Presentation is loading. Please wait.

Presentation is loading. Please wait.

Phishing for Phish in the Phispond A lab on understanding Phishing attacks and defenses … Group 21-B Sagar Mehta.

Published byRichard Watson Modified over 9 years ago

Similar presentations

Presentation on theme: "Phishing for Phish in the Phispond A lab on understanding Phishing attacks and defenses … Group 21-B Sagar Mehta."— Presentation transcript:

1 Phishing for Phish in the Phispond A lab on understanding Phishing attacks and defenses … Group 21-B Sagar Mehta

2 Phishing attacks – State of the Art … (simple ) Do-it-yourself phishing kits found on the internet, reveals Sophos Do-it-yourself phishing kits found on the internet, reveals Sophos Use spamming software/ hire a botnet Use spamming software/ hire a botnet Url obfuscation Url obfuscation Source - A Framework for Detection and Measurement of Phishing Attacks - Doshi et al

3 What you need to be aware of ? - Subtle aspects … Unicode attacks – paypal.com/ cyrillic ‘a’ Unicode attacks – paypal.com/ cyrillic ‘a’ False security indicators – pad-lock icon, certificates False security indicators – pad-lock icon, certificates Address bar hijacking Address bar hijacking Discrepancy between anchor text/link Discrepancy between anchor text/link Redirects Redirects Dynamic nature – site up for 4.8 days on average/rotating ips Dynamic nature – site up for 4.8 days on average/rotating ips Negligence – Why Phishing works ? Negligence – Why Phishing works ? Legitimate sites usually won’t ask you to update information online, out of band methods – similar to symmetric key exchange … Legitimate sites usually won’t ask you to update information online, out of band methods – similar to symmetric key exchange …

4 Statistics … Source - Phishing Activity Trends Report July, 2006, Anti-Phishing workgroup

5 Defenses – State of the Art … Why phishing works ? – Dhamija et al Why phishing works ? – Dhamija et al The Battle Against Phishing:Dynamic Security Skins - Dhamija et al The Battle Against Phishing:Dynamic Security Skins - Dhamija et al Detection of Phishing pages based on visual similarity - Liu et al Detection of Phishing pages based on visual similarity - Liu et al Modeling and Preventing Phishing Attacks – Jakobsson et al Modeling and Preventing Phishing Attacks – Jakobsson et al PHONEY: Mimicking User Response to Detect Phishing Attacks - Chandrasekaran et al PHONEY: Mimicking User Response to Detect Phishing Attacks - Chandrasekaran et al Cont …

6 Defenses – State of the Art Anomaly Based Web Phishing Page Detection - Pan et al Anomaly Based Web Phishing Page Detection - Pan et al Phighting the Phisher: Using Web Bugs and Honeytokens to Investigate the Source of Phishing Attacks - McRae et al Phighting the Phisher: Using Web Bugs and Honeytokens to Investigate the Source of Phishing Attacks - McRae et al A Framework for Detection and Measurement of Phishing Attacks - Doshi et al A Framework for Detection and Measurement of Phishing Attacks - Doshi et al Anti-Spam Techniques – spam, a vehicle for Phishing attacks Anti-Spam Techniques – spam, a vehicle for Phishing attacks

7 What to do if you suspect an url/ip is Phishing ? Look if already present in any blacklist – phishtank, anti-Phishing workgroup Look if already present in any blacklist – phishtank, anti-Phishing workgroup DIG.multi.surbl.org DIG.multi.surbl.org entry will resolve into an address (DNS A record) whose last octet indicates which lists it belongs to entry will resolve into an address (DNS A record) whose last octet indicates which lists it belongs to The bit positions in that octet for the different lists are: 2 = comes from sc.surbl.org 4 = comes from ws.surbl.org 8 = comes from phishing data source (labelled as [ph] in multi) 16 = comes from ob.surbl.org 32 = comes from ab.surbl.org 64 = comes from jp data source (labelled as [jp] in multi)

8 Anti-Phishing tools … Source - A Framework for Detection and Measurement of Phishing Attacks - Doshi et al

9 Enough of the application layer yada yada … Can we do better ? Can we do better ? Analysis of Phishing at network level – the current set up … Analysis of Phishing at network level – the current set up … Why it is challenging ? Why it is challenging ? Lessons learned … Lessons learned …

10 Interaction with Phishing Sites

11

12

13 Source address frequency …

14 Dest addr frequency …

15

16 CDF – Bank Of America, Phishing site – bytes

17 CDF – Bank Of America, Phishing site – duration

18 CDF – Bank Of America, Phishing site – packets

19 Src addr frequency to yahoo hosted Phishing site …

20 CDF bytes - yahoo

21 CDF duration – yahoo …

22 CDF packets yahoo …

23 Recent statistics … A number of phishing websites are in fact legitimate servers that were compromised through software vulnerabilities, exploited by hackers and covertly turned into illegal phishing sites - making the hackers more difficult to track. A number of phishing websites are in fact legitimate servers that were compromised through software vulnerabilities, exploited by hackers and covertly turned into illegal phishing sites - making the hackers more difficult to track. Source: SecurityFocus.com

24 What we learned ? Challenges of Network Level Phishing Challenges of Network Level Phishing Data Sources Data Sources Real-Time Mapping Real-Time Mapping Multiple Domain Hosting Multiple Domain Hosting Redirection Techniques Redirection Techniques Grad Students Grad Students

25 What we are exploring now ? Combined Data Sources Combined Data Sources Application Level Sources Application Level Sources DNS Traces DNS Traces Multiple Vantage Points Multiple Vantage Points Different Universities with Spam Traps Different Universities with Spam Traps Is Phishing Targeted? Is Phishing Targeted? Percentage Phishing Mails per Spam Trap Percentage Phishing Mails per Spam Trap

26 What does the lab look like ? Phishing basics Phishing basics Attacks – state of the art Attacks – state of the art Defenses – state of the art Defenses – state of the art What you need to be aware of so as no to fall prey to Phishing ? What you need to be aware of so as no to fall prey to Phishing ? Phishing IQ test - Phishing IQ test - 100% - Hurray !!! I’m the Phishmaster 100% - Hurray !!! I’m the Phishmaster < 70% - Don’t do online transactions …

27 References … Why phishing works ? – Dhamija et al Why phishing works ? – Dhamija et al The Battle Against Phishing:Dynamic Security Skins - Dhamija et al The Battle Against Phishing:Dynamic Security Skins - Dhamija et al Detection of Phishing pages based on visual similarity - Liu et al. Detection of Phishing pages based on visual similarity - Liu et al. Modeling and Preventing Phishing Attacks – Jakobsson et al Modeling and Preventing Phishing Attacks – Jakobsson et al PHONEY: Mimicking User Response to Detect Phishing Attacks - Chandrasekaran et al PHONEY: Mimicking User Response to Detect Phishing Attacks - Chandrasekaran et al Anomaly Based Web Phishing Page Detection - Pan et al Anomaly Based Web Phishing Page Detection - Pan et al Phighting the Phisher: Using Web Bugs and Honeytokens to Investigate the Source of Phishing Attacks - McRae et al Phighting the Phisher: Using Web Bugs and Honeytokens to Investigate the Source of Phishing Attacks - McRae et al A Framework for Detection and Measurement of Phishing Attacks - Doshi et al A Framework for Detection and Measurement of Phishing Attacks - Doshi et al

Download ppt "Phishing for Phish in the Phispond A lab on understanding Phishing attacks and defenses … Group 21-B Sagar Mehta."

Similar presentations

Protecting Browser State from Web Privacy Attacks Collin Jackson, Andrew Bortz, Dan Boneh, John Mitchell Stanford University.

Protecting Browser State from Web Privacy Attacks Collin Jackson, Andrew Bortz, Dan Boneh, John Mitchell Stanford University.
PhishZoo: Detecting Phishing Websites By Looking at Them

PhishZoo: Detecting Phishing Websites By Looking at Them
TrustPort Net Gateway Web traffic protection. WWW.TRUSTPORT.COM Keep It Secure Contents Latest security threats spam and malware Advantages of entry point.

TrustPort Net Gateway Web traffic protection. Keep It Secure Contents Latest security threats spam and malware Advantages of entry point.
A Survey of Botnet Size Measurement PRESENTED: KAI-HSIANG YANG ( 楊凱翔 ) DATE: 2013/11/04 1/24.

A Survey of Botnet Size Measurement PRESENTED: KAI-HSIANG YANG ( 楊凱翔 ) DATE: 2013/11/04 1/24.
Reporter: Jing Chiu Advisor: Yuh-Jye Lee 2015/7/181Data Mining & Machine Learning Lab.

Reporter: Jing Chiu Advisor: Yuh-Jye Lee /7/181Data Mining & Machine Learning Lab.
1 CANTINA : A Content-Based Approach to Detecting Phishing Web Sites WWW 2007 2008.09.09 Yue Zhang, Jason Hong, and Lorrie Cranor.

1 CANTINA : A Content-Based Approach to Detecting Phishing Web Sites WWW Yue Zhang, Jason Hong, and Lorrie Cranor.
Hacker’s tricks for online users to reveal their sensitive information such as credit card, bank account, and social security. Phishing emails are designed.

Hacker’s tricks for online users to reveal their sensitive information such as credit card, bank account, and social security. Phishing s are designed.
PHAD- A Phishing Avoidance and Detection Tool Using Invisible Digital Watermarking By Sonali Batra Web 2.0 Security and Privacy 2014.

PHAD- A Phishing Avoidance and Detection Tool Using Invisible Digital Watermarking By Sonali Batra Web 2.0 Security and Privacy 2014.
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.

Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
1 Aug. 3 rd, 2007Conference on Email and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor Chris Fleizach, Geoffrey M. Voelker, Stefan Savage University.

1 Aug. 3 rd, 2007Conference on and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor Chris Fleizach, Geoffrey M. Voelker, Stefan Savage University.
Phishing (pronounced “fishing”) is the process of sending e-mail messages to lure Internet users into revealing personal information such as credit card.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
Internet Phishing Not the kind of Fishing you are used to.

Internet Phishing Not the kind of Fishing you are used to.
Security (Continued) V.T. Raja, Ph.D., Oregon State University.

Security (Continued) V.T. Raja, Ph.D., Oregon State University.
Threats To A Computer Network

Threats To A Computer Network
BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.

BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.
Does Domain Highlighting Help People Identify Phishing Sites? Eric Lin, Saul Greenberg Eileah Trotter, David Ma & John Aycock University of Calgary.

Does Domain Highlighting Help People Identify Phishing Sites? Eric Lin, Saul Greenberg Eileah Trotter, David Ma & John Aycock University of Calgary.
The Internet Useful Definitions and Concepts About the Internet.

The Internet Useful Definitions and Concepts About the Internet.
Understanding the Network-Level Behavior of Spammers Mike Delahunty Bryan Lutz Kimberly Peng Kevin Kazmierski John Thykattil By Anirudh Ramachandran and.

Understanding the Network-Level Behavior of Spammers Mike Delahunty Bryan Lutz Kimberly Peng Kevin Kazmierski John Thykattil By Anirudh Ramachandran and.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Phishing – Read Behind The Lines Veljko Pejović

Phishing – Read Behind The Lines Veljko Pejović

Similar presentations

Ads by Google