PowerPoint Presentation

32 A Sem & Year- 8 th Sem 4 th year Subject- ICS.

Presentation on Following Topic- Phishing Buffer Overflow Attack Cross-Site Scripting Electronic Payment.

Phishing. Objective Define Phishing Phishing Attack Works Prevention form Phishing Attack.

Phishing – Cybercriminal attempts to steal personal and financial information or infect computers and other devices with malware and viruses Designed to trick you into clicking a link or providing personal or financial information Often in the form of emails and websites May appear to come from legitimate companies, organizations or known individuals Take advantage of natural disasters, epidemics, health scares, political elections or timely events.

Mass Phishing – Mass, large-volume attack intended to reach as many people as possible Spear Phishing – Targeted attack directed at specific individuals or companies using gathered information to personalize the message and make the scam more difficult to detect Whaling – Type of spear phishing attack that targets “big fish,” including high-profile individuals or those with a great deal of authority or access Clone Phishing – Spoofed copy of a legitimate and previously delivered email, with original attachments or hyperlinks replaced with malicious versions, which is sent from a forged email address so it appears to come from the original sender or another legitimate source Advance-Fee Scam: Requests the target to send money or bank account information to the cybercriminal.

Attacker sends an email to the victim Attacker Attacker uses victim's credentials to access a website 10101011010101 10010101M)1010 11010101010101 101010101010 O Victim Victim clicks on the email and goes to the phishing website Attacker collects victim's credentials Phishing Website Legitimate Website.

HOW DO I PROTECT AGAINST PHISHING ATTACKS? 1.User education One way to protect your organization from phishing is user education. Education should involve all employees. High-level executives are often a target Teach them how to recognize a phishing email and what to do when they receive one. Simulation exercises are also key for assessing how your employees react to a staged phishing attack . 2.Security technology No single cyber security technology can prevent phishing attacks. Instead , organizations must take a layered approach to reduce the number of attacks and lessen their impact when they do occur. Network security technologies that should be implemented include email and web security, malware protection, user behavior monitoring, and access control..

Buffer Overflow Attack. Buffer Overflow- Buffer overflow is a software coding error or vulnerability that can be exploited by hackers to gain unauthorized access to corporate systems. It is one of the best-known software security vulnerabilities yet remains fairly common. This is partly because buffer overflows can occur in various ways and the techniques used to prevent them are often error-prone..

Cross-Site Scripting. Cross-site scripting- Cross-site scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It allows an attacker to circumvent the same origin policy, which is designed to segregate different websites from each other. Cross-site scripting vulnerabilities normally allow an attacker to masquerade as a victim user, to carry out any actions that the user is able to perform, and to access any of the user's data. If the victim user has privileged access within the application, then the attacker might be able to gain full control over all of the application's functionality and data . There are three main types of XSS attacks. These are: Reflected XSS, where the malicious script comes from the current HTTP request. Stored XSS, where the malicious script comes from the website's database. DOM-based XSS, where the vulnerability exists in client-side code rather than server-side code..

Electronic Payment System. E-Payment :- An e-payment or Electronic Payment system allows customers to pay for the services via electronic methods..

e-payment system works: Entities involved in an online payment system The merchant The customer / the cardholder The issuing bank The acquirer Payment Processor Payment Gateway Working of e-payments can be explained in the following three steps, Payment initiation – Customer finalizes the product/service and chooses the payment method to initiate the transaction. Depending on the payment method, the customer enters the required information like card number, CVV, personal details, expiration date, PIN, etc. The chosen payment method either redirects the customer to an external payment page or a bank’s payment page to continue the payment process. Payment authentication – The information submitted by the customer along with other details like payment information, customer’s account information is authenticated by the operator. The operator can be a payment gateway or any other solution involved. If everything gets authenticated positively, the operator reports a successful transaction..