Your SlideShare is downloading. ×
0
Phishing101
Phishing101
Phishing101
Phishing101
Phishing101
Phishing101
Phishing101
Phishing101
Phishing101
Phishing101
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Phishing101

507

Published on

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
507
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1.  
  • 2.
    • Agenda (this one!) – check!
    • WW Phishing in the next (6, maybe 12) months
    • Phishing in Romania (2007-2009)
    • Why 2 & 3 ?
    • The current BitDefender approach
    • Other important aspects
    • This paper will have no conclusions slide so please pay attention! (yes, I’m talking to the guys in the back… where the power plugs are :p )
    Agenda
  • 3. WW Phishing in the next (6 - 12) months
    • APWG on 2 nd ½ of 2008
      • Unique phishing reports submitted to APWG  recorded a yearly high of 34,758 in October 
      • Unique phishing websites detected by APWG during the second half of 2008 saw a constant increase from July  and in October reached a maximum of 27,739 
      • IT WILL RISE!!,
      • or in Malcom Gladwell’s words: “This is going to tip” – (we trust him because he looks Einsteinian!
  • 4. Phishing in Romania (2007-2009)
    • 2007 – 7 attacks
    • 2008 – 26 attacks (50% targeting the same institution)
    • 2009 – 187 attacks already (98% targeting the same institution)
    • 2009 – 1’st ½ … anyone want to make a prediction?
    • Don’t be fooled by randomness!
  • 5. Now… why would anyone start phishing?
      • With the current market turmoil, what's the easiest way to make a small fortune?
      • Start off with a large one!
    • Quote of the day (from a trader): "This is worse than a divorce. I've lost half my net worth and I still have a wife
    • This market stinks so bad…that even Chuck Norris can’t make any money.
  • 6. Well… I bet not anybody can phish!
  • 7. Really… is must be more than this!!!
    • Open the yellow pages and pick someone
    • Search his name using a social media search-engine
    • If any SN profile found
      • Download images, posts, comments, friend
      • Create a phishing attack customized for this exact person.
      • Continue with his friends
    • 4. Complicated? Too much work? Dial 1-800 BOTNET for an army of computers to do this for you
    • PS: (success comes when the victim has profiles on more than one social network)
  • 8. Current BitDefender Approach
    • Technologies:
      • RBL
      • Website Forgery Detector
      • Signature Filter
      • Minutiae Analysis
      • Image Filter
      • AntiPharming Module
    • We protect: Spain, Germany, France, Italy, Romania and US (banks, SN accounts and webmail)…. For now….
  • 9. The Matrix
    • We want to believe that this is proactive!
      ebay paypal citybank whatever account 2 1 1 2 card 0 1 1 0 user 1 1 1 1 password 2 2 2 2 phishing 1 1 1 1 ebay 1 0 0 0 and so on 2 1 2 1
  • 10. Ignorance is bliss
    • Showing the actual domain on which the page is hosted
    • Showing the real page that is being forged
    • Displaying information about the registrar, the geographic location where the page is hosted and so on.
    • Requiring user confirmation before continuing loading the page
    • Certificates challenge.
    • We suggest all that AND, if possible, actually redirecting the user to the desired institution

×