Presentation is loading. Please wait.

Presentation is loading. Please wait.

GONE PHISHING ECE 4112 Final Lab Project Group #19 Enid Brown & Linda Larmore.

Published byJames Harper Modified over 8 years ago

Similar presentations

Presentation on theme: "GONE PHISHING ECE 4112 Final Lab Project Group #19 Enid Brown & Linda Larmore."— Presentation transcript:

1 GONE PHISHING ECE 4112 Final Lab Project Group #19 Enid Brown & Linda Larmore

2 2 Comparative Analysis of Browser Anti-Phishing Techniques Outline  Phishing for facts  Goals of Lab  Anti-Phishing techniques  Lab Procedures  Lab Results  Conclusion  Discussion

3 3 Comparative Analysis of Browser Anti-Phishing Techniques Background  Phishing can be defined as an attempt to obtain sensitive and personal information by masquerading as a trustworthy entity in some form of electronic communication.  This sensitive information includes, but is not limited to passwords, credit card numbers, and usernames.  As a result, all major browsers contain some type of anti-phishing measure, that is either turned on or off by default.  With an increase in the amount of spam that most email addresses receive, phishing has become more and more popular and it is important that we learn how to protect out information and detect these sites.

4 4 Comparative Analysis of Browser Anti-Phishing Techniques YeahRight ● ● ● ● ● ● ●

5 5 Outline  Phishing for facts  Goals of Lab  Anti-Phishing techniques  Lab Procedures  Lab Results  Conclusion  Discussion

6 6 Comparative Analysis of Browser Anti-Phishing Techniques Goals  The goals for this lab are: – To introduce the concept of Phishing exploits –Compare the anti-phishing techniques that different browsers utilize –Compare the anti-phishing software available.

7 7 Comparative Analysis of Browser Anti-Phishing Techniques Outline  Phishing for facts  Goals of Lab  Anti-Phishing techniques  Lab Procedures  Lab Results  Conclusion  Discussion

8 8 Comparative Analysis of Browser Anti-Phishing Techniques Microsoft Phishing Filter in Windows Internet Explorer 7  Microsoft Phishing Filter, uses a combination of Microsoft’s URL Reputation Service (URS) and local heuristics built into the IE 7 browser.  These methods allow it to identify and warn users in real time of suspected phish URLs, and block them from accessing confirmed phishing sites that have been reported to the URS by either users or third-party data providers.

9 9 Comparative Analysis of Browser Anti-Phishing Techniques Netscape Browser 9.0  Includes a built in phishing filter  Relies solely on a blacklist, which is maintained by AOL and updated frequently

10 10 Comparative Analysis of Browser Anti-Phishing Techniques Opera  When Opera Fraud Protection is enabled, a server is contacted at Opera every time you request a Web page.  HTTPS sites are checked via an encrypted channel, while IP addresses on the local intranet will never be checked.  The server checks the domain name of the requested page against live whitelists compiled by GeoTrust, and blacklists compiled by GeoTrust and Phishtank.GeoTrust Phishtank  Opera's fraud protection server downloads blacklists directly from Phishtank, and sends a query to GeoTrust.

11 11 Comparative Analysis of Browser Anti-Phishing Techniques Mozilla Firefox  Phishing Protection is turned on by default in Firefox 2 or later, and works by checking the sites that you browse to against a list of known phishing sites.  This list is automatically downloaded and regularly updated within Firefox when the Phishing Protection feature is enabled.

12 12 Comparative Analysis of Browser Anti-Phishing Techniques McAfee SiteAdvisor Toolbar  McAfee's SiteAdvisor product is a free stand- alone anti-phishing product  Suspect or blocked sites are identified by a popup balloon and by color and text changes in the button.  SiteAdvisor offers a wealth of information about sites, including whether the site appears to send spam and whether it is suspected of being a phishing site.

13 13 Comparative Analysis of Browser Anti-Phishing Techniques Netcraft Toolbar  Utilizes Netcraft's very large database of Web servers to flag suspected or actual phishing sites.  The toolbar displays several useful characteristics of the current page, including the country where the Web server is hosted, the true IP address, and a bar-graph "risk rating" indicator.

14 14 Comparative Analysis of Browser Anti-Phishing Techniques GeoTrust TrustWatch Toolbar  The TrustWatch Toolbar combines site lookups with phishing protection and Google search.  The toolbar shows the real DNS name of the currently loaded site, and it allows users to specify a visual or textual identifier that the toolbar knows and can display; this helps guard against sites that put up their own fake address bars.

15 15 Comparative Analysis of Browser Anti-Phishing Techniques How to rate Phishing tools  Catch rate: how well each tool catches known phish from a common pool of known phish, either by generating a warning or blocking access to the phish page.  False positive rate: how many false warnings or blocks each tool generates from a pool of known-good URLs.

16 16 Comparative Analysis of Browser Anti-Phishing Techniques Outline  Phishing for facts  Goals of Lab  Anti-Phishing techniques  Lab Procedures  Lab Results  Conclusion  Discussion

17 17 Comparative Analysis of Browser Anti-Phishing Techniques Lab Procedures  Setting up browsers –Mozilla Firefox –Microsoft Internet Explorer –Opera –Netscape Navigator  Enabling browser anti-phishing  Browser Anti-Phishing

18 18 Comparative Analysis of Browser Anti-Phishing Techniques Lab Procedures  Attempted to access known phishing websites using the four browsers  Known phishing websites listed at http://www.phishtan k.com

19 19 Comparative Analysis of Browser Anti-Phishing Techniques Outline  Phishing for facts  Goals of Lab  Anti-Phishing techniques  Lab Procedures  Lab Results  Conclusion  Discussion

20 20 Comparative Analysis of Browser Anti-Phishing Techniques Warning Pages

21 21 Comparative Analysis of Browser Anti-Phishing Techniques Browser Results

22 22 Comparative Analysis of Browser Anti-Phishing Techniques Mozilla with Toolbars Results

23 23 Comparative Analysis of Browser Anti-Phishing Techniques IE7 with Toolbars Results

24 24 Comparative Analysis of Browser Anti-Phishing Techniques 2006 Phishing Studies Source: http://www.3sharp.com/projects/antiphishing/gone-phishing.pdf

25 25 Comparative Analysis of Browser Anti-Phishing Techniques Outline  Phishing for facts  Goals of Lab  Anti-Phishing techniques  Lab Procedures  Lab Results  Conclusion  Discussion

26 26 Comparative Analysis of Browser Anti-Phishing Techniques Summary of new Lab proposal  Students will: –Section 1: Browsers and Phishing Setting up browsers Enabling browser anti-phishing –Section 2: Browser Anti-Phishing Anti-phishing and PhishTank Analyze and compare results between different browsers –Section 3: Anti-Phishing Toolbar Analyze and compare results between different browsers and toolbars

27 27 Comparative Analysis of Browser Anti-Phishing Techniques Outline  Phishing for facts  Goals of Lab  Anti-Phishing techniques  Lab Procedures  Lab Results  Conclusion  Discussion

28 28 Comparative Analysis of Browser Anti-Phishing Techniques Preventing Phishing  Enable browser anti-phishing  Setup spam/junk mail filters  Install anti-phishing toolbars  Check suspected websites against blacklists and whitelists  Use false info to check validity  If in doubt, DON’T DO IT!!!

29 29 Comparative Analysis of Browser Anti-Phishing Techniques Questions

Download ppt "GONE PHISHING ECE 4112 Final Lab Project Group #19 Enid Brown & Linda Larmore."

Similar presentations

® Microsoft Office 2010 Browser and Email Basics.

® Microsoft Office 2010 Browser and Basics.
Browser Comparisons Internet Explorer 8 & 9, Chrome 11 and Firefox 4 Security, Privacy, Add-ons & Convenience.

Browser Comparisons Internet Explorer 8 & 9, Chrome 11 and Firefox 4 Security, Privacy, Add-ons & Convenience.
Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.

Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.
Internet Safety Gleneagles Computer Club February 16, 2015 by Deborah Benson.

Internet Safety Gleneagles Computer Club February 16, 2015 by Deborah Benson.
6 C H A P T E R © 2001 The McGraw-Hill Companies, Inc. All Rights Reserved1 Electronic Mail Electronic mail has revolutionized the way people communicate.

6 C H A P T E R © 2001 The McGraw-Hill Companies, Inc. All Rights Reserved1 Electronic Mail Electronic mail has revolutionized the way people communicate.
1 CANTINA : A Content-Based Approach to Detecting Phishing Web Sites WWW 2007 2008.09.09 Yue Zhang, Jason Hong, and Lorrie Cranor.

1 CANTINA : A Content-Based Approach to Detecting Phishing Web Sites WWW Yue Zhang, Jason Hong, and Lorrie Cranor.
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.

Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
Lesson 4: Web Browsing.

Lesson 4: Web Browsing.
Internet Phishing Not the kind of Fishing you are used to.

Internet Phishing Not the kind of Fishing you are used to.
Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.

Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.
Privacy and Security on the Web Part 1. Agenda Questions? Stories? Questions? Stories? IRB: I will review and hopefully send tomorrow. IRB: I will review.

Privacy and Security on the Web Part 1. Agenda Questions? Stories? Questions? Stories? IRB: I will review and hopefully send tomorrow. IRB: I will review.
DVG-N5402SP.

DVG-N5402SP.
What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.

What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.
FIRST COURSE Computer Concepts Internet and Email Microsoft Office Get to Know Your Computer.

FIRST COURSE Computer Concepts Internet and Microsoft Office Get to Know Your Computer.
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.
SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004

SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004
Managing and Avoiding Junkmail. Junk E-mail  Where does Junk Mail come from? People with whom you do business  Pepsi Friends of people with whom you.

Managing and Avoiding Junkmail. Junk  Where does Junk Mail come from? People with whom you do business  Pepsi Friends of people with whom you.
Boris Tshibangu. What is a proxy server? A proxy server is a server (a computer system or an application) that acts as an intermediary for requests from.

Boris Tshibangu. What is a proxy server? A proxy server is a server (a computer system or an application) that acts as an intermediary for requests from.
Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.

Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.
11 SUPPORTING INTERNET EXPLORER IN WINDOWS XP Chapter 11.

11 SUPPORTING INTERNET EXPLORER IN WINDOWS XP Chapter 11.

Similar presentations

Ads by Google