anti phishing
TRANSCRIPT
Anti-Phishing
Ridhvesh Shethwala15MCEI27
OutlinesWhat is phishing…???HistoryTypes of attackExamplesWhat is Anti-Phishing…???How to identify and
overcome…???Organization working for it.Conclusion
What is PHISHING…???
What is Phishing…???An engineering attackAn attempt to trick individuals into
revealing personal credentials (uname, passwd, credit card info, etc)
Based on faked email and websitesA threat for the internet users
History of Phishing Phreaking + Fishing = Phishing
- Phreaking = making phone calls for free back in 70’s
– - Fishing = Use bait to lure the target
Phishing in 1995Target: AOL usersPurpose: getting account passwords for free timeThreat level: lowTechniques: Similar names
( www.ao1.com for www.aol.com) social engineering
Phishing in 2001Target: Ebayers and major banksPurpose: getting credit card numbers, accountsThreat level: mediumTechniques: Same in 1995, keylogger
Phishing in 2007Target: Paypal, banks, ebayPurpose: bank accountsThreat level: highTechniques: browser vulnerabilities, link obfuscation
Types of Phishing• Deceptive - Sending a deceptive
email, in bulk, with a “call to action” that demands the recipient click on a link.
Types of Phishing• Search Engine Phishing - Create
web pages for fake products, get the pages indexed by search engines, and wait for users to enter their confidential information as part of an order, sign-up, or balance transfer.
Types of Phishing Malware-Based - Running malicious
software on the user’s machine. Various forms of malware-based phishing are:
Key Loggers & Screen Loggers
Session Hijackers Web Trojans Data Theft
Types of Phishing• Man-in-the-Middle Phishing –
Phisher positions himself between the user and the legitimate site.
Types of Phishing Content-Injection – Inserting malicious content into
legitimate site.
Three primary types of content-injection phishing:
Hackers can compromise a server through a security vulnerability and replace or augment the legitimate content with malicious content.
Malicious content can be inserted into a site through a cross-site scripting vulnerability.
Malicious actions can be performed on a site through a SQL injection vulnerability.
Causes of Phishing Misleading e-mails No check of source address Vulnerability in browsers No strong authentication at websites of
banks and financial institutions Limited use of digital signatures Non-availability of secure desktop tools Lack of user awareness Vulnerability in applications … and more
Effects of Phishing Internet fraud Identity theft Financial loss to the original
institutions Difficulties in Law Enforcement
Investigations Erosion of Public Trust in the
Internet
Subject: eBay: Urgent Notification From Billing Department
We regret to inform you that you eBay account could be suspended if you don’t update your account information.
https://signin.ebay.com/ws/eBayISAPI.dll?SignIn&sid=verify&co_partnerid=2&sidteid=0
This entire processknown as phishing
What is Anti-Phishing…???• Anti-phishing software consists of computer
programs that attempt to identify phishing content contained in websites and e-mail. It is often integrated with web browsers and email clients as a toolbar that displays the real domain name for the website the viewer is visiting, in an attempt to prevent fraudulent websites from masquerading as other legitimate web sites. Anti-phishing functionality may also be included as a built-in capability of some web browsers.
Strategic Defense Techniques
Server- based
Anti-Phishing
Client- based
Behaviour Detection
Brand Monitoring
Security Events
E-mail Analysis
Black Lists
Information Flow
Similarity of
Layouts
Server-based Solutions• Server based techniques are implemented by service
providers (e.g. ISP, e-commerce stores, financial institutions, etc…)
• Brand Monitoring :Crawling on-line websites to identify "clones“ (looking for legitimate brands), which are considered phishing pages. Suspected websites are added to a centralized "black-list“.
• Behavior Detection : For each customer a profile is identified (after a training period) which is used to detect anomalies in the behavior of users
• Security Event Monitoring : Security event analysis using registered events provided by several sources (OS, application, network device) to identify anomalous activity or for post mortem analysis following an attack or a fraud.
• Strong Authentication : Using more than one identification factor is called strong authentication. There are three universally recognized factors for authenticating individuals: something you know (e.g. password); something you have (e.g. hard-ware security token); something you are (e.g. fingerprint)
• New Authentication Techniques : New techniques of authentication are under reasearch, such as using an image during the registration phase which is shown during every login process
Client-based Solutions• Client-based techniques are implemented on
users’ end point through browser plug-ins or e-mail clients
• E-mail Analysis : filter it and check• Black-Lists : Collect phishing Urls• Similarity of Layouts : compare look
Prevent PhishingThink before you openNever click on the links in an email , message
boards or mailing listsNever submit credentials on forms embedded in
emailsInspect the address bar and SSL certificateNever open suspicious emailsEnsure that the web browser has the latest security
patch appliedInstall latest anti-virus packagesDestroy any hard copy of sensitive informationVerify the accounts and transactions regularlyReport the scam via phone or email
Organization for Anti-Phishing• Anti-Phishing Working Group
http://www.antiphishing.org• Digital Phishnet
http://www.digitalphishnet.org/• Federal Trade Commission
http://www.consumer.gov/idtheft/• Internet Crime Complaint Center (a joint project
of the FBI and the National Collar Crime Center)http://www.ic3.gov
• Trend Micro Anti-Fraud [email protected]
Conclusions• As for every IT attack, phishing can be prevented,
detected and mitigated through server-based and client-based approaches, supported by education and awareness.
People
References• http://www.antiphishing.org/reports/
apwg_report_november_2006.pdf• http://72.14.235.104/search?q=cache:-T6-
U5dhgYAJ:www.avira.com/en/threats/what_is_phishing.html+Phishing+consequences&hl=en&gl=in&ct=clnk&cd=7
• Phishing-dhs-report.pdf• Report_on_phishing.pdf• http://www.cert-in.org.in/training/
15thjuly05/phishing.pdf• http://www.antiphishing.org/
consumer_recs.html
THANK YOU…!!!