GONE PHISHING ECE 4112 Final Lab Project Group #19 Enid Brown & Linda Larmore

GONE PHISHING

ECE 4112 Final Lab ProjectGroup #19Enid Brown & Linda Larmore

2Comparative Analysis of Browser Anti-Phishing Techniques

Outline

Phishing for facts Goals of Lab Anti-Phishing techniques Lab Procedures Lab Results Conclusion Discussion


Background

Phishing can be defined as an attempt to obtain sensitive and personal information by masquerading as a trustworthy entity in some form of electronic communication.

This sensitive information includes, but is not limited to passwords, credit card numbers, and usernames.

As a result, all major browsers contain some type of anti-phishing measure, that is either turned on or off by default.

With an increase in the amount of spam that most email addresses receive, phishing has become more and more popular and it is important that we learn how to protect out information and detect these sites.


YeahRight

● ● ● ● ● ● ●


Outline



Goals

The goals for this lab are:– To introduce the concept of Phishing exploits

– Compare the anti-phishing techniques that different browsers utilize

– Compare the anti-phishing software available.


Outline



Microsoft Phishing Filter in Windows Internet Explorer 7

Microsoft Phishing Filter, uses a combination of Microsoft’s URL Reputation Service (URS) and local heuristics built into the IE 7 browser.

These methods allow it to identify and warn users in real time of suspected phish URLs, and block them from accessing confirmed phishing sites that have been reported to the URS by either users or third-party data providers.


Netscape Browser 9.0

Includes a built in phishing filter

Relies solely on a blacklist, which is maintained by AOL and updated frequently


Opera

When Opera Fraud Protection is enabled, a server is contacted at Opera every time you request a Web page.

HTTPS sites are checked via an encrypted channel, while IP addresses on the local intranet will never be checked.

The server checks the domain name of the requested page against live whitelists compiled by GeoTrust, and blacklists compiled by GeoTrust and Phishtank.

Opera's fraud protection server downloads blacklists directly from Phishtank, and sends a query to GeoTrust.


Mozilla Firefox

Phishing Protection is turned on by default in Firefox 2 or later, and works by checking the sites that you browse to against a list of known phishing sites.

This list is automatically downloaded and regularly updated within Firefox when the Phishing Protection feature is enabled.


McAfee SiteAdvisorToolbar

McAfee's SiteAdvisor product is a free stand-alone anti-phishing product

Suspect or blocked sites are identified by a popup balloon and by color and text changes in the button.

SiteAdvisor offers a wealth of information about sites, including whether the site appears to send spam and whether it is suspected of being a phishing site.


Netcraft Toolbar

Utilizes Netcraft's very large database of Web servers to flag suspected or actual phishing sites.

The toolbar displays several useful characteristics of the current page, including the country where the Web server is hosted, the true IP address, and a bar-graph "risk rating" indicator.


GeoTrust TrustWatch Toolbar

The TrustWatch Toolbar combines site lookups with phishing protection and Google search.

The toolbar shows the real DNS name of the currently loaded site, and it allows users to specify a visual or textual identifier that the toolbar knows and can display; this helps guard against sites that put up their own fake address bars.


How to rate Phishing tools

Catch rate: how well each tool catches known phish from a common pool of known phish, either by generating a warning or blocking access to the phish page.

False positive rate: how many false warnings or blocks each tool generates from a pool of known-good URLs.


Outline



Lab Procedures

Setting up browsers– Mozilla Firefox– Microsoft Internet Explorer– Opera– Netscape Navigator

Enabling browser anti-phishing Browser Anti-Phishing


Lab Procedures

Attempted to access known phishing websites using the four browsers

Known phishing websites listed at http://www.phishtank.com


Outline



Warning Pages


Browser Results

Opera 44% Blocked

Block

Allowed

Mozilla 67% B locked

Block

Allowed

IE7 67% Blocked

Blocked

Approved

Netscape 0% Blocked

Blocked

Allowed


Mozilla with Toolbars Results

Mozilla 0% Blocked with GeoTrust toolbar

Allowed

Blocked

Mozilla with McAffee SiteAdivsor Toolbar with 100% Blocked

Allowed

Blocked

Mozilla with NetCraft Toolbar 33% Blocked

Allowed

Blocked


IE7 with Toolbars Results

IE7 with NetCraft Toolbar 75% Blocked

Allowed

Blocked

IE7 with GeoTrust 50% Blocked

Allowed

Blocked

IE7 with McAfee SiteAdvisor Toolbar 75% Blocked

Allowed

Blocked


2006 Phishing Studies

Source: http://www.3sharp.com/projects/antiphishing/gone-phishing.pdf


Outline



Summary of new Lab proposal

Students will:– Section 1: Browsers and Phishing

• Setting up browsers• Enabling browser anti-phishing

– Section 2: Browser Anti-Phishing • Anti-phishing and PhishTank • Analyze and compare results between different browsers

– Section 3: Anti-Phishing Toolbar• Analyze and compare results between different browsers

and toolbars


Outline



Preventing Phishing

Enable browser anti-phishing Setup spam/junk mail filters Install anti-phishing toolbars Check suspected websites against

blacklists and whitelists Use false info to check validity If in doubt, DON’T DO IT!!!


Questions

Documents

GONE PHISHING ECE 4112 Final Lab Project Group #19 Enid Brown & Linda Larmore