phishing
DESCRIPTION
What to look for in a phishing emailGeneric greeting. Phishing emails are usually sent in large batches. To save time, Internet criminals use generic names like "First Generic Bank Customer" so they don't have to type all recipients' names out and send emails one-by-one. If you don't see your name, be suspicious.Forged link. Even if a link has a name you recognize somewhere in it, it doesn't mean it links to the real organization. Roll your mouse over the link and see if it matches what appears in the email. If there is a discrepency, don't click on the link. Also, websites where it is safe to enter personal information begin with "https" — the "s" stands for secure. If you don't see "https" do not proceed.Requests personal information. The point of sending phishing email is to trick you into providing your personal information. If you receive an email requesting your personal information, it is probably a phishing attempt.Sense of urgency. Internet criminals want you to provide your personal information now. They do this by making you think something has happened that requires you to act fast. The faster they get your information, the faster they can move on to another victim.TRANSCRIPT
![Page 1: Phishing](https://reader035.vdocument.in/reader035/viewer/2022062716/55cf9339550346f57b9ce72a/html5/thumbnails/1.jpg)
PhishingBy
K. Nirmala07A41A0529
![Page 2: Phishing](https://reader035.vdocument.in/reader035/viewer/2022062716/55cf9339550346f57b9ce72a/html5/thumbnails/2.jpg)
Topics• Phishing Basics• Serious Problem• APWG Regular Reports• Recent Examples • Phishing Harms Firms• Problem Increasing• Anti-Phishing Steps • Public Education• Possible Solutions
![Page 3: Phishing](https://reader035.vdocument.in/reader035/viewer/2022062716/55cf9339550346f57b9ce72a/html5/thumbnails/3.jpg)
Phishing Basics (1)
• Pronounced "fishing" • Scam to steal valuable information such as credit
cards, social security numbers, user IDs and passwords.
• Also known as "brand spoofing" • Official-looking e-mail sent to potential victims – Pretends to be from their ISP, retail store, etc., – Due to internal accounting errors or some other
pretext, certain information must be updated to continue the service.
![Page 4: Phishing](https://reader035.vdocument.in/reader035/viewer/2022062716/55cf9339550346f57b9ce72a/html5/thumbnails/4.jpg)
Phishing Basics (2)• Link in e-mail message directs the user to a Web page
– Asks for financial information– Page looks genuine
• Easy to fake valid Web site• Any HTML page on the real Web can be copied and modified
• E-mails sent to people on selected lists or to any list– Some % will actually have account
• “Phishing kit" – Set of software tools – Help novice phisher imitate target Web site – Make mass mailings– May include lists of e-mail addresses
![Page 5: Phishing](https://reader035.vdocument.in/reader035/viewer/2022062716/55cf9339550346f57b9ce72a/html5/thumbnails/5.jpg)
Serious Problem“Illegal access to checking accounts, often gained via phishing scams, has become the fastest-growing form of consumer theft in the United States, accounting for a staggering $2.4 billion in fraud in the previous 12 months.”
![Page 6: Phishing](https://reader035.vdocument.in/reader035/viewer/2022062716/55cf9339550346f57b9ce72a/html5/thumbnails/6.jpg)
APWG Regular ReportsPhishing Activity Trends Report Oct 2004 1142: Number of active phishing sites reported in Oct
2004 25%: Average monthly growth rate in phishing sites
July through Oct 44: # brands hijacked Oct 6: # brands comprising top 80% of brands hijacked by
phishing campaigns in Oct USA: country hosting most phishing Websites 20%: contain some form of the target name in URL 63%: no hostname, just IP address 6 days: average time online for phishing site
http://www.antiphishing.org/APWG_Phishing_Activity_Report-Oct2004.pdf
![Page 7: Phishing](https://reader035.vdocument.in/reader035/viewer/2022062716/55cf9339550346f57b9ce72a/html5/thumbnails/7.jpg)
Recent Examples of AttacksFrom APWG
Nov 15 - People's Bank - 'New Mail from People' Nov 10 - Citibank - 'Citibank Alert Service' Nov 9 - Paypal - 'Your Account Will Be Suspended' Nov 2 - Sovereign Bank - 'Sovereign Bank
Unauthorized Account Access' Nov 1 - Citibank - 'Security Alert on Microsoft
Internet Explorer' Oct 29 - eBay - 'TKO NOTICE: Verify Your Identity' Oct 28 - Verizon - 'Update your Verizon billing
profile' Oct 27 - Washington Mutual Bank - 'Washington
Mutual Bank : Notification of Washington Mutual Internet Banking Account‘
![Page 8: Phishing](https://reader035.vdocument.in/reader035/viewer/2022062716/55cf9339550346f57b9ce72a/html5/thumbnails/8.jpg)
People’s Bank
Not the proper
domain for peoples.com
![Page 9: Phishing](https://reader035.vdocument.in/reader035/viewer/2022062716/55cf9339550346f57b9ce72a/html5/thumbnails/9.jpg)
Citibank (Nov 10)
Links tohttp://82.90.165.65/
citi
![Page 10: Phishing](https://reader035.vdocument.in/reader035/viewer/2022062716/55cf9339550346f57b9ce72a/html5/thumbnails/10.jpg)
PayPal (1)
![Page 11: Phishing](https://reader035.vdocument.in/reader035/viewer/2022062716/55cf9339550346f57b9ce72a/html5/thumbnails/11.jpg)
PayPal (2)Actually links to
http://212.45.13.185/.paypal/
index.php
![Page 12: Phishing](https://reader035.vdocument.in/reader035/viewer/2022062716/55cf9339550346f57b9ce72a/html5/thumbnails/12.jpg)
Citibank (Nov 1)
Links tohttp://200.189.70.90/citi/
![Page 13: Phishing](https://reader035.vdocument.in/reader035/viewer/2022062716/55cf9339550346f57b9ce72a/html5/thumbnails/13.jpg)
eBay
http://signin-ebay.com-cgi-bin.tk/
eBaydll.php
![Page 14: Phishing](https://reader035.vdocument.in/reader035/viewer/2022062716/55cf9339550346f57b9ce72a/html5/thumbnails/14.jpg)
APWG (antiphishing.org)
• Anti-Phishing Working Group
![Page 15: Phishing](https://reader035.vdocument.in/reader035/viewer/2022062716/55cf9339550346f57b9ce72a/html5/thumbnails/15.jpg)
Phishing Harms Firms Harmful at many levels
Threatens effective communicationUndermines goodwill and trust
CustomersDirect harm from stolen IDs, passwordsCould perceive business as not taking
adequate steps to protect users Diminishes value of brand
Could affect shareholdersPossibility of liability for failure to exercise
due diligence in protecting trademark
Based in part on material that iscopyright © 2004 Don Holden, CISSPUsed with permission (and thanks).
![Page 16: Phishing](https://reader035.vdocument.in/reader035/viewer/2022062716/55cf9339550346f57b9ce72a/html5/thumbnails/16.jpg)
Problem Increasing
![Page 17: Phishing](https://reader035.vdocument.in/reader035/viewer/2022062716/55cf9339550346f57b9ce72a/html5/thumbnails/17.jpg)
Get a Job – and Lose Money
• Free training offer is latest spam scam– By John Leyden– Published Tuesday 2nd November 2004 12:35 GMT– http://www.theregister.com/2004/11/02/
training_spam_scam/
• Apply for “training” and “job” at Credit Suisse• Fill in banking details (!)• Lose control over your financial information to
criminals
![Page 18: Phishing](https://reader035.vdocument.in/reader035/viewer/2022062716/55cf9339550346f57b9ce72a/html5/thumbnails/18.jpg)
Spoofed Page and Address Bar
Based on a slide copyright © 2004 Don Holden, CISSPUsed with permission (and thanks).
Not the realaddress bar
See http://www.antiphishing.org/news/03-31-04_Alert-FakeAddressBar.html
![Page 19: Phishing](https://reader035.vdocument.in/reader035/viewer/2022062716/55cf9339550346f57b9ce72a/html5/thumbnails/19.jpg)
Spoofed Address Bar Problem
JavaScript device replaces address barAllows complete controlCan show one URL while going to anotherViewing source code for page does NOT show Java
source code Implications
With address bar installed, could track other sites visited
Could do a man-in–the-middle attack to see everything entered
![Page 20: Phishing](https://reader035.vdocument.in/reader035/viewer/2022062716/55cf9339550346f57b9ce72a/html5/thumbnails/20.jpg)
Recent Alert
• @RISK: Consensus Security Vulnerability Alert 3(45) Nov 14, 2004– From SANS Institute
• Internet Explorer Phishing Vulnerability– Attacker can construct malicious hyperlink– Hundreds of attacks reported per week– Object element embedded in hyperlink• Can embed flash movie or other executable code in a
hyperlink
![Page 21: Phishing](https://reader035.vdocument.in/reader035/viewer/2022062716/55cf9339550346f57b9ce72a/html5/thumbnails/21.jpg)
Tabbed Browser Problems (1) Phishing for dummies: hook, line and sinker
By Scott Granneman, SecurityFocus Published Tuesday 2nd November 2004 14:55 GMT http://www.theregister.com/2004/11/02/phishing_tabbe
d_browsers/
Vulnerabilities in many “tabbed” browsers that allow easy switch from one window to another Mozilla 1.7.3 Mozilla Firefox 0.10.1 Camino 0.8 Opera 7.54 Konqueror 3.2.2-6 Netscape 7.2 Avant Browser 9.02 build 101 and 10.0 build 029 Maxthon (MyIE2) 1.1.039
![Page 22: Phishing](https://reader035.vdocument.in/reader035/viewer/2022062716/55cf9339550346f57b9ce72a/html5/thumbnails/22.jpg)
Tabbed Browser Problems (2)
• Dialog box can be spawned in active window from connection to an inactive window– E.g., visit PayPal– Get popup box to “verify” password– Actually comes from rogue site in different window
• Possibility of diverting data into a form on a different window for a malicious Website– Would try to enter data into form on legitimate site– Data would actually go somewhere else
![Page 23: Phishing](https://reader035.vdocument.in/reader035/viewer/2022062716/55cf9339550346f57b9ce72a/html5/thumbnails/23.jpg)
Anti-Phishing Steps
Proclaim, Protect, Pursue• Proclaim in all correspondence the use of an
official mark (e.g. TrustedSender stamp)• Protect all messages, Web pages with the
mark• Pursue all impostors – actively seek reports of
phishing
![Page 24: Phishing](https://reader035.vdocument.in/reader035/viewer/2022062716/55cf9339550346f57b9ce72a/html5/thumbnails/24.jpg)
Public Education
Use digitally-signed documents ONLYDon’t release unsigned documentsGet consumers used to idea that an unsigned
document is an untrustworthy document Use public education campaigns
“No one will ever ask you to confirm your password”
“Don’t believe alerts that address you as ‘Dear Customer.’”
Link to APWG documents; e.g.,http://www.antiphishing.org/consumer_recs.html
![Page 25: Phishing](https://reader035.vdocument.in/reader035/viewer/2022062716/55cf9339550346f57b9ce72a/html5/thumbnails/25.jpg)
Possible Solutions
• Strong Website authentication• Mail server authentication• Digitally-signed e-mail with desktop
verification• Digitally-signed e-mail with gateway
verification
AWPG: Proposed Solutions to Address the Threat of Email Spoofing Scams
![Page 26: Phishing](https://reader035.vdocument.in/reader035/viewer/2022062716/55cf9339550346f57b9ce72a/html5/thumbnails/26.jpg)
APWG Resources Page
![Page 27: Phishing](https://reader035.vdocument.in/reader035/viewer/2022062716/55cf9339550346f57b9ce72a/html5/thumbnails/27.jpg)
CloudMark’s Community Approach
• Cloud mark Safety Bar– http://www.cloudmark.com/ – Works for Outlook and Outlook Express
• Community members report new spam or fraud at push of button– Information sent worldwide to improve blocking
• Anti-fraudster measures– Reliability of reports affects credibility of reporter– Spammers and fraudsters would lose credibility
fast
![Page 28: Phishing](https://reader035.vdocument.in/reader035/viewer/2022062716/55cf9339550346f57b9ce72a/html5/thumbnails/28.jpg)
Cloudmark SafetyBar (2)
![Page 29: Phishing](https://reader035.vdocument.in/reader035/viewer/2022062716/55cf9339550346f57b9ce72a/html5/thumbnails/29.jpg)
QUERIES ?
![Page 30: Phishing](https://reader035.vdocument.in/reader035/viewer/2022062716/55cf9339550346f57b9ce72a/html5/thumbnails/30.jpg)
THANQ