Phishing – Read Behind The Lines Veljko Pejović

Slides:

Advertisements

Similar presentations

A Software Keylogger Attack By Daniel Shapiro. Social Engineering Users follow “spoofed” s to counterfeit sites Users “give up” personal financial.

Advertisements

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.

ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.

How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

PHISHING By, Himanshu Mishra Parrag Mehta. OUTLINE What is Phishing ? Phishing Techniques Message Delivery Effects of Phishing Anti-Phishing Techniques.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.

Threats To A Computer Network

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Phishing, Pharming, and Spam Margaret StewartTuesday, Oct. 21, 2006.

Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.

Teach a man (person) to Phish Recognizing scams, spams and other personal security attacks July 17 th, 2013 High Tea at IT, Summer, 2013.

BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 

The OWASP Foundation OWASP Chennai Phishing.

DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?

How It Applies In A Virtual World

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Threats to I.T Internet security By Cameron Mundy.

Internet safety By Lydia Snowden.

Phishing and Intrusion Prevention Tod Beardsley, TippingPoint (a division of 3Com), 02/15/06 – IMP-201.

Scholarship Scams Avoiding Scholarship Scams, Phishing & Identity Theft at All Cost.

PHISHING AND SPAM INTRODUCTION There’s a good chance that in the past week you have received at least one that pretends to be from your bank,

1 Getting A Hook On Phishing Laurie Werner Miami University Chuck Frank Northern Kentucky University.

Reliability & Desirability of Data

Scams & Schemes Common Sense Media.

Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.

Phishing, Spoofing, Spamming and Security How To Protect Yourself Additional Credits: Educause/SonicWall, Hendra Harianto Tuty, Microsoft Corporation,

URL Obscuring COEN 252 Computer Forensics  Thomas Schwarz, S.J

Introduction to ITE Chapter 9 Computer Security. Why Study Security?  This is a huge area for computer technicians.  Security isn’t just anti-virus.

Phishing Pharming Spam. Phishing: Definition  A method of identity theft carried out through the creation of a website that seems to represent a legitimate.

Web Spoofing Steve Newell Mike Falcon Computer Security CIS 4360.

Drive-by pharming is an interesting type of networking attack that combines multiple networking vulnerabilities and average user laziness to create an.

BTT12OI.  Do you know someone who has been scammed online? What happened?  Been tricked into sending someone else money (not who they thought they were)

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Chapter 7 Phishing, Pharming, and Spam. Phishing Phishing is a criminal activity using computer security techniques. Phishers try to acquire information.

CCT355H5 F Presentation: Phishing November Jennifer Li.

About Phishing Phishing is a criminal activity using social engineering techniques.criminalsocial engineering Phishers attempt to fraudulently acquire.

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.

Phishing Internet scams. Phishing phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and.

What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.

Detecting Phishing in s Srikanth Palla Ram Dantu University of North Texas, Denton.

Topic 5: Basic Security.

Measures to prevent MITM attack and their effectiveness CSCI 5931 Web Security Submitted By Pradeep Rath Date : 23 rd March 2004.

U.S. Businesses Targeted Randy Wolverton Brian J. Koechner.

Protecting Yourself from Fraud including Identity Theft Personal Finance.

PHISHING PRESENTED BY: ARQAM PASHA. AGENDA What is Phishing? Phishing Statistics Phishing Techniques Recent Examples Damages Caused by Phishing How to.

Phishing & Pharming Methods and Safeguards Baber Aslam and Lei Wu.

Spoofing The False Digital Identity. What is Spoofing?  Spoofing is the action of making something look like something that it is not in order to gain.

Safe Computing Practices. What is behind a cyber attack? 1.

Zeus Virus By: Chris Foley. Overview  What is Zeus  What Zeus Did  The FBI investigation  The virus for phones  Removal and detection  Conclusion.

Phishing and Internet Scams. Definitions and recent statistics Why is it dangerous? Phishing techniques and identifiers Examples of phishing and scam.

CNP Fraud. Occurs when a fraudster falsifies an application to acquire a credit card using an individual’s personal information. (Eg: postal intercept)

DNS Security Risks Section 0x02. Joke/Cool thing traceroute traceroute c

Cyber security. Malicious Code Social Engineering Detect and prevent.

Fall Phishing - attempt to acquire sensitive information, like bank account information or an account password, by posing as a legitimate entity.

PHISHING Hi, The comms team asked if I could refresh everyone about Phishing after a fairly successful phishing circulated last week that led to.

I S P S loss Prevention.

Phishing is a form of social engineering that attempts to steal sensitive information.

Cybersecurity Awareness

Information Security Session October 24, 2005

Lecture 2 - SQL Injection

Security in mobile technologies

Presentation transcript:

Phishing – Read Behind The Lines Veljko Pejović

2 What is Phishing? "Phishing attacks use both social engineering and technical subterfuge to steal consumers' personal identity data and financial account credentials” Anti-phishing Working Group

3 What is Phishing? Social engineering aspect:  Sending “spoofed” s  Building confidence between a phisher and a victim Technical aspect:  Spyware  Pharming - DNS poisoning

4 Key Characteristics Upsetting or exciting statements – must react immediately Ask for information such as username, passwords, credit card numbers, social security numbers, etc. s are typically NOT personalized “Masked” links

5 Phishing Example Actually links to

6 Phishing Example Another false link!

7 Once you get caught... False Citi-Bank URL!

8 Consequences Customers:  Financial consequences – stolen financial information  Trust and effective communication can suffer Service providers (banks, retailers...)  Diminishes value of a brand  Customer loss  Could affect stakeholders

9 Spear Phishing Targeted at a specific company, government agency, organization, or group Phisher gets an address of an administrator/colleague Spoofed asks employees to log on to a corporate network A key-logger application records passwords Phisher can access corporate information

10 Phishing Techniques Phishing through compromised web servers  Find vulnerable servers  Gain access to the server  Pre-built phishing web sites are up  Mass ing tools are downloaded and used to advertise the fake web site via spam  Web traffic begins to arrive at the phishing web site and potential victims access the malicious content

11 Phishing Techniques Phishing through port redirection  Find vulnerable servers  Install software that will forward port 80 traffic to a remote server  Make sure that it is running even after a reboot,  Try not to get detected  Web traffic begins to arrive at the phishing web site and potential victims access the malicious content

12 Phishing Techniques Combined technique  If a remote host is lost other will continue to phish  If the central phishing site is lost, compromise another and update redirections  Faster configuration setup, concurrent adjustments can be made

13 Phishing Techniques Additional aproaches  Register similar sounding DNS domains and setting up fake web sites, e.g  Configure the fake phishing web site to record any input data that the user submits silently log them and then forward the user to the real web site  Attempt to exploit weaknesses in the user's web browser to mask the true nature of the message content

14 Phishing Techniques Transfer of funds  International transfers are monitored, find an intermediate person to send the money  “Hello! We finding Europe persons, who can Send/Receive bank wires from our sellings, from our European clients. To not pay TAXES from international transfers in Russia. We offer 10% percent from amount u receive and pay all fees, for sending funds back. Amount from 1000 euro per day. All this activity are legal in Europe, Thank you, FINANCIE LTD.”

15 Pharming Typing URL e.g. Translates to IP address www.newegg.com DNS – a dictionary with pairs URL - IP What happens if somebody hacks DNS?  Instead of , might take us to  Usually, a false web page is there

16 Pharming How hard is it to perform DNS poisoning?  Local DNS cache  Local DNS  Wireless routers

17 Statistics for August 2006, APWG Number of unique phishing reports received in August: Number of unique phishing sites received in August: Number of brands hijacked by phishing campaigns in Aug: 148 Number of brands comprising the top 80% of phishing campaigns in August: 17 Country hosting the most phishing websites: United States Contain some form of target name in URL: 48 % No hostname just IP address: 36 % Percentage of sites not using port 80: 5.9 % Average time online for site: 4.5 days Longest time online for site: 31 days

18 Phishing Prevention Public Education:  Do not believe anyone addressing you as a 'Dear Customer' 'Dear business partner', etc.  Do not respond to an requesting username, password, bank account number, etc.  Do not click on the link provided in an e- mail message  Report phishing or spoofed s

19 Phishing Prevention Necessary software infrastructure:  Website authentication Certificate  authentication Digital signature  Anti-virus software

20 References Anti-Phishing Working Group The Honeynet Project & Research Alliance: Behind the Scenes of Phishing Attacks Phishing, M. E. Kabay, Norwich University Let's Go Phishing, MOREnet, University of Missouri You've Been Hacked, J. King, Bakersfield College

Phishing – Read Behind The Lines Veljko Pejović Thank You!