2. What is Phishing?
Phishing is defined as an attempt to get personal data through
masquerading as a trusted source through an electronic media
Many common sources are:
Government agencies
Large Corporations
Help/Service desks
3. A Phishing tale
The “PH” in Phishing is a reference to the term phreak, and early term for
hackers
These types of scams began surfacing around 1995 with the expansion of
the internet
The term “Phishing” was first recorded on Jan 2 1996 in a Usenet
newsgroup on AOL
AOL, as America’s largest internet provider of the 90’s was the testing and
breeding ground of Phishing techniques
The “warez” community are the people who traffic in this type of data
Phishing Spoof-sites began appearing in 2003-2004 time frame with the
rise of eCommerce
4. 12 Common Methods
Email/Spam
Bulk emails asking users to send data with promises of rewards
Key Loggers
An application that captures every key stroke and sends it off
Web Delivery
Sniffing valid web traffic for user data
Session Hacking
Accessing a web session on the user side.
Instant Message
A link sent from a compromised account to contacts
System reconfiguration
An attempt to get a user to compromise a system by reducing it’s
protections.
Trojan Applications
Automated processes sending data from compromised machines
Content Injection
This is adding content to a valid website that then takes you away
from that site for nefarious purposes
Link Manipulation
A difference between link text, and the actual link
Search Phishing
Injecting malicious websites into common search results
Phone Phishing
A call directing a user to a phishing site
Malware Phishing
Usually comes in the form of an attachment in email and is a delivery
mechanism for malicious code
5. There are a lot of phish in the sea
How they make their money…
Emails sent 1,000,000
Percent filtered by SPAM filters 95% (5% success on total – 50,000)
Percentage who open the mail 10% (.5% success on total – 5,000)
Percentage who read the mail and click
though
10% (.05% success on total - 500)
Percentage who fill out the form and fall
for the attack
10% (.005% success on total - 50)
Revenue generated per Phish $1,800
Phishing revenue generated 50 * $1800 = $90,000
Phishing creates $1.5 Billion a year (in 2012) in global losses, and there are
nearly ½ million unique attacks a year
6. Phishing at CWU
It’s happening all the time!
Email is the most common delivery method here at CWU. On a daily basis
we average 1.5 as much SPAM as “good” email.
Email forms (80% of Phishing attempts at CWU)
Mostly “classic” money schemes
Used to generate cash, and while it has an extremely low success rate, it is enough to
keep them coming.
Link Manipulation (20% of Phishing attempts at CWU)
Usually username and account phishing
Used to generate “the next wave” of accounts to send from
This model is used to avoid account spam filtering from known SPAM accounts
Malware and Trojans (<1%)
Averages a dozen (12) mails a day
7. Things to watch for:
The “To:” field
The “To:” field in many phishing emails is left blank. This is because a phisher uses a compromised account to send an email, and instead of
obviously sending an email to 50 users from different organizations, they use the BCC to prevent you notifying all the other potential victims,
and tipping their hand that this is not to a homogenous group of recipients.
The “From:” field
In an IT Scam, it will come from someone NOT in your IT org, and likely not at the university at all!
In a money Phishing scheme, these will often not match at all
FBI (Director) James Comey Jr. <simonlin@chinaconstruction.com.sg>
Links
Look for links that use “Click Here” or other generic terms to hide the link path.
Links that lead to a site other than the organization they are pretending to be. Often generis sub-sites, or foreign sites ending in a 2 letter
country suffix like “.ru”, “.hu”, or “.ch”
Spelling and Grammar
Most Phishing attempts are initiated in countries where English is not a primary language. As such, emails are fraught with grammatical and
spelling errors. See the examples below.
Generic IT terms
Phishing attempts use terms like “Web-Mail” or “Help Desk” so they don’t need to specialize to individual organizations. While some more
sophisticated attacks will include certain levels of detail, they are always clear upon scrutiny.