2 phishing
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

2 phishing

on

  • 461 views

 

Statistics

Views

Total Views
461
Views on SlideShare
461
Embed Views
0

Actions

Likes
0
Downloads
10
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft Word

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

2 phishing Document Transcript

  • 1. “PHISHING”-A THREAT TO NETWORK SECURITYABSTRACT brand spoofing or carding and is a variation on"fishing," the idea being that bait is“Give a man a fish," goes an old adage," thrown out with the hopes that while mostand you feed him for a day. Teach a man will ignorethe bait, some will be empted intotofish, and you feed him for life." In Internet biting. It is a type of fraud unique to theparlance, “Teach a man to phish, and he Internet.Hackers challenge networksecuritycanfeast on caviar for the rest of his life."It through ‗phishing‘. Phishers use bothis becoming increasingly common to tune in linguistic andtechnical ploys to stealto the news or load your favorite newsWeb sensitive data. The term ―phishing" wassite and read about yet another Internet e- coined in 1996 and refersto email thatmail scam. An e-mail scam is a fraudulent directs users to counterfeit websites. Theemailthat appears to be from a legitimate goal is to collect personal andInternet address with a justifiable request — finalinformation, which can then be used tousually to verify your personal information make unauthorized purchases, stealor account details. One example would be identities, orsell sensitive information toifyou received ane-mail that appears tobe identify theft things. In a typical phishing e-fromyour bankrequesting you click a mail, the usersare directed to a proxy sitehyperlinkintheE-mail and verify your online that looks just like the original one butbanking information. Usually there will be however the proxy sitemight ask forarepercussion stated in the e-mail for not additional detailed data ( like bank accountfollowing the link, such as "your account numbers, social securitynumber, motherswill beclosed or suspended". The goal of the maiden name, credit/debit card numbers, orsender is for you to disclose personal and the highly confidentialCVV2 in the case of aaccountrelated information. proxy bank email). It is not unusual,This paper presents one of the 21st century‘s however, for the link to bedead, as phishingidentity theft web crimes known requires a very tight timeline due to moreasphishing‘. Phishing is also referred to as effective detection tools.
  • 2. Phishing is an example of social engineering value all in itself to thecriminals. Hiddentechniques used to fool users. Attempts away amongst the mounds of electronic junktodeal with the growing number of reported mail, and bypassing manyof todays bestphishing incidents include legislation, anti-Spam filters, a new attack vector lies inusertraining, public awareness, and technical wait to steal confidentialpersonalmeasures. Information. Such mails lure victims intoOur paper briefly gives the history of traps specifically designed to stealphishing and explains the various methods theirelectronic identity.of message delivery which includes delivery 1.2 HISTORY OF PHISHING: The word ―phishing‖ originally comes fromwith email, instant message delivery, the analogy that early Internet criminalsandweb based delivery, and trojoned host. In usedemail lures to ―phish‖ (FISH) foraddition to these, it describes the passwords and financial data from sea ofvariousphishing attack vectors. Phishing Internet users.The term Phishing covers notattacks include man in middle attacks, only obtaining user account details, but nowconfusing URLattacks, hidden attacks, and includes accessto allpersonal and financialconfusing host names. Our paper also gives data.informationabout various defencemechanisms. Defence mechanisms is 2. PHISHING MESSAGE DELIVERY:deployed in three layersclient, server, Phishing attacks rely upon a mix ofenterprise which help to implemented to technical deceit and social engineeringguard oneself from the cripplingeffects of practices.In the majority of cases the Phisherphishing. must persuade the victim to intentionally1. INTRODUCTION: perform aSeries of confidential information. Communication channels such as email,1.1 WHAT IS PHISHING? web-pages, IRCand instant messagingThe process of tricking or socially services are popular.engineering organizations customers into 2.1 E MAIL:impartingtheir confidential information is Phishing attacks initiated by email are thecalled ‗phishing‘. Organizational size most common. As almost all the net usersdoesn‘t matter; theequality of the personal useEmails Phisher find it easy to do identityinformation reaped from the attack has a
  • 3. theft. Techniques used within Phishing 2.3 IRC AND INSTANT MESSAGING:emails: IRC and Instant Messaging (IM) forums are• Official looking and sounding emails likely to become a popular phishingground.• Copies of legitimate corporate emails with As these communication channels becomeMinor URL changes. more popular with home users,• HTML based email used to obfuscate andmorefunctionality is included within thetarget URL information• Standard software, specialist phishing attacks willvirus/worm attachments to email increase.As many IRC and IM clients allow for embedded dynamic content (e.g.2.2 WEB BASD DELIVERY: graphics, URL‘s,multimedia includes, etc.) to be sent by channel participants, it is aAn increasingly popular method of trivial task to employmany of the phishingconducting phishing attacks is through techniques used in standard web-basedmaliciousweb-site content. This content may attacks. The common usage ofBotsbe included within a web-site operated by (automated programs that listen andthe Phisher,or a third-party site hosting some participate in group discussions) in many ofembedded content. thepopular channels, means that it is veryWeb-based delivery techniques include: easy for a Phisher to anonymously send• The inclusion of HTML disguised links semi relevantlinks and fake information to(such as the one presented in the above the victims.emailExample). Within popular web-sites, 2.4 TROJONED HOSTS:message boards. While the delivery medium for the phishing• The use of third-party supplied, or fake, attack may be varied, the deliverysource isbanner advertising graphics to lure increasingly becoming home PC‘s that havecustomers to the Phisher‘s web-site. been previously compromised. Aspart of this• The use of web-bugs (hidden items within compromise, a Trojan horse program hasthe page – such as a zero-sized graphic) been installed which allowsPhisher‘s to usetotrack a potential customer in preparation the PC as a message propagator. In fact, tofor a phishing attack. harvest the confidentialinformation of• The use of pop-up or frameless windows to several thousand customers simultaneously,disguise the true source of the Phisher‘s Phisher‘s use informationspecific Trojans.message.
  • 4. 3. PHISHING ATTACK • Friendly login URL‘s-Many common webVECTORS:For a Phishing attack to be browser implementations allow for complex URL‘s that can include Authenticationsuccessful, it must use a number of methods information such as a Login nameto trick theCustomer into doing something andpassword which trick many customerswith their server and/or supplied page into thinking that they are actually visitingcontent .The most common methods are: thetarget organization.3.1 MAN IN MIDDLE ATTACKS: 3.3 CONFUSING HOST NAMES:In this class of attacks, the attackers situate Most Internet users are familiar withthemselves between the customer andthe navigating to sites and services using afullyreal web-based application, and proxies all qualified domain name, such ascommunications between the systems. www.site.com. For a web browser to communicateover the Internet, this address must to be resolved to an IP address, such as 209.134.161.35for www.site.com. This resolution of IP address to host name is achieved through domainname servers. 3.4 HIDDEN ATTACKS: An attacker may make use of HTML,3.2 CONFUSING URL ATTACKS: DHTML and other scriptable codethat can be interpreted by the customer‘s webThe secret for many phishing attacks is to browser and used to manipulate theget the message recipient to followa displayof the rendered information. In manyhyperlink (URL) to the attacker‘s server, instances the attacker will use thesewithout them realizing that they have techniques todisguise fake content asbeenduped. The most common methods of coming from the real site – whether this is aURL obfuscation include: man-in-the-middleattack, or a fake copy of• Bad domain names-which look similar to the site hosted on the attackers own systems.original domain names but actually linkto The most common vectors include:phisher’s server. • Hidden Frames • Overriding Page Content• Graphical Substitution
  • 5. 4. DEFENCE MECHANISM:The Many of the attacks are successful due toPhisher has a large number of methods at HTML-based email Functionality astheir disposal consequently there is no Explained above.singlesolution capable of combating all · HTML functionality must be disabled in allthese different attack vectors. However, it is email client applications capablepossible toprevent current and future ofaccepting or sending Internet emails.Phishing attacks by utilizing a mix of Instead plain-text email representationinformation securitytechnologies and should beused, and ideally the chosentechniques.For best protection, these font should be fixed-with such as Courier.security technologies and techniques must · Email applications capable of blockingbe deployed at three Logical layers: ―dangerous‖ attachments and preventingThe Client-side – this includes the user‘s users from quickly executing or viewingPC.The Server-side – this includes the attached content should be usedbusinesses, Internet visible systems and wheneverpossible.customapplications.Enterprise Level – 4.1.3 Browser Capabilities:distributed technologies and third-party The common web browser may be used as amanagement services defense against phishing attacks – if it4.1 CLIENT SIDE: isconfigured securely. Customers andClient side is a representation of forefront of businesses must make a move to use a webanti-phishing security. At this side browserthat is appropriate for the task atprotection against phishing can be done by: hand. Tohelp prevent many Phishing attack· Desktop protection technologies vectors, web browser users should:· Email sophistication • Disable all window pop-up functionality.· Browser capabilities • Disable Java runtime support.· Customer vigilance • Disable ActiveX support.4.1.1 Desktop protection technologies: • Disable all multimedia and auto-play/auto-By using anti-viruses, anti-spy wares, execute extensions.personal firewall etc, which have the • Prevent the storage of non-secure cookies.abilityto detect and block the installation of •Ensure that any downloads cannot bemalicious software like Trojans, spy wares. automatically run from the browser, and4.1.2 Email Sophistication:
  • 6. mustInstead be downloaded into a directory arereceived to determine whether there arefor anti- Virus inspection. any unauthorized charges. If the statement4.1.4 Customer Vigilance: islate by more than a couple of days, a callCustomers may take a number of steps to to Credit Card Company or bank mustavoid becoming a victim of a phishingattack bemade to confirm billing address andthat involve inspecting content that is account balances.presented to them carefully. 4.2 SERVER SIDE:Some measures that should be taken by the By implementing intelligent anti-phishingcustomer are: techniques into the organizations· If a customer gets an email that warns webapplication security, developing internalhe/she, with little or no notice that processes to combat phishing vectorstheiraccount will be shut down unless they andeducating customers – it is possible toreconfirm billing information, they should take an active role in protecting customersnotreply or click on the link in the email. fromfuture attack. At the server-side,Instead, they should contact the company protection against Phishing can be done by:citedin the email using a telephone number 1. Improving customer awarenessor Web site address that is known to 2. Host and Linking conventionsbegenuine. 3. Enterprise Level· Customer should never respond to HTML 5. CONCLUSION:email with embedded submission forms.Any Phishing, which started off being part ofinformation submitted via the email (even if popular hacking culture, has nowit is legitimate) will be sent in cleartext that increasednumerously with the growth of usecould be observed. of Internet.The points raised within this· Users should avoid emailing personal and paper, and the solutions proposed, representfinancial information. Before key steps insecuring online services fromsubmittingfinancial information through a fraudulent phishing attacks – and also go aWeb site, the "lock" icon on the browsers long way inprotecting against many otherstatus barshould be observed .It signals that popular hacking or criminal attack vectors.information is secure during transmission. 6. REFERENCES:· Credit card and bank account statementsare to be reviewed as soon as they
  • 7. · ―Proposed Solutions to Address the Threatof Email Spoofing Scams‖, the Anti-Phishing Working Group· ―Anti-Phishing: Best PracticesforInstitutions and Consumers‖, McAfee.―Phishing Victims Likely WillSufferIdentity Theft Fraud‖, GartnerResearchNote, A. Litan.