Phishing ScamsPhishing Scams

How to Spot A Phising How to Spot A Phising Scam?Scam?

Kim Settle and Tara MoodyKim Settle and Tara Moody

CIS 2010CIS 2010

July 11, 2005July 11, 2005

The NewsThe News

• ““Phishing scams seen surging this year”, Monday June Phishing scams seen surging this year”, Monday June 20,FromMSN!News(http://it.asia1.com.sg/newsdaily/news0020,FromMSN!News(http://it.asia1.com.sg/newsdaily/news001_20050618.html)1_20050618.html)..

• “ “ Phishing Costs Nearly $1 Billion”, Friday, June Phishing Costs Nearly $1 Billion”, Friday, June 24,2005FromMSN!News(http://informationweek.com/story/s24,2005FromMSN!News(http://informationweek.com/story/showartice.jhtml?articleID=164902704).howartice.jhtml?articleID=164902704).

News SummaryNews Summary

• Identity theft is the fastest growing crime in the world. Identity theft is the fastest growing crime in the world. Phishing scams are electronic form of Identity Theft. This Phishing scams are electronic form of Identity Theft. This crime has the potential to slow done the electronic crime has the potential to slow done the electronic commerce because the Internet is birthplace of the “next commerce because the Internet is birthplace of the “next victim or phish”. victim or phish”.

• The phishing scam is a sophisticated form of spam e-mail The phishing scam is a sophisticated form of spam e-mail that retrieves your personal information to commit criminal that retrieves your personal information to commit criminal activities by phishers,scammers or hackers. It so activities by phishers,scammers or hackers. It so sophisticated because the phishing scam is sent to million sophisticated because the phishing scam is sent to million of victims at the same time.of victims at the same time.

• According to Federal Trade Commission, Direct economic According to Federal Trade Commission, Direct economic losses in the United States totaled over $574 million in losses in the United States totaled over $574 million in 2004.2004.

News SummaryNews Summary

• Anyone with an e-mail address is at risk of being phished. Anyone with an e-mail address is at risk of being phished.

• According to poll conducted by Gartner, during the past 12 months that According to poll conducted by Gartner, during the past 12 months that ended in May, 73 million Americans adults received an average of more ended in May, 73 million Americans adults received an average of more than 50 phishing e-mails. The number was 28% higher than the previous , than 50 phishing e-mails. The number was 28% higher than the previous , when 57 million Americans were targetedwhen 57 million Americans were targeted

• America Online is identifying and blocking phishing mail from reaching its America Online is identifying and blocking phishing mail from reaching its members mailboxes. On March 31, 2005, Microsoft filed 117 federal members mailboxes. On March 31, 2005, Microsoft filed 117 federal lawsuits in U.S. District Court for Western District of Washington,which lawsuits in U.S. District Court for Western District of Washington,which accuse “John Doe” of phishing.accuse “John Doe” of phishing.

• Democrat Senator Patrick Leahy introduced the Democrat Senator Patrick Leahy introduced the Anti-Phishing Act of 2005 Anti-Phishing Act of 2005 on March 1, 2005. The federal bill proposes that criminal who create fake on March 1, 2005. The federal bill proposes that criminal who create fake Websites and spam bogus e-mails be fined up to $250,000 and have jail Websites and spam bogus e-mails be fined up to $250,000 and have jail term up to 5 years.term up to 5 years.

Background InformationBackground Information

• The original form of hacking was known as” phreaking”. The original form of hacking was known as” phreaking”.

• ““Ph” is a common hacker replacement for “f”Ph” is a common hacker replacement for “f”

• Phreaking was coined by the first hacker, John Draper (aka Phreaking was coined by the first hacker, John Draper (aka ”Captain Crunch”)”Captain Crunch”)

• John invented “phreaking” by creating the infamous Blue John invented “phreaking” by creating the infamous Blue Box.Box.

• Blue Box, a device that was used to hack telephone Blue Box, a device that was used to hack telephone systems in the early 1970s.systems in the early 1970s.

What is Phising Scam?What is Phising Scam?

• Phising is a scam and form of identify theft.Phising is a scam and form of identify theft. It used by It used by hackers or cyber-thief to steal your personal information.hackers or cyber-thief to steal your personal information.

• Sophisticated form of spam-email that could lead to theft of Sophisticated form of spam-email that could lead to theft of your credit card numbers, account information, or other your credit card numbers, account information, or other personal data, which is the electronic form of Identity Theft.personal data, which is the electronic form of Identity Theft.

• Phising comes from the analogy that Internet scammers are Phising comes from the analogy that Internet scammers are using e-mail lures to fish for passwords and financial data using e-mail lures to fish for passwords and financial data from the sea of Internet users. The term was coined in 1996 from the sea of Internet users. The term was coined in 1996 by hackers who stole AOL accounts by scamming by hackers who stole AOL accounts by scamming passwords from AOL user.passwords from AOL user.

How does Phishing Work?How does Phishing Work?

• The scam artist sends out millions of e-mail messages that The scam artist sends out millions of e-mail messages that

appears to be trustful website, like bank or credit card appears to be trustful website, like bank or credit card company. The e-mail messages, pop-up windows, and web company. The e-mail messages, pop-up windows, and web links appear to be official and legitimate. links appear to be official and legitimate.

• The copycat sites are also called “spoofed” websites.The copycat sites are also called “spoofed” websites.

• Once you are on the “spoofed" sites, you will unknowingly Once you are on the “spoofed" sites, you will unknowingly sending personal information to phishers, hackers, con sending personal information to phishers, hackers, con artist, scammers, or cyber thieves, which use your artist, scammers, or cyber thieves, which use your information to purchase items or perform criminal activities.information to purchase items or perform criminal activities.

Phishing MethodsPhishing MethodsFour Common Phishing MethodsFour Common Phishing Methods• The victim responds, by return email, to a fraudulent “account The victim responds, by return email, to a fraudulent “account

verification” or “account update” request letter from the phisher.verification” or “account update” request letter from the phisher.• The victim fills out an email form (an HTML-based submission form, The victim fills out an email form (an HTML-based submission form,

in the phisher’s email message), which forward the victim’s input in the phisher’s email message), which forward the victim’s input to the criminal’s email/website address.to the criminal’s email/website address.

• The victim clicks on a website “link” in an email, that leads to the The victim clicks on a website “link” in an email, that leads to the phisher’s website, rather than legitimate site. Victim know for this phisher’s website, rather than legitimate site. Victim know for this scam: FBI (hoax website-20030scam: FBI (hoax website-20030

• The phisher intentionally alters Uniform Resource Locator (URL) The phisher intentionally alters Uniform Resource Locator (URL) the name of well-known website by adding, omitting, or the name of well-known website by adding, omitting, or transposing letters. For example, the URL www.MICROSOFT.COM transposing letters. For example, the URL www.MICROSOFT.COM appears as: www.micosoft.com,www.mircosoft.com,www.verify-appears as: www.micosoft.com,www.mircosoft.com,www.verify-microsoft.com.microsoft.com.

• Companies that have been known to be victims of this scam Companies that have been known to be victims of this scam include: AOL, IRS, MSN, Earthlink, Yahoo, Paypal,eBay, BestBuy, include: AOL, IRS, MSN, Earthlink, Yahoo, Paypal,eBay, BestBuy, DiscoverCard, Bank of America, and Providian.DiscoverCard, Bank of America, and Providian.

What Does a Phishing Scam What Does a Phishing Scam Look Like?Look Like?

1.1. The “ From Field” appears to be The “ From Field” appears to be from legitimate company in the from legitimate company in the e-mail.e-mail.

2.2. The e-mail usually contain logos The e-mail usually contain logos or images that have been taken or images that have been taken form the authentic company form the authentic company website.website.

3.3. The e-mail will contain a clickable The e-mail will contain a clickable link with text suggesting you to link with text suggesting you to use the inserted link to validate use the inserted link to validate your information.your information.

4.4. The hyperlink is highlighted, the The hyperlink is highlighted, the bottom left screen shows the real bottom left screen shows the real Website address to go to. Note: Website address to go to. Note: the hyperlink does NOT point to the hyperlink does NOT point to the legitimate Citibank Web site the legitimate Citibank Web site URL.URL.

From : Citibank<alert@citibank.comFrom : Citibank<alert@citibank.com

To: To: JohnD1@student.gsu.eduJohnD1@student.gsu.edu

Subject: Citibank Alerting ServiceSubject: Citibank Alerting Service

CiCittiiDear Citibank Customer:Dear Citibank Customer:

We were unable to process the recent We were unable to process the recent transactions on your account. To ensure transactions on your account. To ensure that your account is not suspended, please that your account is not suspended, please update your clicking update your clicking here or click onto here or click onto “www.citibank.com/secure”.“www.citibank.com/secure”.

If you have recently updated your If you have recently updated your information , please disregard this message information , please disregard this message as we are processing the changes you have as we are processing the changes you have made.made.

Citibank Customer ServiceCitibank Customer Service

Source:http:www.webopedia.com/Source:http:www.webopedia.com/DidYouKnow/DidYouKnow/

Internet/2005/phishing.aspInternet/2005/phishing.asp

How to Prevent PhishingHow to Prevent Phishing

1.1. Avoid filling out forms in e-Avoid filling out forms in e-mail messages that ask for mail messages that ask for personal information.personal information.

2.2. Phiser e-mails are NOT Phiser e-mails are NOT personalized. Valid e-mails personalized. Valid e-mails from your bank or e-from your bank or e-commerce company use your commerce company use your correct name.correct name.

3.3. Never click on any link to a Never click on any link to a bank, eBay, or other bank, eBay, or other merchants via e-mail. Open a merchants via e-mail. Open a browser and type in the URL.browser and type in the URL.

4.4. Do not used number listed in Do not used number listed in e-mail. Look-up institution in e-mail. Look-up institution in phone book and call yourself.phone book and call yourself.

5.5. Do click on attachmentsDo click on attachments

66. Run and update on a regular basis . Run and update on a regular basis anti-virus and anti-spyware anti-virus and anti-spyware applications and firewall and applications and firewall and privacy protection software.privacy protection software.

7.7. Phishers send upsetting or exciting Phishers send upsetting or exciting but (false) statement in their e-but (false) statement in their e-mails to get an immediately mails to get an immediately response.response.

88. Do not store PINS on your . Do not store PINS on your computer. Invest in cross-cutter computer. Invest in cross-cutter shredder and pour bleach in the shredder and pour bleach in the bag.bag.

9.9. Regularly check your bank and Regularly check your bank and credit statements.credit statements.

10.10. Order and Review your credit Order and Review your credit reports reports (www.FreeAnnualreport.com(www.FreeAnnualreport.com

DiscussionDiscussion

• Q: What was the first website to be phished?Q: What was the first website to be phished?• A: AOLA: AOL• Q: What is the first program well-know for phishing AOL?Q: What is the first program well-know for phishing AOL?• A:AOHELLA:AOHELL• Why do you feel that there such as increase in phising attacks?Why do you feel that there such as increase in phising attacks?• Who should be responsible for preventing or slowing down phising Who should be responsible for preventing or slowing down phising

scams?scams? Note: AOL is first server to prevent phishing to their Note: AOL is first server to prevent phishing to their account holders. Bank of America is second--photos.account holders. Bank of America is second--photos.

• Q: If you receive a e-mail message from your bank indicating that Q: If you receive a e-mail message from your bank indicating that dear accountholder you are overdrawn on your checking account dear accountholder you are overdrawn on your checking account by $347.58 for check that bounced. You do not remember writing by $347.58 for check that bounced. You do not remember writing a check for this amount. What do you do?a check for this amount. What do you do?

• A: Call the bank. If you do anything else, you have been phishedA: Call the bank. If you do anything else, you have been phished..

Resources/ReferencesResources/References

• www.mircosoft.com/athome/security/email/phisinwww.mircosoft.com/athome/security/email/phising.mspxg.mspx

• www.webopedia.com/DidYouKnow/Internet/www.webopedia.com/DidYouKnow/Internet/2005/phising.asp2005/phising.asp

• www.crimedoctor.com/phising_scam.htmwww.crimedoctor.com/phising_scam.htm

• http://en.wikipedia.org/wiki/Phisinghttp://en.wikipedia.org/wiki/Phising

• www.windowsecurity.com/articles/Avoid-www.windowsecurity.com/articles/Avoid-Phising.htmlPhising.html