OUTLINE What is Phishing ? Phishing Techniques Message Delivery Effects of Phishing Anti-Phishing Techniques Conclusion
WHAT IS PHISHING ? It is a form of identifying theft that uses both social engineering and technical subterfuge to steal consumer’s personal identity data as well as financial account credentials Phishers attempt to fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication.
PHISHING History Social Engineering Factors Psychological Factors
HISTORY First mentioned in AOL Usenet newsgroup on January 2, 1996. Variant of the word “fish”. AOHell – custom written program Line added on all instant messages.
SOCIAL ENGINEERING FACTORS Methods include mix of technical deceit and social engineering practices. Phishers persuade victims to perform series of actions. Popular communication channels: email, web pages, instant messaging services. Impersonate as a trusted source.
PSYCHOLOGICAL FACTORS Trust Of Authority e.g. BOA questions the validity of account Email and web pages can look real http://bankofamerica.com/loginhttp://bankofamerica.com/login may really be http://bankofcrime.com/got_your_login
Official looking and sounding emails Copies of legitimate corporate emails with minor URL changes HTML based email used to obfuscate target URL information Standard virus/worm attachments to emails A plethora of anti spam-detection inclusions
Contd. Crafting of “personalised” or unique email messages Fake postings to popular message boards and mailing lists Use of fake “Mail From:” addresses and open mail relays for disguising the source of the email
INSTANT MESSAGING More popular with home users with more functionality included within the s/w Bots (automated programs that listen and participate in group discussions)
TROJANED HOSTS Trick home users to install software. Selective Information recorded. Java applet – “javautil.zip” – Key Logger
EFFECTS Financial Loss – Losses ranging from hundreds to tens of thousands of dollars Loss of Trust – Users Refrain from using Internet for business Law Enforcement Difficulties – Cross border attacks