Phishing and Identity theftITEC810

Saravana Venkatesh Chellam42323088

Supervisor : Josef Pieprzyk

Roadmap :Aim

Significance

Introduction to phishing & its attacks

Overview of phishing techniques

Countermeasures of phishing techniques.

Conclusion and future scope.

Aim:

To understand phishing and its impacts in different industries.

To Identify the phishing techniques.

To provide the counter measures of anti-phishing techniques.

To provide recommendation and identify future scope of phishing.

Project significance:

Few important aspects: loss of privacy by clients, identity of clients is compromised, stolen client credentials can be abused (sold on black market, used to commit computer crimes, etc.)

Due to the scale of the attacks, there is the potential for huge financial loses(average theft of $4000 USD per attack)

Customers of financial institutions, retail companies, social networking sites and internet service providers were frequent targets.

Project significance: In 2010, RSA witnessed a total of 203,985 phishing

attacks launched(RSA online Fraud, 2010)

As compared to the total in 2009, this marks a 27 percent increase in the phishing attack volume over the previous year (RSA online Fraud, 2010)

Project significance:

APWG(Anti-phishing group) - 2010

Project significance: Results of an phishing attack: (Simon

Whitehouse, 2007) 5% Get To The End User – 100,000 (APWG) 5% Click On The Phishing Link – 5,000 (APWG)

60% of banks suffered from Phishing attacks against their brands – (Gartner)

2% Enter Data Into The Phishing Site –100 (Gartner)

Introduction:Phishing is a form of identity theft that aims to steal

sensitive information from user such as password and credit card information.

Mediums include:Emails,Websites,IM.

The Goal is to extract information from a target.

Introduction:The Major driver of phishing is –Money Money Money

!!!

With organisations becoming more aware phishers had to come up with advanced methods.

Phishing attacks nowadays use pre packaged toolkits and advanced spam techniques to ensure maximum exposure.

Phishing attack representation:

Stan Hegt - May 2008 - Analysis of phishing attacks

Overview of Phishing techniquesPhishing delivery modes:

E-mail and Spam

Web-based Delivery

IRC and Instant Messaging

Trojaned Hosts.

Phishing methods:

Gunter 2007 - The Phishing Guide

Phishing techniques:Email techniques :-• Attachments to e-mails –• Use of font differences –• Hyperlinks to similar domain names-• Filling forms .

Web –based techniques:-• Fake banner advertising.• IM .• Fake websites(having similar domain names).• Browser vulnerabilities,Spyware,malware.

Phishing techniques:Spoofed mails:A formal email request is sent to the user to send back

sensitive information.Some scams are like winning notifications which ask for

credit card number and other information.

Spoofed websites:Here fake websites of financial organisation etc are

crafted by attackers similar to the legitimate site.

Mostly these websites are http enabled not https .

Some tricks:To reduce suspicion and increase authenticity:-

The URLs might be obfuscated to look like the legitimate site.

Example :http://privatebanking.mybank.com as http://privatebanking.mybank.com.chhttp://mybank.privatebanking.comhttp://privatebanking.mybonk.com

It uses real logos and corporate identity elements in the spoofed website.

Typical attack:Attacker sends a large number of people of spoofed

emails(that act like to be coming from a legitimate organisation) to users.

The emails have hyperlink to spoofed websites wherein the users are directed to.

The victims are then asked to enter their sensitive information.

Phishing techniques: Instant messenger: As IM clients allow for embedded dynamic content (such

as graphics, URLs, multimedia includes, etc.) to be sent by channel participants.

Usage of bots (automated programs that listen and participate in group discussions) in many of the popular channels, means that it is very easy for a phisher to anonymously send semi-relevant links and fake information to would-be victims.

Phishing techniquesWeb based- Phishing attacks :

Client-side Vulnerability ExploitationBrowser vulnerabilities – Add-ons , plugins etc

Observing Customer Datakey-loggers and screen-grabbers

Phishing Techniques:Observing customer data: Keylogger,screengrabbers

The purpose of key loggers is to observe and record all key presses by the customers.

Some sophisticated phishing attacks make use of code designed to take a screen shot of data that has been entered into a web-based application

Countermeasure against phishing The defensive mechanisms to counter the phishing

technique threats.

The Client-side – this includes the user’s PC and desktop.

The Server-side – this includes the business’ Internet visible systems and custom applications.

Enterprise Level – distributed technologies and third-party management services.

Client side :At the client-side, protection against phishing can be afforded

by:

Desktop protection technologies

User application-level monitoring solutions

Locking-down browser capabilities

Digital signing and validation of email

General security awareness

Server side:

Improving customer awareness

Providing validation information for official communications

Ensuring that the Internet web application is securely developed and doesn’t include easily exploitable attack vectors.

Using strong token-based authentication systems

Keeping naming(domain name) systems simple and understandable

Enterprise level: Automatic validation of sending e-mail server

addresses

Digital signing of e-mail services

Monitoring of corporate domains and notification of “similar” registrations

Perimeter or gateway protection agents

Third-party managed services

Checklist for prevention:Recommendation Consumer BusinessEmail attachments from emails(open only

trusted people emails)Yes Yes

Awareness when receiving emails that ask for account details.

Yes Yes

Avoid clicking on hyperlink in emails. Yes Yes

Report suspicious emails to the authorities. Yes Yes

To be upto date on all information related to phishing.

Yes Yes

Usage of latest browsers versions and installation of security patches.

Yes Yes

Install update and maintain firewalls(including malware, spyware security )

Yes Yes

Consistently monitor logs of firewalls,DNS servers and intrusion detection systems(to check for infected systems etc)

Yes Yes

Ensuring only approved third party devices can connect to the network.

Yes

Future scope of phishing:We expect that the future of scope of phishing is expected

to rise especially in the mobile environment.

The mobile operating systems and browsers lack the security indicators,as a result the users cannot always check if they are in the correct site .

Android phones could be more vulnerable to phishing .(Free market phishy apps online)

Conclusion:

The driver of phishing is money and phishing is expected to rise in future !!!

Awareness and education among users and businesses Usage of technology to fight phishing.

The combat the phishing techniques we need sound anti- phishing policies, measures(defense) and law enforcement.