks are even more targeted, taking aim at senior executives
or CEO of the Company. Although the end goal of whaling is the same as
any other kind of phishing attack.
Types of Phishing:
3. Whaling:
Same as Spear
Phishing, but here the
target is high profile
individual of the
company.
Types of Phishing:
3. Whaling:

Same as Spear
Phishing, but here
the target is high
profile individual
of the company.
Types of Phishing:
4. SMiShing:

Phishing via SMS

Types of Phishing:
4. SMiShing:

Phishing via SMS

Types of Phishing:
5. Vishing:

•Voice Phishing
•Phishing via Telephone call
 5. Vishing:
Jamtara district of Jharkhand has been
the hub of cyber phishing since Apr
2015. Also known as ‘Phishing Capital of
India’.
About 80% of all cyber crimes in
country have their roots in Jamtara.
Almost from every district of India, the
cyber police has reached here.
Not only ordinary people, but
Celebrities, Central Minister, MP, MLA,
IAS Officers, Police Officers, Army
officers etc have come under the
influence of cyber phishing.
More than 450 arrests have been done
by cyber police from Jamtara.
Phishing Impact:
More than 80% of reported security incidents are phishing attacks. Also, the same
report mentioned that Google has registered 2,145,013 phishing sites as of January
17, 2021.

600% rise in COVID – 19 related phishing sites and attacks were reported in 2020.
Safeguards against Phishing:
Employ common sense before handing over sensitive information. 
Never trust alarming messages. 
Do not open attachments.
Avoid clicking links.
Keep your software and operating system up to date.
Check the web address carefully.
Check the domain https secured for online transaction.
Keep your password long and difficult.
Change your password regularly.
Never respond on spam messages.
Don’t make friend the people you don’t know.
Lock your profile.
Install good Antivirus software in your device.
Be aware of phishing phone calls
Phishing - a Cyber Crime, the provisions of IT Act 2000 & IPC
The phishing fraud essentially is a cybercrime and it attracts many penal
provisions of the Information Technology Act, 2000 and IPC simultaneously.
IT Act sections 43 and 66 are penalized.
IPC Section 419, 420, 463, 465 and 468 are applied.
Jail depends upon the charges min 2 years to max 10 years with of without
penalties.
Thanks