1

Phishing the Open NetPhishing the Open Net

Lure 101Zane Brys, Nicholas Bingell ,and

Omar Heniene

2

What is Phishing?

The word "phishing" comes from the analogy that Internet scammers are using email lures to "fish" for passwords and financial data from the sea of Internet users. The term was coined in the 1996 timeframe by hackers who were stealing America On-Line accounts by scamming passwords from unsuspecting AOL users. The first mention on the Internet of phishing is on the alt.2600 hacker newsgroup in January 1996, however the term may have been used even earlier in the printed edition of the hacker newsletter "2600". "Ph“ is a common hacker replacement for "f", and is a nod to the original form of hacking, known as "phreaking". Phreaking was coined by the first hacker, John Draper (aka. "Captain Crunch"). John invented "hacking" by creating the infamous Blue Box, a device that he used to hack telephone systems in the early 1970s.

3

What is Phishing?

phishing (FISH.ing) pp. Creating a replica of an existing Web page to fool a user into submitting personal,financial, or password data. —adj. —phisher n.

Phishing = Password + Fishing

Combination of• Technology• Social engineering

4

How does it work?

“Phishers use many different tactics to lure you, including e-mail and Web sites that

mimic well-known, trusted brands. A common phishing practice involves

"spamming" recipients with fake messages that resemble a valid message from a well-known Web site or a company that the recipients might trust, such as a credit card company, bank, charity, or e-

commerce online shopping site.“ (Laurie )

5

Step 1 Gather E-mail Addresses

Step 2 Mass e-mail everyone on the list and make it appear as if it is coming from a legitimate organization.– Change the “From” line– Use HTML and include legitimate logos\colors–Include a link for them to click on that appears to be legit but takes them to a fake website

Step 3 Users click on the link and, hopefully, enter their personal information.

Step 4 Profit! (Steal their money, identity and ruin their lives.)

BONUS Download malware onto the person’s PC and convert it into part of your botnet to be used to target other people.

Steps to Start Phishing

6

Who are the perpetrators?

A single hacker/phisher was originally the most predominate technique but today’s attacks also come from organized crime groups with global syndication.

For example, there have been instances in which a phishing Web site is hosted in one country, the spam attack is launched from a second country, and the financial fraud transaction occurs in a third country for a user of another country.

7

Who are the victims?A common practice is identity theft, whereby the

criminal steals your personal information, takes on your identity, and can then do the following:

• Apply for and get credit in your name.• Empty your bank account and max out your credit cards.• Transfer money from your investment or credit line

accounts into your checking account, and then use a copy of your debit card to withdraw cash from your checking account at ATMs around the world.

8

What does a phishing scam look like?

As scam artists become more sophisticated, so do their phishing e-mail messages and pop-up windows.

They often include official-looking logos from real organizations and other identifying information taken directly from legitimate Web sites.

9

What does a phishing scam look like?

10

What does a phishing scam look like?

11

What does a phishing scam look like?

12

What does a phishing scam look like?

13

What does a phishing scam look like?

14

Prevention Tips1. NEVER TRUST AN EMAIL SENDERDid you know that you can fake the return address in an

email? For the less computer literate, that's the bit of the email that tells you who it's from. The sender can choose any name/supposed address they want, so never trust an email just because it appears to be from a legitimate address. It is a well known fact that over 95% of phishing attacks use spoofed email addresses to appear more authentic.

2. ALWAYS CHECK THE CONTENTA common technique used by scammers is to include all of the

email's text as an image, and have the whole image link to a spoof website when clicked. This is a tactic to avoid email scanners that can scan the text in an email but not images. If you can't click and select the text as normal with the mouse, simple, it's a scam. Authentic emails are never constructed like this. Also, bad spelling and grammar is also a dead giveaway, as are places that seem unable to spell their own names, e.g. ‘Alert from Ciitibnk'. Banks and the like don't send out emails with mistakes as bad as these.

15

Prevention Tips

3. DON'T OPEN ATTACHMENTS OR FILL OUT EMAIL FORMS

Sometimes a spoof email will come with an attachment. Don't open it! It may be harmless, but there is no need to take the risk. This is the most common way that viruses are spread, and as well as being a scam the email may try and infect your computer with programs that steal information from you without your knowledge. 90% of computer viruses are distributed via email, so don't take the risk.

4. UPDATE YOUR COMPUTER SECURITY– Get an antivirus program (and keep it updated)..– Get an spyware removal program (and keep it updated).

Update your operating system regularly

16

What if You Get Phished?

• Don’t panic!• Quickly contact the real bank or company and tell them what has happened.• Close the account and open a new one.• Change your passwords and details so the details you gave out are no longer

valid.• Start checking your free credit report.

17

Reporting Phishing Scams

Always report "phishing" or “spoofed” emails to the following groups:

– forward the email to reportphishing@antiphishing.org

– forward the email to the Federal Trade Commission at spam@uce.gov

– forward the email to the "abuse" email address at the company that is being spoofed (e.g. "spoof@ebay.com")

– when forwarding spoofed messages, always include the entire original email with its original header information intact

– notify The Internet Crime Complaint Center of the FBI by filing a complaint on their website: www.ic3.gov/

18

Security Indicators• “Look for the lock at the bottom of

your browser and ‘https’ in front of the website address.”

19

More Security Indicators

Spoofstick

20

More Security Indicators

NetcraftToolbar

21

More Security Indicators

Trustbar

22

Test Your Phishing

Phishing QuizLets go phishing!

23

Workload Distribution

Zane Brys: research, rough draft ideas, editing power point, and presenting.

Omar Heniene: research, rough draft ideas, power point preparation, and presenting.

Nicholas Bingell: research, typing of the documents, finalizing of report, and presenting.

24

Resources

• Microsoft Phishing Information Website• http://office.microsoft.com/en-us/outlook/

HA011400021033.aspx • http://66.99.255.20/it/phishing.htm• http://en.wikipedia.org/wiki/Phishing• http://www.webopedia.com/TERM/P/phishing.html• http://www.privacyrights.org/ar/phishing.htm• http://surfthenetsafely.com/phishing.htm• money.howstuffworks.com • www.niagaracountyfcu.org

25

Questions/Comments?