Internet Phishing

PHISHING ATTACK

-Abhishek Hirapara.

PhishingIn the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

How is it Exactly Done ?A thing a Hacker Needs-A Software known as Super Phisher.

My3gb.comA Free Web Hosting site for uploading the fake

website.

The Hacker copies the URL (Uniform Resource Locator ) Of a website eg.www.gmail.co.in , www.yahoo.co.in

And puts it in the software Url space

-Once the fake page is build , it appears in the folder where the software is installed, or kept .

-The Hacker thus creates a fake account in the free Uploading website.

And he uploads the files in the file manager.

Also use URL shortner (ex:- goo.gl , bit.do , ow.ly)

That’s it the hacker has the email id & Password & he is totally in control of the account!!

This Process can be done with any networking site .But these types of links cannot be sent through Facebook.This is what happens when you try to send this phishing link.

Phishtank

Functionality

-Verify a site- Search a

phishing site from existing list

- Add a site into the phishing list

How to avoid Phishing• DON’T CLICK THE LINK

– Type the site name in your browser (such as www.paypal.com)• Never send sensitive account information by e-mail

– Account numbers, SSN, passwords• Never give any password out to anyone• Verify any person who contacts you (phone or email).

– If someone calls you on a sensitive topic, thank them, hang up and call them back using a number that you know is correct, like from your credit card or statement.

• Change Your “hosts” file permission to read only

C:\Windows\System32\drivers\etc\hosts

Key loggers Definition: “A keylogger is something that records

keystrokes made on a computer. It captures every key pressed on the keyboard and stores it down in a file or memory bank that can be viewed by the person performing the monitoring in real-time, or at a later date.” [1]

There are two types of keylogger: hardware keylogger and software keylogger

[1] http://www.keyghost.com/keylogger

Hardware key loggersCome in three types: Inline devices that are attached to the keyboard

cable Devices which can be installed inside standard

keyboards Replacement keyboards that contain the key logger

already built-in

KeyloggerThe Hardware KeyLogger™ Stand-alone Edition is a tiny hardware device that can be attached in between a keyboard and a computer. It keeps a record of all keystrokes typed on the keyboard. The recording process is totally transparent to the end user. The keystrokes can only be retrieved by an administrator with a proper password.

BEFORE AFTER

Hardware KeyLoggerTMKeyboard Edition

The Hardware KeyLogger™ Keyboard Edition looks and behaves exactly like a normal keyborad, but it keeps a record of all keystrokes typed on it. The recording process is totally transparent to the end user. The keystrokes can only be retrieved by an administrator with a proper password.

KeyKatcherThe KeyKatcher is a hardware device to log activity as it is performed on the keyboard. The device works with any PS/2 keyboard and is not dependant on the operating system because there is not any software required for the manufacture to product to interact with the hardware.

The KeyKatcher records up to 32,000 bytes (keystrokes) in the 33k model or 64,000 bytes (key strokes) in the 64k model. Even if the device is unplugged from the keyboard it will still remember EVERYTHING and you wont lose a single keystroke.

Other approachesThere are other approaches to capturing info about what you are doing.

•Some keyloggers capture screens, rather than keystrokes. •Other keyloggers will secretly turn on video or audio recorders, and transmit what they capture over your internet connection.

Software Key Logging• Easy to implement – code is relatively normal.• Hard to install – user can notice the presence of it.It records:• Which applications are run and closed• All keystrokes pressed (keystroke logger)• All content copied to the clipboard• All print activity• Any disk changes• Any Internet connections made, and all websites

visited

Problems with installing a Key Logger

• An attacker that connects to the target to

download the keystrokes risks being traced.• A code that sends the information to an email

address risks exposing the attacker.

Examples of key loggers• Magic Lantern – developed by the FBI– is installed remotely via email attachment.

• All in One Keylogger Spy Software– sends encrypted logs to desired email– tracks all users activity

Examples of key loggers (cont.)

• Wiretap Pro– specializes in Internet monitoring– records chats, emails, web sites visited

• Ardamax Keylogger – monitors user activity in an encrypted way– data is stored as text or web page– used to maintain backups or monitor kids.

Defending from a key logger• Have our computer up to date with:– Keep net firewall on– Anti-spywares– Anti-viruses

• Check USB ports and PS/2• Check programs installed• Also we can maintain a practice of using

only the soft keyboard (on screen). However is not completely secure.

So better think twice before clicking on a link!!

The given presentation is only

for educational purpose & not

for any wrong use .

Thank You

For Your

Stay Alert. Be Safe.