SlideShare a Scribd company logo

Phish Phry- Analysis paper

J
Joydeep Banerjee

The analysis paper was created as a course work of Master of Science at the University of Illinois at Springfield. The paper gives an overview of a cybercrime investigation carried out by FBI famously known by its sobriquet PHISH PHRY that dealt with one of the most notorious phishing scams of recent times.

Internet
1 of 9
Download to read offline
Vulnerability Analysis Paper 1 PHISH PHRY Joydeep Banerjee, M.S. University of Illinois at Springfield Author Note Contact: Email-jbane2@uis.edu
Vulnerability Analysis Paper 2 Table of Contents Preface................................................................................................................................ 3 Phishing.............................................................................................................................. 4 Introduction to Phishing............................................................................................. 4 Phishing Techniques .................................................................................................... 4 Case in Point: - Phish Phry ......................................................................................... 6 Modus Operandi .......................................................................................................... 6 Egypt Chapter.......................................................................................................... 6 United States Chapter............................................................................................. 6 Mitigation Techniques ................................................................................................. 6 Current Status of the Attack.................................................................................... 7 Word of Caution from Ground Zero...................................................................... 7 References.......................................................................................................................... 8 Acknowledgement............................................................................................................. 9
Vulnerability Analysis Paper 3 Preface This analysis paper essentially covers the fundamentals of Phishing and the techniques employed for its accomplishment in real time scenarios. Phishing is one of the very common ways applied by the cyber criminals and hackers to bait the users into sharing confidential data and information. The data or information, so gathered, is used to perform nefarious activities often leading to huge financial loses, bankruptcy and identity theft. The paper also discusses on one of most notorious phishing scams of the decade Phish Phry which amounted to a loss of 1 million dollars and compromising confidential data of thousands of customers of two very reputed banks of the USA. The scam finally got busted in the year 2011 convicting 47 people in the federal court. Like many security experts of the world today, Dave Jevans, an industry expert, exclaimed, “As far as a dent in the number of phishers out there and the phishing gangs, it's probably not significant.”
Vulnerability Analysis Paper 4 Phishing Introduction to Phishing Phishing is a kind of social engineering technique often used to steal personal and private information of users. The attacker masquerades as a popular or trusted or reputed entity or a person and tries to deceive the user by maintaining a very convincing approach. The hacker dupes a user into clicking on a link or press a button or open a certain webpage that leads to installation of malware or revelation of confidential data and information. Phishing Techniques Phishing can be accomplished using mediums like social websites, banks, email, messenger applications and auction websites. Mentioned below are a few techniques of performing a phishing attack: Email Email Phishing is one of the most common phishing techniques where the scammers broadcast the same email to millions of users. The users are usually asked to provide personal information and often their financial information as well. The scammers often create a sense of urgency or emergency in the minds of the users to persuade them to fill in the information. The gathered information is generally sold or used for nefarious activities. Link Manipulation Link Manipulation Phishing is a technique where a scammer sends or broadcasts a hyperlink to user(s) using instant messaging and manipulates them to click on that link. As the user opens the link, it directs him to a fake website which has a look and feel of an authentic website. The user might put in his credentials which in turn reaches the hands of the phishers. Web Based Delivery Web Based Delivery Phishing is a technique where a phisher plays as the man-in-the- middle between a website and the system. The phisher collects information passed on by the user keeping the user completely in the dark. Trojan horse Trojans are malwares that are installed in the users’ machines without their knowledge or consent to gather information from their machines.
Vulnerability Analysis Paper 5 Key Loggers Key Loggers are also malware programs that records the keyboard inputs and sends the information to the phisher. The information then can be used to break passcodes or other confidential information. Session Hacking Session Hacking is a way where the hacker uses a sniffer to access information illegally from a webserver. Phone Phishing Phone phishing is a kind of phishing where the hacker calls the user over phone and asks for confidential information impersonating themselves as someone from a recognized organization like banks, credit card companies etc. Content Injection Content Injection is a type of phishing where the phisher doctors a page in an authentic website to deceive the users and lead them to fake pages where they are asked to enter confidential information. System Reconfiguration Hackers often message a user to change the settings of the computer. The message generally is sent from a web address that looks like an authentic site. Search Engine Phishing Search Engine is a technique where users are taken or lured to websites where products are sold at cheaper prices. These sites are used to gather credit card or net banking details of the users. Phishers have been attacking bank customers and online payment service users to usurp their financial information. Earlier the attacks used to be indiscriminate with a hope that few might fall for the trap. With the advent of sophisticated techniques like data mining and data analytics and illegal practices like insider trading and selling of data, attackers are now able to perform targeted phishing. The phishing mails are sent to classified, highly potential victims and the hit rate has increased considerably in the recent times. This has culminated to large scale identity thefts and huge financial losses like in one of the most notorious phishing cases of all times - Phish Phry.
Vulnerability Analysis Paper 6 Case in Point: - Phish Phry Phish Phry is one of the largest phishing cases till date that has entailed almost 100 people charged in the US and Egypt. The criminals primarily targeted U.S. banks, namely Wells Fargo and Bank of America, and as many as thousands of customers by stealing and misusing their financial data and confidential information to transfer almost $1.5 million to their own fake accounts. The fraudsters are indicted for computer fraud, identity theft, conspiracy to commit bank fraud and money laundering. Modus Operandi Attackers or Phishers used to contact the customers by sending them fake emails that seemed like official ones from banks or credit card companies. The emails then used to take the victims to fake websites with a real look and feel. The users then would enter account details, passcodes and confidential identification information. Egypt Chapter In Egypt the financial information collected from the fake website were used to hack into the bank accounts. Then, the hackers and their handlers used to inform their counterparts in U.S. through text messages or phone calls or online messengers. The U.S. handlers would then facilitate the transferring of the money from the victims’ accounts to the freshly created fake accounts. United States Chapter The U.S. chapter of the scam was looked after by: 1. Nichole Michelle Merzi, 25, of Oceanside, CA; 2. Kenneth Joseph Lucas, 26, of Los Angeles, CA; and 3. Jonathan Preston Clark, 26, of Los Angeles, CA. These 3 scamsters ordered recruitments to open bank accounts to transfer the stolen money. Then an agreed portion of the money used to be withdrawn and wired to the Egyptian handlers. Mitigation Techniques Phishing attack Phish Phry could have been detected and neutralized had the affected users performed the following preventive actions :  Using caution when checking emails or clicking any link in the email without verifying the authenticity of the source. Never falling prey to the scare tactics or sense of urgency created by attackers to get confidential or private information
Vulnerability Analysis Paper 7  Setting Spam filters to high will keep the inbox free from spam mailers  Using right anti-virus program will help in detecting and neutralizing the unwanted programs or viruses or malwares  Checking website URLs carefully to avoid visiting look-alike spoofed versions of websites with almost similar URLs  Avoiding to chat with any stranger over internet and giving out any private information or changing any privacy settings on being asked or advised  Raising awareness and educating peers to maintain precaution as stated above. Current Status of the Attack The attack has been contained and the customers are compensated by both the banks for the loses. Both Wells Fargo and Bank of America have increased their awareness campaigns and customer education in a bid to combat phishing practices. Wells Fargo has an emergency dial and mail address to report suspicious mails or messages. Bank of America, too, has an emergency mail address to flag phishing attempts. Efforts are on in full swing to educate the customers but at the end of the day it’s the customers whose caution can save themselves from being victimized. Word of Caution from Ground Zero “Cybercrime might not seem real until it hits you,” Mueller said. “But every personal, academic, corporate, and government network plays a role in national security.” The Bureau wants the law enforcement and intelligence agencies to work hand-in-hand to fight against cybercrimes like phishing. Even though the government is working hard to keep high standards and building partnerships, Mueller added, “we are still outnumbered by cyber criminals.” His piece of advice for the users using smart devices to use firewalls, antiviruses and maintain a strong password policy or practice. “We all have a responsibility to protect the infrastructure that protects the world,” Mueller said.
Vulnerability Analysis Paper 8 References 1. http://searchsecurity.techtarget.com/definition/Operation-Phish-Phry 2. http://www.computerworld.com/article/2528769/cybercrime-hacking/operation- phish-phry-hooks-100-in-u-s--and-egypt.html 3. https://archives.fbi.gov/archives/news/stories/2009/october/phishphry_100709 4. http://www.phishing.org/phishing-techniques/ 5. http://www.forbes.com/sites/billsinger/2012/05/15/feds-catch-their-illegal-limit- in-operation-phish-phry/#140d6e02411a 6. https://en.wikipedia.org/wiki/Phishing 7. https://www.wellsfargo.com/privacy-security/fraud/report/phish/ 8. https://www.bankofamerica.com/privacy/report-suspicious-email.go
Vulnerability Analysis Paper 9 Acknowledgement Before I conclude I would like to take this opportunity to express my sincere gratitude to the Department of Computer Science, University of Illinois at Springfield, for providing me the scope to engage myself into research based learning. I owe my deep regards to Professor Mark Huson for being the guide and the torchbearer during the course of writing this paper. I thank my family and my God for being a constant source of inspiration for me. I hope I have been able to deliver to the best of my abilities to prepare this paper in its present shape. Thank you so much. Cheers!

Recommended

A Review on Antiphishing Framework
A Review on Antiphishing FrameworkA Review on Antiphishing Framework
A Review on Antiphishing Framework
IJAEMSJORNAL
 
Phishing
PhishingPhishing
Phishing
Jayaseelan Vejayon
 
PHISHING PROJECT REPORT
PHISHING PROJECT REPORTPHISHING PROJECT REPORT
PHISHING PROJECT REPORT
vineetkathan
 
Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark World
Avishek Datta
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
harpinderkaur123
 
Phishing attack till now
Phishing attack till nowPhishing attack till now
Phishing attack till now
elakkiya poongunran
 
PhishingandPharming
PhishingandPharmingPhishingandPharming
PhishingandPharming
Dawn Hicks
 
Introduction to phishing
Introduction to phishingIntroduction to phishing
Introduction to phishing
Raviteja Chowdary Adusumalli
 

Recommended

A Review on Antiphishing Framework
A Review on Antiphishing FrameworkA Review on Antiphishing Framework
A Review on Antiphishing Framework
IJAEMSJORNAL
 
Phishing
PhishingPhishing
Phishing
Jayaseelan Vejayon
 
PHISHING PROJECT REPORT
PHISHING PROJECT REPORTPHISHING PROJECT REPORT
PHISHING PROJECT REPORT
vineetkathan
 
Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark World
Avishek Datta
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
harpinderkaur123
 
Phishing attack till now
Phishing attack till nowPhishing attack till now
Phishing attack till now
elakkiya poongunran
 
PhishingandPharming
PhishingandPharmingPhishingandPharming
PhishingandPharming
Dawn Hicks
 
Introduction to phishing
Introduction to phishingIntroduction to phishing
Introduction to phishing
Raviteja Chowdary Adusumalli
 
The Phishing Ecosystem
The Phishing EcosystemThe Phishing Ecosystem
The Phishing Ecosystem
amiable_indian
 
phishing and pharming - evil twins
phishing and pharming - evil twinsphishing and pharming - evil twins
phishing and pharming - evil twins
Nilantha Piyasiri
 
Phishing
PhishingPhishing
Phishing
Ajit Yadav
 
Seminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII SemSeminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII Sem
Narendra Singh
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
Preeti Papneja
 
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Er. Rahul Jain
 
Spear Phishing
Spear PhishingSpear Phishing
Spear Phishing
- Mark - Fullbright
 
Phishing exposed
Phishing exposedPhishing exposed
Phishing exposed
tamfin
 
Spear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishnaSpear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishna
Raghunath G
 
Ict Phishing (Present)
Ict Phishing (Present)Ict Phishing (Present)
Ict Phishing (Present)
aleeya91
 
Phishing 101 General Course
Phishing 101 General CoursePhishing 101 General Course
Phishing 101 General Course
Aaron Keating
 
Phishing, Pharming, Clickjacking
Phishing, Pharming, ClickjackingPhishing, Pharming, Clickjacking
Phishing, Pharming, Clickjacking
Ashley_Coy
 
What is a phishing attack
What is a phishing attackWhat is a phishing attack
What is a phishing attack
AariyaRathi
 
Identity Theft ppt
Identity Theft pptIdentity Theft ppt
Identity Theft ppt
Angela Lawson
 
a-decade-of-phishing-wp-11-2016
a-decade-of-phishing-wp-11-2016a-decade-of-phishing-wp-11-2016
a-decade-of-phishing-wp-11-2016
Eli Marcus
 
Internet Fraud
Internet FraudInternet Fraud
Internet Fraud
Elijah Ezendu
 
How to Prevent ID Theft
How to Prevent ID TheftHow to Prevent ID Theft
How to Prevent ID Theft
hewie
 
How to Protect Yourself From Identity Theft
How to Protect Yourself From Identity TheftHow to Protect Yourself From Identity Theft
How to Protect Yourself From Identity Theft
Experian_US
 
Identity Fraud and How to Protect Yourself
Identity Fraud and How to Protect YourselfIdentity Fraud and How to Protect Yourself
Identity Fraud and How to Protect Yourself
Barry Caplin
 
Id Theft Seminar 6
Id Theft Seminar 6Id Theft Seminar 6
Id Theft Seminar 6
krupp
 
Phishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdfPhishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdf
Evs, Lahore
 
Phishing Attack Awareness and Prevention
Phishing Attack Awareness and PreventionPhishing Attack Awareness and Prevention
Phishing Attack Awareness and Prevention
sonalikharade3
 

More Related Content

What's hot

Phishing exposed
Phishing exposedPhishing exposed
Phishing exposed
tamfin
 
Spear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishnaSpear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishna
Raghunath G
 
Ict Phishing (Present)
Ict Phishing (Present)Ict Phishing (Present)
Ict Phishing (Present)
aleeya91
 
a-decade-of-phishing-wp-11-2016
a-decade-of-phishing-wp-11-2016a-decade-of-phishing-wp-11-2016
a-decade-of-phishing-wp-11-2016
Eli Marcus
 
Identity Fraud and How to Protect Yourself
Identity Fraud and How to Protect YourselfIdentity Fraud and How to Protect Yourself
Identity Fraud and How to Protect Yourself
Barry Caplin
 
Id Theft Seminar 6
Id Theft Seminar 6Id Theft Seminar 6
Id Theft Seminar 6
krupp
 

What's hot (20)

The Phishing Ecosystem
The Phishing EcosystemThe Phishing Ecosystem
The Phishing Ecosystem
 
phishing and pharming - evil twins
phishing and pharming - evil twinsphishing and pharming - evil twins
phishing and pharming - evil twins
 
Phishing
PhishingPhishing
Phishing
 
Seminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII SemSeminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII Sem
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
 
Spear Phishing
Spear PhishingSpear Phishing
Spear Phishing
 
Phishing exposed
Phishing exposedPhishing exposed
Phishing exposed
 
Spear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishnaSpear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishna
 
Ict Phishing (Present)
Ict Phishing (Present)Ict Phishing (Present)
Ict Phishing (Present)
 
Phishing 101 General Course
Phishing 101 General CoursePhishing 101 General Course
Phishing 101 General Course
 
Phishing, Pharming, Clickjacking
Phishing, Pharming, ClickjackingPhishing, Pharming, Clickjacking
Phishing, Pharming, Clickjacking
 
What is a phishing attack
What is a phishing attackWhat is a phishing attack
What is a phishing attack
 
Identity Theft ppt
Identity Theft pptIdentity Theft ppt
Identity Theft ppt
 
a-decade-of-phishing-wp-11-2016
a-decade-of-phishing-wp-11-2016a-decade-of-phishing-wp-11-2016
a-decade-of-phishing-wp-11-2016
 
Internet Fraud
Internet FraudInternet Fraud
Internet Fraud
 
How to Prevent ID Theft
How to Prevent ID TheftHow to Prevent ID Theft
How to Prevent ID Theft
 
How to Protect Yourself From Identity Theft
How to Protect Yourself From Identity TheftHow to Protect Yourself From Identity Theft
How to Protect Yourself From Identity Theft
 
Identity Fraud and How to Protect Yourself
Identity Fraud and How to Protect YourselfIdentity Fraud and How to Protect Yourself
Identity Fraud and How to Protect Yourself
 
Id Theft Seminar 6
Id Theft Seminar 6Id Theft Seminar 6
Id Theft Seminar 6
 

Similar to Phish Phry- Analysis paper

E Mail Phishing Prevention and Detection
E Mail Phishing Prevention and DetectionE Mail Phishing Prevention and Detection
E Mail Phishing Prevention and Detection
ijtsrd
 
ICT-phishing
ICT-phishingICT-phishing
ICT-phishing
MH BS
 
December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10
seadeloitte
 
Email phishing: Text classification using natural language processing
Email phishing: Text classification using natural language processingEmail phishing: Text classification using natural language processing
Email phishing: Text classification using natural language processing
CSITiaesprime
 

Similar to Phish Phry- Analysis paper (20)

Phishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdfPhishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdf
 
Phishing Attack Awareness and Prevention
Phishing Attack Awareness and PreventionPhishing Attack Awareness and Prevention
Phishing Attack Awareness and Prevention
 
E Mail Phishing Prevention and Detection
E Mail Phishing Prevention and DetectionE Mail Phishing Prevention and Detection
E Mail Phishing Prevention and Detection
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...
 
ICT-phishing
ICT-phishingICT-phishing
ICT-phishing
 
Unit iii: Common Hacking Techniques
Unit iii: Common Hacking TechniquesUnit iii: Common Hacking Techniques
Unit iii: Common Hacking Techniques
 
Cyber crime and its types
Cyber crime and its typesCyber crime and its types
Cyber crime and its types
 
cybercrimeandtypes-19101817340 2.pdf
cybercrimeandtypes-19101817340 2.pdfcybercrimeandtypes-19101817340 2.pdf
cybercrimeandtypes-19101817340 2.pdf
 
Internet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptx
Internet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptxInternet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptx
Internet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptx
 
Internet Fraud
Internet FraudInternet Fraud
Internet Fraud
 
Lesson iv on fraud awareness (cyber frauds)
Lesson iv on fraud awareness (cyber frauds)Lesson iv on fraud awareness (cyber frauds)
Lesson iv on fraud awareness (cyber frauds)
 
Lesson iv on fraud awareness (cyber frauds)
Lesson iv on fraud awareness (cyber frauds)Lesson iv on fraud awareness (cyber frauds)
Lesson iv on fraud awareness (cyber frauds)
 
December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10
 
THE CYBER WORLD.pptx
THE CYBER WORLD.pptxTHE CYBER WORLD.pptx
THE CYBER WORLD.pptx
 
Phishing technique tanish khilani
Phishing technique tanish khilani Phishing technique tanish khilani
Phishing technique tanish khilani
 
Cyber crime social media &; family
Cyber crime social media &; familyCyber crime social media &; family
Cyber crime social media &; family
 
Email phishing: Text classification using natural language processing
Email phishing: Text classification using natural language processingEmail phishing: Text classification using natural language processing
Email phishing: Text classification using natural language processing
 

Recently uploaded

一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
ayvbos
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Monica Sydney
 
South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...
South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...
South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...
gragchanchal546
 
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
AS
 
一比一原版犹他大学毕业证如何办理
一比一原版犹他大学毕业证如何办理一比一原版犹他大学毕业证如何办理
一比一原版犹他大学毕业证如何办理
F
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
ydyuyu
 
一比一原版贝德福特大学毕业证学位证书
一比一原版贝德福特大学毕业证学位证书一比一原版贝德福特大学毕业证学位证书
一比一原版贝德福特大学毕业证学位证书
F
 
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiAbu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Monica Sydney
 
Leading-edge AI Image Generators of 2024
Leading-edge AI Image Generators of 2024Leading-edge AI Image Generators of 2024
Leading-edge AI Image Generators of 2024
SOFTTECHHUB
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
pxcywzqs
 
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
kumargunjan9515
 

Recently uploaded (20)

一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
Call girls Service Canacona - 8250092165 Our call girls are sure to provide y...
Call girls Service Canacona - 8250092165 Our call girls are sure to provide y...Call girls Service Canacona - 8250092165 Our call girls are sure to provide y...
Call girls Service Canacona - 8250092165 Our call girls are sure to provide y...
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 
South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...
South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...
South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...
 
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
 
PIC Microcontroller Structure & Assembly Language.ppsx
PIC Microcontroller Structure & Assembly Language.ppsxPIC Microcontroller Structure & Assembly Language.ppsx
PIC Microcontroller Structure & Assembly Language.ppsx
 
💚 Call Girls Bahraich 9332606886 High Profile Call Girls You Can Get The S...
💚 Call Girls Bahraich 9332606886 High Profile Call Girls You Can Get The S...💚 Call Girls Bahraich 9332606886 High Profile Call Girls You Can Get The S...
💚 Call Girls Bahraich 9332606886 High Profile Call Girls You Can Get The S...
 
一比一原版犹他大学毕业证如何办理
一比一原版犹他大学毕业证如何办理一比一原版犹他大学毕业证如何办理
一比一原版犹他大学毕业证如何办理
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
 
Local Call Girls in Gomati 9332606886 HOT & SEXY Models beautiful and charmi...
Local Call Girls in Gomati 9332606886 HOT & SEXY Models beautiful and charmi...Local Call Girls in Gomati 9332606886 HOT & SEXY Models beautiful and charmi...
Local Call Girls in Gomati 9332606886 HOT & SEXY Models beautiful and charmi...
 
一比一原版贝德福特大学毕业证学位证书
一比一原版贝德福特大学毕业证学位证书一比一原版贝德福特大学毕业证学位证书
一比一原版贝德福特大学毕业证学位证书
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
 
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiAbu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
 
Leading-edge AI Image Generators of 2024
Leading-edge AI Image Generators of 2024Leading-edge AI Image Generators of 2024
Leading-edge AI Image Generators of 2024
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
 
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
 

Phish Phry- Analysis paper

  • 1. Vulnerability Analysis Paper 1 PHISH PHRY Joydeep Banerjee, M.S. University of Illinois at Springfield Author Note Contact: Email-jbane2@uis.edu
  • 2. Vulnerability Analysis Paper 2 Table of Contents Preface................................................................................................................................ 3 Phishing.............................................................................................................................. 4 Introduction to Phishing............................................................................................. 4 Phishing Techniques .................................................................................................... 4 Case in Point: - Phish Phry ......................................................................................... 6 Modus Operandi .......................................................................................................... 6 Egypt Chapter.......................................................................................................... 6 United States Chapter............................................................................................. 6 Mitigation Techniques ................................................................................................. 6 Current Status of the Attack.................................................................................... 7 Word of Caution from Ground Zero...................................................................... 7 References.......................................................................................................................... 8 Acknowledgement............................................................................................................. 9
  • 3. Vulnerability Analysis Paper 3 Preface This analysis paper essentially covers the fundamentals of Phishing and the techniques employed for its accomplishment in real time scenarios. Phishing is one of the very common ways applied by the cyber criminals and hackers to bait the users into sharing confidential data and information. The data or information, so gathered, is used to perform nefarious activities often leading to huge financial loses, bankruptcy and identity theft. The paper also discusses on one of most notorious phishing scams of the decade Phish Phry which amounted to a loss of 1 million dollars and compromising confidential data of thousands of customers of two very reputed banks of the USA. The scam finally got busted in the year 2011 convicting 47 people in the federal court. Like many security experts of the world today, Dave Jevans, an industry expert, exclaimed, “As far as a dent in the number of phishers out there and the phishing gangs, it's probably not significant.”
  • 4. Vulnerability Analysis Paper 4 Phishing Introduction to Phishing Phishing is a kind of social engineering technique often used to steal personal and private information of users. The attacker masquerades as a popular or trusted or reputed entity or a person and tries to deceive the user by maintaining a very convincing approach. The hacker dupes a user into clicking on a link or press a button or open a certain webpage that leads to installation of malware or revelation of confidential data and information. Phishing Techniques Phishing can be accomplished using mediums like social websites, banks, email, messenger applications and auction websites. Mentioned below are a few techniques of performing a phishing attack: Email Email Phishing is one of the most common phishing techniques where the scammers broadcast the same email to millions of users. The users are usually asked to provide personal information and often their financial information as well. The scammers often create a sense of urgency or emergency in the minds of the users to persuade them to fill in the information. The gathered information is generally sold or used for nefarious activities. Link Manipulation Link Manipulation Phishing is a technique where a scammer sends or broadcasts a hyperlink to user(s) using instant messaging and manipulates them to click on that link. As the user opens the link, it directs him to a fake website which has a look and feel of an authentic website. The user might put in his credentials which in turn reaches the hands of the phishers. Web Based Delivery Web Based Delivery Phishing is a technique where a phisher plays as the man-in-the- middle between a website and the system. The phisher collects information passed on by the user keeping the user completely in the dark. Trojan horse Trojans are malwares that are installed in the users’ machines without their knowledge or consent to gather information from their machines.
  • 5. Vulnerability Analysis Paper 5 Key Loggers Key Loggers are also malware programs that records the keyboard inputs and sends the information to the phisher. The information then can be used to break passcodes or other confidential information. Session Hacking Session Hacking is a way where the hacker uses a sniffer to access information illegally from a webserver. Phone Phishing Phone phishing is a kind of phishing where the hacker calls the user over phone and asks for confidential information impersonating themselves as someone from a recognized organization like banks, credit card companies etc. Content Injection Content Injection is a type of phishing where the phisher doctors a page in an authentic website to deceive the users and lead them to fake pages where they are asked to enter confidential information. System Reconfiguration Hackers often message a user to change the settings of the computer. The message generally is sent from a web address that looks like an authentic site. Search Engine Phishing Search Engine is a technique where users are taken or lured to websites where products are sold at cheaper prices. These sites are used to gather credit card or net banking details of the users. Phishers have been attacking bank customers and online payment service users to usurp their financial information. Earlier the attacks used to be indiscriminate with a hope that few might fall for the trap. With the advent of sophisticated techniques like data mining and data analytics and illegal practices like insider trading and selling of data, attackers are now able to perform targeted phishing. The phishing mails are sent to classified, highly potential victims and the hit rate has increased considerably in the recent times. This has culminated to large scale identity thefts and huge financial losses like in one of the most notorious phishing cases of all times - Phish Phry.
  • 6. Vulnerability Analysis Paper 6 Case in Point: - Phish Phry Phish Phry is one of the largest phishing cases till date that has entailed almost 100 people charged in the US and Egypt. The criminals primarily targeted U.S. banks, namely Wells Fargo and Bank of America, and as many as thousands of customers by stealing and misusing their financial data and confidential information to transfer almost $1.5 million to their own fake accounts. The fraudsters are indicted for computer fraud, identity theft, conspiracy to commit bank fraud and money laundering. Modus Operandi Attackers or Phishers used to contact the customers by sending them fake emails that seemed like official ones from banks or credit card companies. The emails then used to take the victims to fake websites with a real look and feel. The users then would enter account details, passcodes and confidential identification information. Egypt Chapter In Egypt the financial information collected from the fake website were used to hack into the bank accounts. Then, the hackers and their handlers used to inform their counterparts in U.S. through text messages or phone calls or online messengers. The U.S. handlers would then facilitate the transferring of the money from the victims’ accounts to the freshly created fake accounts. United States Chapter The U.S. chapter of the scam was looked after by: 1. Nichole Michelle Merzi, 25, of Oceanside, CA; 2. Kenneth Joseph Lucas, 26, of Los Angeles, CA; and 3. Jonathan Preston Clark, 26, of Los Angeles, CA. These 3 scamsters ordered recruitments to open bank accounts to transfer the stolen money. Then an agreed portion of the money used to be withdrawn and wired to the Egyptian handlers. Mitigation Techniques Phishing attack Phish Phry could have been detected and neutralized had the affected users performed the following preventive actions :  Using caution when checking emails or clicking any link in the email without verifying the authenticity of the source. Never falling prey to the scare tactics or sense of urgency created by attackers to get confidential or private information
  • 7. Vulnerability Analysis Paper 7  Setting Spam filters to high will keep the inbox free from spam mailers  Using right anti-virus program will help in detecting and neutralizing the unwanted programs or viruses or malwares  Checking website URLs carefully to avoid visiting look-alike spoofed versions of websites with almost similar URLs  Avoiding to chat with any stranger over internet and giving out any private information or changing any privacy settings on being asked or advised  Raising awareness and educating peers to maintain precaution as stated above. Current Status of the Attack The attack has been contained and the customers are compensated by both the banks for the loses. Both Wells Fargo and Bank of America have increased their awareness campaigns and customer education in a bid to combat phishing practices. Wells Fargo has an emergency dial and mail address to report suspicious mails or messages. Bank of America, too, has an emergency mail address to flag phishing attempts. Efforts are on in full swing to educate the customers but at the end of the day it’s the customers whose caution can save themselves from being victimized. Word of Caution from Ground Zero “Cybercrime might not seem real until it hits you,” Mueller said. “But every personal, academic, corporate, and government network plays a role in national security.” The Bureau wants the law enforcement and intelligence agencies to work hand-in-hand to fight against cybercrimes like phishing. Even though the government is working hard to keep high standards and building partnerships, Mueller added, “we are still outnumbered by cyber criminals.” His piece of advice for the users using smart devices to use firewalls, antiviruses and maintain a strong password policy or practice. “We all have a responsibility to protect the infrastructure that protects the world,” Mueller said.
  • 8. Vulnerability Analysis Paper 8 References 1. http://searchsecurity.techtarget.com/definition/Operation-Phish-Phry 2. http://www.computerworld.com/article/2528769/cybercrime-hacking/operation- phish-phry-hooks-100-in-u-s--and-egypt.html 3. https://archives.fbi.gov/archives/news/stories/2009/october/phishphry_100709 4. http://www.phishing.org/phishing-techniques/ 5. http://www.forbes.com/sites/billsinger/2012/05/15/feds-catch-their-illegal-limit- in-operation-phish-phry/#140d6e02411a 6. https://en.wikipedia.org/wiki/Phishing 7. https://www.wellsfargo.com/privacy-security/fraud/report/phish/ 8. https://www.bankofamerica.com/privacy/report-suspicious-email.go
  • 9. Vulnerability Analysis Paper 9 Acknowledgement Before I conclude I would like to take this opportunity to express my sincere gratitude to the Department of Computer Science, University of Illinois at Springfield, for providing me the scope to engage myself into research based learning. I owe my deep regards to Professor Mark Huson for being the guide and the torchbearer during the course of writing this paper. I thank my family and my God for being a constant source of inspiration for me. I hope I have been able to deliver to the best of my abilities to prepare this paper in its present shape. Thank you so much. Cheers!