Anti-Phishing

Ridhvesh Shethwala15MCEI27

OutlinesWhat is phishing…???HistoryTypes of attackExamplesWhat is Anti-Phishing…???How to identify and

overcome…???Organization working for it.Conclusion

What is PHISHING…???

What is Phishing…???An engineering attackAn attempt to trick individuals into

revealing personal credentials (uname, passwd, credit card info, etc)

Based on faked email and websitesA threat for the internet users

History of Phishing Phreaking + Fishing = Phishing

- Phreaking = making phone calls for free back in 70’s

– - Fishing = Use bait to lure the target

Phishing in 1995Target: AOL usersPurpose: getting account passwords for free timeThreat level: lowTechniques: Similar names

( www.ao1.com for www.aol.com) social engineering

Phishing in 2001Target: Ebayers and major banksPurpose: getting credit card numbers, accountsThreat level: mediumTechniques: Same in 1995, keylogger

Phishing in 2007Target: Paypal, banks, ebayPurpose: bank accountsThreat level: highTechniques: browser vulnerabilities, link obfuscation

Types of Phishing• Deceptive - Sending a deceptive

email, in bulk, with a “call to action” that demands the recipient click on a link.

Types of Phishing• Search Engine Phishing - Create

web pages for fake products, get the pages indexed by search engines, and wait for users to enter their confidential information as part of an order, sign-up, or balance transfer.

Types of Phishing Malware-Based - Running malicious

software on the user’s machine. Various forms of malware-based phishing are:

Key Loggers & Screen Loggers

Session Hijackers Web Trojans Data Theft

Types of Phishing• Man-in-the-Middle Phishing –

Phisher positions himself between the user and the legitimate site.

Types of Phishing Content-Injection – Inserting malicious content into

legitimate site.

Three primary types of content-injection phishing:

Hackers can compromise a server through a security vulnerability and replace or augment the legitimate content with malicious content.

Malicious content can be inserted into a site through a cross-site scripting vulnerability.

Malicious actions can be performed on a site through a SQL injection vulnerability.

Causes of Phishing Misleading e-mails No check of source address Vulnerability in browsers No strong authentication at websites of

banks and financial institutions Limited use of digital signatures Non-availability of secure desktop tools Lack of user awareness Vulnerability in applications … and more

Effects of Phishing Internet fraud Identity theft Financial loss to the original

institutions Difficulties in Law Enforcement

Investigations Erosion of Public Trust in the

Internet

Subject: eBay: Urgent Notification From Billing Department

We regret to inform you that you eBay account could be suspended if you don’t update your account information.

https://signin.ebay.com/ws/eBayISAPI.dll?SignIn&sid=verify&co_partnerid=2&sidteid=0

This entire processknown as phishing

What is Anti-Phishing…???• Anti-phishing software consists of computer

programs that attempt to identify phishing content contained in websites and e-mail. It is often integrated with web browsers and email clients as a toolbar that displays the real domain name for the website the viewer is visiting, in an attempt to prevent fraudulent websites from masquerading as other legitimate web sites. Anti-phishing functionality may also be included as a built-in capability of some web browsers.

Strategic Defense Techniques

Server- based

Anti-Phishing

Client- based

Behaviour Detection

Brand Monitoring

Security Events

E-mail Analysis

Black Lists

Information Flow

Similarity of

Layouts

Server-based Solutions• Server based techniques are implemented by service

providers (e.g. ISP, e-commerce stores, financial institutions, etc…)

• Brand Monitoring :Crawling on-line websites to identify "clones“ (looking for legitimate brands), which are considered phishing pages. Suspected websites are added to a centralized "black-list“.

• Behavior Detection : For each customer a profile is identified (after a training period) which is used to detect anomalies in the behavior of users

• Security Event Monitoring : Security event analysis using registered events provided by several sources (OS, application, network device) to identify anomalous activity or for post mortem analysis following an attack or a fraud.

• Strong Authentication : Using more than one identification factor is called strong authentication. There are three universally recognized factors for authenticating individuals: something you know (e.g. password); something you have (e.g. hard-ware security token); something you are (e.g. fingerprint)

• New Authentication Techniques : New techniques of authentication are under reasearch, such as using an image during the registration phase which is shown during every login process

Client-based Solutions• Client-based techniques are implemented on

users’ end point through browser plug-ins or e-mail clients

• E-mail Analysis : filter it and check• Black-Lists : Collect phishing Urls• Similarity of Layouts : compare look

Prevent PhishingThink before you openNever click on the links in an email , message

boards or mailing listsNever submit credentials on forms embedded in

emailsInspect the address bar and SSL certificateNever open suspicious emailsEnsure that the web browser has the latest security

patch appliedInstall latest anti-virus packagesDestroy any hard copy of sensitive informationVerify the accounts and transactions regularlyReport the scam via phone or email

Organization for Anti-Phishing• Anti-Phishing Working Group

http://www.antiphishing.org• Digital Phishnet

http://www.digitalphishnet.org/• Federal Trade Commission

http://www.consumer.gov/idtheft/• Internet Crime Complaint Center (a joint project

of the FBI and the National Collar Crime Center)http://www.ic3.gov

• Trend Micro Anti-Fraud Unitantifraud@support.trendmicro.com

Conclusions• As for every IT attack, phishing can be prevented,

detected and mitigated through server-based and client-based approaches, supported by education and awareness.

People

References• http://www.antiphishing.org/reports/

apwg_report_november_2006.pdf• http://72.14.235.104/search?q=cache:-T6-

U5dhgYAJ:www.avira.com/en/threats/what_is_phishing.html+Phishing+consequences&hl=en&gl=in&ct=clnk&cd=7

• Phishing-dhs-report.pdf• Report_on_phishing.pdf• http://www.cert-in.org.in/training/

15thjuly05/phishing.pdf• http://www.antiphishing.org/

consumer_recs.html

THANK YOU…!!!