Presentation is loading. Please wait.

Presentation is loading. Please wait.

Using “Account-free” Services to Combat Phishing, Brand Infringement, and Other Online Threats Qi-fense LLC © 2009 Sebastian Holst

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Using “Account-free” Services to Combat Phishing, Brand Infringement, and Other Online Threats Qi-fense LLC © 2009 Sebastian Holst"— Presentation transcript:

1 Using “Account-free” Email Services to Combat Phishing, Brand Infringement, and Other Online Threats Qi-fense LLC © 2009 Sebastian Holst sebastian@qi-fense.com +1 440 484 2243 Sebastian Holst sebastian@qi-fense.com +1 440 484 2243 This presentation highlights the specific tactical and regulatory advantages that can be gained by tapping information and activity managed by “account-free” email service providers. The removal of constraints imposed by privacy regulations simplifies existing anti-spam and anti-phishing techniques and enables entirely new strategies as well. This presentation highlights the specific tactical and regulatory advantages that can be gained by tapping information and activity managed by “account-free” email service providers. The removal of constraints imposed by privacy regulations simplifies existing anti-spam and anti-phishing techniques and enables entirely new strategies as well.

2 Classic Email User creates account with authentication User creates one or mail mailboxes Mailbox creation Server accepts email to valid mailbox Manages content on behalf of account owner Email service Account owner opts in or forwards content Service harvests misdirected content Email content Account-free email Account-free Email Qi-fense LLC © 2009

3 Use cases End-user ◦ Newsletter subscriptions ◦ Online account credential requests ◦ Transaction confirmations Enterprise ◦ Quality Assurance for testing applications that send email ◦ A forwarding destination from other domains ◦ Enterprise disposable email  Spam diversion  Reduced record-retention

4 Spam examples

5 Plausible deniability

6 Vishing Phishing Brand monitoring Grey market Mule traffic Illicit traffic Malware Account-free email Account-free Email Service Classic email servers Domains Send email Forward email Manual reading Early Parsing & Capture Extended retention and indexing Redirection & Reporting Usage Profiling Qi-fense LLC © 2009

7 Early detection & greater precision Both Unsolicited & Solicited content Access to all server functions (receipt, read, delete) Unrestricted access and distribution rights Account- free Email Account-free email Qi-fense LLC © 2009

8 Account-free email applications Anti-phishing Anti-spam Malware capture Brand monitoring Prosecutorial tool Educational content Enterprise anti-spam control

9 Sample Implementation Q Q Q Q Q Q Mature Account-free Email Services Real-time Alerts Client Admin Reporting Repository Online Discovery Qi-fense Portal Filter Administration Activity query request Statistics aggregation Filter Administration Activity query request Statistics aggregation Filter logic Data collection Message aggregation Alert distribution Filter logic Data collection Message aggregation Alert distribution Activity Reports

10 Samples Alerts Reports Search Sliver Alerts Reports Search Sliver Extract reference URLs Same URL attacking multiple banks Time stamp True IP address Header information Time stamp True IP address Header information True reference URL Time, IP, subject, from, reference URL…

11 Observations A novel source ◦ No precedents inside law enforcement, federal agencies, financial institutions, technology suppliers ◦ Difficult to develop “artificial” sources Organizational mismatch ◦ Take-down, anti-spam, prosecution, education, malware forensics, etc. are rarely in the same organization Fresh ◦ Heavy use ensures that these email addresses will continue to proliferate ◦ Intelligence and applications are still being identified – more work be done! Vulnerable to exclusion ◦ Although domains and IP addresses can shift almost as quickly as with the bad guys ◦ Enterprise sub-domains would permanently eliminate this risk Qi-fense LLC © 2009

12 Q & A Thank you

Download ppt "Using “Account-free” Services to Combat Phishing, Brand Infringement, and Other Online Threats Qi-fense LLC © 2009 Sebastian Holst"

Similar presentations

RSS RSS is an acronymn for Really Simple Syndication or Rich Site Summary. RSS (noun) - an XML format for distributing news headlines on the Web. RSS.

RSS RSS is an acronymn for Really Simple Syndication or Rich Site Summary. RSS (noun) - an XML format for distributing news headlines on the Web. RSS.
TrustPort Net Gateway Web traffic protection. WWW.TRUSTPORT.COM Keep It Secure Contents Latest security threats spam and malware Advantages of entry point.

TrustPort Net Gateway Web traffic protection. Keep It Secure Contents Latest security threats spam and malware Advantages of entry point.
HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.

HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.
PHISHING AND ANTI-PHISHING TECHNIQUES Sumanth, Sanath and Anil CpSc 620.

PHISHING AND ANTI-PHISHING TECHNIQUES Sumanth, Sanath and Anil CpSc 620.
Hacker’s tricks for online users to reveal their sensitive information such as credit card, bank account, and social security. Phishing emails are designed.

Hacker’s tricks for online users to reveal their sensitive information such as credit card, bank account, and social security. Phishing s are designed.
NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.

NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.
1 Aug. 3 rd, 2007Conference on Email and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor Chris Fleizach, Geoffrey M. Voelker, Stefan Savage University.

1 Aug. 3 rd, 2007Conference on and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor Chris Fleizach, Geoffrey M. Voelker, Stefan Savage University.
Lisa Farmer, Cedo Vicente, Eric Ahlm

Lisa Farmer, Cedo Vicente, Eric Ahlm
MailMeter Over 2,000 installations worldwide Meet FRCP requirements SOX, GLBA, HIPAA, SEC, FINRA, BASEL II, FOI, etc. Avoid fines for failure to produce.

MailMeter Over 2,000 installations worldwide Meet FRCP requirements SOX, GLBA, HIPAA, SEC, FINRA, BASEL II, FOI, etc. Avoid fines for failure to produce.
 Malicious or unsolicited mail sent to a mailbox without the option to unsubscribe  Often used as a catch-all of any undesired or questionable mail.

 Malicious or unsolicited mail sent to a mailbox without the option to unsubscribe  Often used as a catch-all of any undesired or questionable mail.
Phishing – Read Behind The Lines Veljko Pejović

Phishing – Read Behind The Lines Veljko Pejović
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.
23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.

23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.
Module 8 Implementing Backup and Recovery. Module Overview Planning Backup and Recovery Backing Up Exchange Server 2010 Restoring Exchange Server 2010.

Module 8 Implementing Backup and Recovery. Module Overview Planning Backup and Recovery Backing Up Exchange Server 2010 Restoring Exchange Server 2010.
Security Guidelines and Management

Security Guidelines and Management
Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.

Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Visit www.EmailDelivered.com for Email Marketing and Deliverability Tips, Tools, & Trainingwww.EmailDelivered.com.

Visit for Marketing and Deliverability Tips, Tools, & Trainingwww. Delivered.com.
TrustPort Net Gateway Web traffic protection. WWW.TRUSTPORT.COM Keep It Secure Contents Latest security threats spam and malware Advantages of entry point.

TrustPort Net Gateway Web traffic protection. Keep It Secure Contents Latest security threats spam and malware Advantages of entry point.

Similar presentations

Ads by Google