• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
The Phishing Ecosystem
 

The Phishing Ecosystem

on

  • 5,882 views

The Phishing Ecosystem - Andrew Klein

The Phishing Ecosystem - Andrew Klein

Statistics

Views

Total Views
5,882
Views on SlideShare
5,870
Embed Views
12

Actions

Likes
2
Downloads
0
Comments
1

4 Embeds 12

http://www.secguru.com 7
http://marcdle.moodlehub.com 3
http://www.slideshare.net 1
http://www.techgig.com 1

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel

11 of 1 previous next

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
  • free free download this latest version 100% working.
    download link- http://gg.gg/hqcf
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    The Phishing Ecosystem The Phishing Ecosystem Presentation Transcript

    • The Phishing Ecosystem Wednesday, March 22 nd 2006 – 3:00pm Andrew Klein Engineering Manager
    • Phishing is Everywhere
    • … and sometimes it hits close to home! MailFrontier Employee/Contractor , Your e-mail account was used to send a large number of unsolicited spam messages during the past 5 days. We suspect your account has been compromised. Please click here to change your account password in the next 24 hours. Failure to change your account password will result in the suspension of your login to the system. Virtually yours, The MailFrontier Support Team
    • Phishing by the numbers
      • 6.1 billion – The estimated number phishing email messages that are sent worldwide each month
      • 2.4 million – Number of online consumers that reported losing money to a phishing scam (Gartner, May 2005 Survey)
      • 15,244 – Number of unique phishing attacks in December 2005 (APWG)
      • 7,197 – Number of phishing sites operational in December 2005 (APWG)
      • 35% – The percentage of phishing sites hosted in the United States for December 2005 (APWG)
      • 5.3 – Average number of days a phishing site is live in December 2005 (APWG)
    • What’s Your Phishing IQ
    • http://www.mbna-mail.com/ets/...
    • LEGIT
    • http://chaseonline.rewardprogramsurvey.us/
    • http://chaseonline.rewardprogramsurvey.us/ Phish
    • https://www.sbc.com/mysbc
    • LEGIT
    • Let’s Go Phishing
    • Checklist - Step 1
      • Get an email list
      • Develop the attack
      • Locate sites to send phishing email from
      • Locate sites to host the phishing site
      • Launch the attack
      • Collect results
    • Get a List: Available on eBay
    • Checklist - Step 2
      • Get an email list
      • Develop the attack
      • Locate sites to send phishing email from
      • Locate sites to host the phishing site
      • Launch the attack
      • Collect results
    • The attack email
    • “Welcome to our site”
    • “Give me some credit here”
    • Checklist - Step 3
      • Get an email list
      • Develop the attack
      • Locate sites to send phishing email from
      • Locate sites to host the phishing site
      • Launch the attack
      • Collect results
    • Where we’ll send our phishing email from
      • Over 1,500 sending sites:
      • 161.58.214.148 (CodeFreeDVD)
      • 66.165.106.112
      • 66.165.106.111
      • 66.165.106.113
      • 152.146.187.172 (Y&R)
      • 195.75.241.4 (Y&R)
      • 212.250.162.8 (NTL)
      • 60.40.182.119
      • 4.29.226.58
      • 221.219.243.27
      • 221.168.185.104
      • 218.43.179.67
      • 80.182.2.12
    • Checklist - Step 4
      • Get an email list
      • Develop the attack
      • Locate sites to send phishing email from
      • Locate sites to host the phishing site
      • Launch the attack
      • Collect results
    • Who will host our phishing site?
      • Over 12 different hosters:
      • 210.114.175.226
      • 210.78.73.253
      • 211.23.187.151
      • 61.152.175.161
    • Checklist - Step 5
      • Get an email list
      • Develop the attack
      • Locate sites to send phishing email from
      • Locate sites to host the phishing site
      • Launch the attack
      • Collect results
    • Attack launched Sending Machines Phish Web Sites 66.165.106.111 152.146.187.172 161.58.214.148 195.75.241.4 212.250.162.8 Receivers 61.152.175.161 210.114.175.226 211.23.187.151 Mary Tomas Andy Tonia George John Frank Tim Herman Luann Ramona Evan Jan Scott Venkat Charlie Phil Elisa Dom Joe Lana June Chao Vadim Oliver
    • Checklist – Step 6
      • Get an email list
      • Develop the attack
      • Locate sites to send phishing email from
      • Locate sites to host the phishing site
      • Launch the attack
      • Collect results
    • The results of our attack
      • 2,000,000 emails are sent
      • 5% get to the end user – 100,000 (APWG)
      • 5% click on the phishing link – 5,000 (APWG)
      • 2% enter data into the phishing site – 100 (Gartner)
      • $1,200 from each person who enters data (FTC)
      • Our potential reward: $120,000
      In 2005 the David Levi made over $360,000 from 160 people using an eBay Phishing scam
    • Money From Mayhem
    • A little phishing gang
      • The David Levi phishing gang – UK
      • 6 members
      • Operated for 12 months
      • At least $360,000 from 160 people
      • Segmentation of jobs
        • Techie
        • Creative designer
        • Money laundering – mule driver
      Caught – received sentences from 1 to 4 years each
    • The phishing ecosystem The Phisher Email list Sending Machines Hosting Sites Email & Web site Construct Launch Collect
      • Account Info
      • Credit Info
      • Identity Info
      • Logins & Passwords
      Phished information turned into Cash $
    • The money laundering “Mule”
      • “ Make Money at Home”
        • Recruits receive funds in their accounts
        • Transfer funds from their account via Western Union wire transfers to a 2nd (phishers) account
        • Paid 10% of the sum of each money transfer
        • One or two transfers each week - $3,000 to $5,000 each
      • “ Nations Welfare Foundation”
        • Looking for a “Financial Operations Manager”
        • Transfer money for young cancer patients in USSR
        • Real looking web site complete with pictures
        • Paid 7% - can make $500 to $2,000 per week
    • The phishing ecosystem The Phisher Email list Sending Machines Hosting Sites Email & Web site Construct Launch Collect
      • Account Info
      • Credit Info
      • Identity Info
      • Logins & Passwords
      Phished information turned into Cash $ Harvested Information
    • The phishing ecosystem The Phisher Tools to the Trade Email list Sending Machines Hosting Sites Email & Web site Construct Launch Collect
      • Account Info
      • Credit Info
      • Identity Info
      • Logins & Passwords
      Phished information turned into Cash
      • DHA
      • Site Crawlers
      • Spyware
      Harvested Information $
      • Templates
      • Sitecopy & wget
      • Botnets
      • Trojans
      • Worms
      • Keyloggers
      • Hacks & Attacks
      • “ Real” Domain Names
    • Botnets
      • Botnet: A collection of compromised computers that are run under a common control structure
      • Functions
        • Email senders
          • DHA, spam, phishing, virus
        • DOS attacks
      • Rented out for $300 to $700 per hour
      • Jeanson James Ancheta made $60,000 by selling access
      • Over 10,000 botnets become active each day (Symantec)
    • The name game
      • citibank-validate.info
      • earthlink-reactivation.net
      • services-bankofamerica.com
      • sales-aol.net
      • secure-ebay.com
      • msn-reactivation.net
      • secure-usbank.info
      • service-visa.net
      • verification-e-gold.com
      • rewardprogramsurvey.us
      • customer-verification.com
      • banking-account-renewal.com
      • security-update.cc
      • citibanhk.de
        • Valid SSL certificate issued
      • credltlyonaisse.com
        • Registrar info copied
      • paypal.com
        • Cyrillic “a” in name
    • The phishing ecosystem The Phisher Tools to the Trade The Malware Community Email list Sending Machines Hosting Sites Email & Web site Construct Launch Collect
      • Account Info
      • Credit Info
      • Identity Info
      • Logins & Passwords
      Phished information turned into Cash
      • DHA
      • Site Crawlers
      • Spyware
      Harvested Information $
      • Templates
      • Sitecopy & wget
      • Botnets
      • Trojans
      • Worms
      • Keyloggers
      • Hacks & Attacks
      • “ Real” Domain Names
    • The phishing ecosystem The Phisher Tools to the Trade The Malware Community Email list Sending Machines Hosting Sites Email & Web site Construct Launch Collect
      • Account Info
      • Credit Info
      • Identity Info
      • Logins & Passwords
      Phished information turned into Cash Phishing Kit
      • DHA
      • Site Crawlers
      • Spyware
      Harvested Information $
      • Templates
      • Sitecopy & wget
      • Botnets
      • Trojans
      • Worms
      • Keyloggers
      • Hacks & Attacks
      • “ Real” Domain Names
    • The phishing ecosystem The Phisher $ Tools to the Trade The Malware Community Email list Sending Machines Hosting Sites Email & Web site Construct Launch Collect
      • Account Info
      • Credit Info
      • Identity Info
      • Logins & Passwords
      Phished information turned into Cash Phishing Kit
      • DHA
      • Site Crawlers
      • Spyware
      Harvested Information $ $
      • Templates
      • Sitecopy & wget
      • Botnets
      • Trojans
      • Worms
      • Keyloggers
      • Hacks & Attacks
      • “ Real” Domain Names
    • The phishing ecosystem $ Tools to the Trade The Phisher The Malware Community Email list Sending Machines Hosting Sites Email & Web site Construct Launch Collect
      • Account Info
      • Credit Info
      • Identity Info
      • Logins & Passwords
      Phished information turned into Cash Phishing Kit
      • DHA
      • Site Crawlers
      • Spyware
      Harvested Information $
      • Templates
      • Sitecopy & wget
      • Botnets
      • Trojans
      • Worms
      • Keyloggers
      • Hacks & Attacks
      • “ Real” Domain Names
    • Scaling a phishing gang
      • The Campina Grande - Brazil
      • 65 members
      • Operated for at least 3 months
      • 200 accounts in six banks
      • $4.7 million stolen from bank accounts
      Feb 2006 – 41 members caught, 24 more still on the run
    • The Four Parts of the Solution
    • The email process The Brand A company that sends email to it’s customers or employees and therefore is a target for phishing scams The Web Site The web site where you are directed to by the email You The person who receives email The Mailman A company that receives email and delivers it to its employees/customers
    • The brand
      • Cut-and-Paste links, minimize links
      • Use personal information where possible
        • Dear John J. Smith
        • Account ending in 1234
        • Your zip code is 94304
      • Provide non-email ways to verify
      • Use standard company domain names
      • Identify your partners
      • Set and follow standard communication practices
        • Internally and externally
    • The mailman
      • Preemptive
        • Protect your email address
        • Phishing is more than spam – think Virus
      • Technology
        • Multi-faceted solution – No silver bullet
          • Sender authentication and reputation, content, contact point divergence, URL exploits, real-time phish lists, etc.
        • World-wide community collaboration
        • Change is part of the business
      • Psychology
        • Educate your customers/employees – their PhishingIQ
        • Email is still Good! Really it is!
    • The web site
      • Company and personal sites
        • Monitor your site
        • Know your content
        • Practice good passwords
        • Keep logs, report phishing to authorities
      • Hosting services
        • Monitor new customers
        • Take phishing seriously
          • Unless they are eBay, assume they are not eBay!
      • Domain name registration services
        • Be diligent about domain registrations
        • Actively work to shut down phishing sites
    • You
      • Know your senders
        • Is this someone I do business with?
        • Is this something I was told I’d receive?
        • Look for other ways to respond
      • Be aware
        • Look for clues – improve your PhishingIQ
        • Don’t be afraid to ask
        • Protect your system
        • Know how your system is updated
        • Check your records
    • What did we do today
      • Your PhishingIQ
      • Phishing 101
      • Mayhem and money
      • What to do about phishing
      • Take away: It’s your money/identity/job that is lost!
    • Thank you Andrew Klein [email_address] www.sonicwall.com