-The project "Strengthening European Network Centres of Excellence in Cybercrime" (SENTER
project, Reference No HOME/2014/ISFP/AG/7170) is funded by the European Commission under
Internal Security Fund-Police 2014-2020 (ISFP). The main goal of the project is to create a single
point of Reference for EU national Cybercrime Centres of Excellence (CoE) and develop further the
Network of national CoE into well-defined and well-functioning community. More details here: http://www.senter-project.eu/
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Phishing Presentation
1. SENTER Project
HELLENIC POLICE LIEUTENANT’S SCHOOL
Presentation of Phishing
Police Lieutenant Trainee
Nikolaos Georgitsopoulos
Hellenic Police Lieutenant’s School
Greece
Athens, 03 November 2017
Seminar Work for the Module “Internet Technologies”
2. 2
Presentation of Phishing: Athens, 03 November 2017
Contents
1. Theoretical Part
a) Cybercrime
b) What is Phishing?
c) Phishing Types
d) Phishing and Online Banking Fraud
e) Spear Phishing
f) Technical measures (browser technologies, security software, etc.)
available to detect phishing attempts
2. Practical Part
a) Phishing simulation program
b) The Phishing Campaign
c) General guidelines for employees in order to avoid phishing
3. 3
Cybercrime
1. Cybercrime consists of criminal acts that are committed
online by using electronic communications networks
and information systems.
2. It is a borderless problem that can be classified in three
broad definitions:
Crimes specific to the Internet, such as attacks
against information systems (like phishing etc).
Online fraud and forgery.
Illegal online content.
Presentation of Phishing: Athens, 03 November 2017
4. 4
Types of cybercrime (a)
• Illegal computer hacking and cracking;
• Developing and/or spreading malicious code;
• Spamming;
• Ddos attacks;
• Network intrusion;
• Software piracy;
Presentation of Phishing: Athens, 03 November 2017
5. 5
Types of cybercrime (b)
• Network-based or network-enabled crimes (such as
phishing);
• Intellectual property rights (IPR) crimes;
• Distribution of child sexual abuse imagery;
• Grooming of children for sexual purposes
• Phreaking;
• Conditional access piracy.
Presentation of Phishing: Athens, 03 November 2017
6. 6
What is Phishing? (a)
• Phishing is a form of Cybercrime.
• Phishing is the attempt to obtain sensitive information
such as usernames, passwords, and credit card details
(and, indirectly, money), often for malicious reasons, by
disguising as a trustworthy entity in an electronic
communication.
• Phishing is the process of enticing people into visiting
fraudulent websites and persuading them to enter
identity information such as usernames, passwords etc.
Presentation of Phishing: Athens, 03 November 2017
7. 7
What is Phishing? (b)
• Phishing, the act of stealing personal information via the
internet for the purpose of committing financial fraud.
• Rely on unsolicited communications by email, SMS or
telephone.
• The attacker purports to represent a third reliable party.
• An attempt to convince the victim to divulge sensitive
information, such as login credentials or payment details.
Presentation of Phishing: Athens, 03 November 2017
8. 8
Short History of Phishing (a)
• Originated sometime around the year 1995.
• Phreaks and hackers have always been closely linked.
The “ph” spelling was used to link phishing scams with
these underground communities.
• Through the America Online (AOL) in 1996, instant
messenger and email systems, they would send
messages to users while posing as AOL employees.
Presentation of Phishing: Athens, 03 November 2017
9. 9
Short History of Phishing (b)
• In late 2003, phishers registered dozens of domains that
looked like legitimate sites like eBay and PayPal if you
weren't paying attention.
• They used email worm programs to send out spoofed
emails to PayPal customers.
• By the beginning of 2004, phishers were riding a huge
wave of success that included attacks on banking sites
and their customers.
• Popup windows were used to acquire sensitive
information from victims.
Presentation of Phishing: Athens, 03 November 2017
11. 11
Phishing and Online Banking Fraud (a)
• Bank customers are popular targets of those who
engage in phishing attacks.
• Sending out thousands of spoof emails.
• Criminals impersonate bank websites in order to get
unsuspecting users to provide their login credentials.
• At the first glance the fraudulent email looks reliable
regarding its sender, form, and content and is thus
almost indistinguishable from a real one.
Presentation of Phishing: Athens, 03 November 2017
12. 12
Phishing and Online Banking Fraud (b)
• After that the faked website asks for personal data or
access information from the user that is then used for
fraudulent transactions.
• The cybercriminal now has all the necessary information
to steal the victim’s identity and have access to the bank
account.
• The phishers use the information they've gathered to
make illegal purchases or otherwise commit fraud.
Presentation of Phishing: Athens, 03 November 2017
13. 13
The flow of information in a phishing attack
Presentation of Phishing: Athens, 03 November 2017
14. 14
Examples of malware used to conduct bank
phishing scams
1. Bancos (2003) also identified as banker by some anti-
virus companies.
2. Targeted Brazilian banks.
3. Bancos monitored internet explorer for specific bank
urls and attempts to capture account information.
4. Overlay certain banking web pages with a fake one that
captures the information directly from a user.
Presentation of Phishing: Athens, 03 November 2017
15. 15
Spear Phishing (a)
• Spear phishing is a much more targeted attack.
• The hacker knows which specific individual or
organization they are after.
• Research on the target in order to make the attack more
personalized.
• Spear-phishing attacks are much more targeted and
involve duping particular individuals within a specific
organization.
Presentation of Phishing: Athens, 03 November 2017
16. 16
Spear Phishing (b)
• They send customized, credible emails that appear to
come from a trusted source.
• Enhancing their authenticity and legitimacy.
• Increasing the probability of the individual complying with
their request.
• The recipient of the e-mail needs to be convinced.
• The hacker will gain remote access or log their
keystrokes and ultimately gain access to their PCs.
Presentation of Phishing: Athens, 03 November 2017
17. 17
An example of Spear Phishing: The CEO Fraud (a)
• Target business companies and their employees trying to
gain financial profit or intelligence profit by compromising
business secrets or other information.
• CEO fraud involves tricking someone into making a large
wire transfer into what turns out to be a bogus account.
• On a few occasions, however, checks are used instead
of wire transfers.
Presentation of Phishing: Athens, 03 November 2017
19. 19
1. A fraudster calls posing as a high ranking figure of the company (e.g.
CEO or CFO). He appears to be the CEO or the CFO (Chief Financial
Office).
2. That executive then requires from the employee an urgent transfer of
funds confidential.
3. The fraudster invokes that this is a sensitive situation.
4. The fraudster pressures the employee not to follow the regular
authorization procedures and bypass the security checks.
5. The fraudster gives the proper instructions to the employee on how to
proceed.
6. The final step is the employee to transfer the funds to an account
controlled by the fraudster.
7. The money is re-transferred to accounts in multiple jurisdictions.
Presentation of Phishing: Athens, 03 November 2017
An example of Spear Phishing: The CEO Fraud (c)
20. 20
Technical measures (browser technologies,
security software, etc.) available to detect phishing
attempts (a)
• Anti-phishing software consists of computer programs that
attempt to identify phishing content contained in websites and
e-mail or block users from being tricked.
• Web browsers comes with built-in anti-phishing and anti-
malware protection services.
• Password managers can also be used to help defend against
phishing and protect sensitive data.
• Filtering: anti-spam filters may be configured to identify specific
known phishing messages and prevent them from reaching a
user.
Presentation of Phishing: Athens, 03 November 2017
21. 21
Technical measures (browser technologies,
security software, etc.) available to detect phishing
attempts (b)
• Authentication: determine whether the IP address of a
transmitting mail transfer agent is authorized to send a
message from the sender’s domain.
• Signing: Cryptographic signing of email
• Outgoing data monitoring: A browser plug-in such as a
toolbar can store hashes of confidential information, and
monitor outgoing information to detect confidential information
being transmitted.
• Data destination blacklisting: block data transmissions to
specific IP addresses known to be associated with phishers.
Presentation of Phishing: Athens, 03 November 2017
22. 22
LUCY: A Phishing Simulation Program (a)
• A customizable awareness program used by information
security professionals in higher education and private
industry.
• An effective training program.
• Allows organizations to simulate phishing e-mails.
• Help identify which end users are more susceptible to
such targeted e-mail attacks.
• Engage in more focused training opportunities to help
users recognize phishing attempts.
Presentation of Phishing: Athens, 03 November 2017
23. 23
LUCY: A Phishing Simulation Program (b)
Presentation of Phishing: Athens, 03 November 2017
• Installed LUCY server through the virtual box
• The server provides you with an IP address
and a username and also a password.
24. 24
LUCY: A Phishing Simulation Program (c)
• The user needs to enter to Lucy login environment with
the previous credentials.
Presentation of Phishing: Athens, 03 November 2017
25. 25
LUCY: A Phishing Simulation Program (d)
Presentation of Phishing: Athens, 03 November 2017
Created a new phishing campaign. Two templates:
1. The first one was about a phishing e-mail coming
from MasterCard.
2. The second one was informing the user that he had
an encrypted message and he had to use his
Microsoft account credentials.
26. 26
LUCY: A Phishing Simulation Program (e)
Add the recipients of the e-mails. I used all my functional e-
mail accounts.
Presentation of Phishing: Athens, 03 November 2017
27. 27
LUCY: A Phishing Simulation Program (f)
Launch my phishing attack
Presentation of Phishing: Athens, 03 November 2017
28. 28
LUCY: A Phishing Simulation Program (g)
Checked my e-mails. Only in one of my four mail accounts I
received the e-mail messages.
Presentation of Phishing: Athens, 03 November 2017
29. 29
LUCY: A Phishing Simulation Program (h)
Presentation of Phishing: Athens, 03 November 2017
30. 30
LUCY: A Phishing Simulation Program (j)
The second mail was about a MasterCard service and
asked from the user to change his password because there
was a previous suspicious attempt.
Presentation of Phishing: Athens, 03 November 2017
31. 31
LUCY: A Phishing Simulation Program (k)
Presentation of Phishing: Athens, 03 November 2017
32. 32
LUCY: A Phishing Simulation Program (j)
In conclusion the simulated phishing attack was partially
successful because only two of the eight mails were
delivered to the final recipients. The license doesn’t allow to
see the collected data from this phishing attack.
Presentation of Phishing: Athens, 03 November 2017
33. 33
General guidelines for employees in order to avoid
phishing, fraud scam and social engineering
1. Be AWARE of the risks and spread the information
2. Be careful when using social media
3. Avoid sharing sensitive information
4. Never open suspicious links or attachments received by e-mail
5. If you receive a call/email alerting you of a security breach, do not provide
information right away or proceed with a transfer
6. Consult a colleague even if you were asked to use discretion.
7. Assigning responsibility
8. If a supplier informs you of a change in payment details, always contact him
to confirm the new information
9. Strictly apply the security procedures in place for payments and
procurement
10. Always contact the police in case of fraud attempts
Presentation of Phishing: Athens, 03 November 2017
34. 34
Conclusion
1. Phishing is a highly profitable activity for cybercriminals.
2. Phishing and its specific forms such as the spear
phishing reveal that internet users may be vulnerable if
they are not properly trained and do not know the
immense dangers.
3. No single technology will completely stop phishing.
4. Good organization and practices, awareness training,
proper application of current technologies, and
improvements in security technology has the potential to
drastically reduce the prevalence of phishing.
Presentation of Phishing: Athens, 03 November 2017
35. Thank you for your attention!
Hellenic Police Lieutenants’ School
Address: Thrakomakedonon Av. 101, PO 13679 – Acharnes, Attiki - Greece
Tel: +30 210-2424296, Fax : +30 210-2460964,
E-mail: saea.policeacademy@hellenicpolice.gr, Website: www.hellenicpolice.gr
Editor's Notes
Good Moring. My name is Nikolaos Georgitsopoulos. For today the topic of my presentation will be Phishing.
First we gonna see:
This working paper presents phishing and its various forms. The work is divided into two parts. A theoretical one and second a practical one. The theoretical part presents all theoretical elements such as what phishing is, a brief history of it, how phishing works and some examples. After that it explained is a more specific form of phishing (spear) and analyzing it. The reader can then find information on technical measures in how to address this phenomenon.
The practical part introduces the creation of a simulated phishing campaign through a dedicated software. The recipients of this simulated attack were identified and then designed for how to perform. Through a LUCY platform, we have been able to create such a campaign so that its users can assess the risks and threats that may be of interest to them in each branch of activity.
In the bibliography there is not an agreed definition of cybercrime, the terms "cybercrime", "computer crime", "computer-related crime" or "high-tech crime" are often used interchangeably. In general, “cybercrime” is understood as "criminal acts committed using electronic communications networks and information systems or against such networks and systems", (Council of Europe, 2001).
Cybercrime consists of criminal acts that are committed online by using electronic communications networks and information systems. It is a borderless problem that can be classified in three broad definitions, (European Commission, 2017):
Crimes specific to the Internet, such as attacks against information systems or phishing (e.g. fake bank websites to solicit passwords enabling access to victims' bank accounts).
Online fraud and forgery. Large-scale fraud can be committed online through instruments such as identity theft, phishing, spam and malicious code.
Illegal online content, including child sexual abuse material, incitement to racial hatred, incitement to terrorist acts and glorification of violence, terrorism, racism and xenophobia.
illegal computer hacking and cracking (the unauthorised access of computers, sometimes exploiting flaws in the system itself);
developing and/or spreading malicious code (such as viruses and Trojans which do damage to computer operating systems or are used in other ways to commit cybercrimes or conventional crimes);
spamming (sending out multiple emails, usually through a set of infected computers called a 'Botnet');
DDoS attacks ('Distributed Denial of Service’, a way of flooding a server with multiple requests that might then bring the website down);
network intrusion (breaking into computer networks, often using hacking techniques and usually to steal information, sow viruses or attempt blackmail);
software piracy (stealing commercial software);
network-based or network-enabled crimes (such as phishing – an attempt to 'con' people through unsolicited emails – and identity theft),
Intellectual Property Rights (IPR) crimes (for example illegal file-sharing of copyright-protected music and video, stealing confidential commercial information);
distribution of child sexual abuse imagery;
grooming of children for sexual purposes, e.g. through social network sites;
phreaking (unauthorised use of telephone systems either to make free calls or increasingly as a form of anonymity for organised crime);
conditional access piracy (for example the illegal decryption of satellite TV signals).
In this chapter we are going to focus on definitions about phishing.
According to a definition…
Although the practice originated sometime around the year 1995, these types of scams were not commonly known by everyday people until nearly ten years later.
There is also a good reason for the use of “ph” in place of the “f” in the spelling of the term. Some of the earliest hackers were known as phreaks. Phreaking refers to the exploration, experimenting and study of telecommunication systems. Phreaks and hackers have always been closely linked. The “ph” spelling was used to link phishing scams with these underground communities.
Back when America Online (AOL) in 1996 was the number-one provider of Internet access, millions of people logged on to the service each day. Its popularity made it a natural choice for those who had less than pure motives. From the beginning, hackers and those who traded pirated software used the service to communicate with one another. This community was referred to as the warez community. It was this community that eventually made the first moves to conduct phishing attacks,
Spear phishing Is an email-spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information.
Clone phishing is a type of phishing attack whereby a legitimate, and previously delivered, email containing an attachment or link has had its content and recipient address(es) taken and used to create an almost identical or cloned email.
Most methods of phishing use some form of technical deception designed to make a link in an email (and the spoofed website it leads to) appear to belong to the spoofed organization.
Phishers have even started using images instead of text to make it harder for anti-phishing filters to detect text commonly used in phishing emails.
Website forgery: the link to the website is crafted to carry out the attack, making it very difficult to spot without specialist knowledge.
Malvertising is malicious advertising that contains active scripts designed to download malware or force unwanted content onto your computer.
Covert redirect is a subtle method to perform phishing attacks that makes links appear legitimate, but actually redirect a victim to an attacker's website.
According to Emigh, (2005) the simplified flow of information in a phishing attack is:
A deceptive message is sent from the phisher to the user.
A user provides confidential information to a phishing server (normally after some interaction with the server).
The phisher obtains the confidential information from the server.
The confidential information is used to impersonate the user.
The phisher obtains illicit monetary gain.
Cybercriminals make their research and they target business companies and their employees trying to gain financial profit or intelligence profit by compromising business secrets or other information.
CEO fraud is another name for this scam and it usually involves tricking someone into making a large wire transfer into what turns out to be a bogus account
On a few occasions, however, checks are used instead of wire transfers
Two main modi operandi dominated on European law enforcement cases was, (Europol, 2017):
1. CEO (Chief Executive Office) fraud and
2. Mandate fraud
Step 1: A fraudster calls posing as a high ranking figure of the company (e.g. CEO or CFO). He appears to be the CEO or the CFO (Chief Financial Office). This is a typical example of vishing.
Step 2: That executive then requires from the employee an urgent transfer of funds. Additionally this transfer must be absolute confidential.
Step 3: The fraudster invokes that this is a sensitive situation (e.g. tax control; merger; acquisition etc).
Step 4: The fraudster pressures the employee not to follow the regular authorization procedures and bypass the security checks.
Step 5: The fraudster gives the proper instructions to the employee on how to proceed. Instructions might also be given later by a third-person or via e-mail.
Step 6: The final step is the employee to transfer the funds to an account controlled by the fraudster. The money is re-transferred to accounts in multiple jurisdictions.
Step 1: A fraudster calls posing as a high ranking figure of the company (e.g. CEO or CFO). He appears to be the CEO or the CFO (Chief Financial Office). This is a typical example of vishing.
Step 2: That executive then requires from the employee an urgent transfer of funds. Additionally this transfer must be absolute confidentiality.
Step 3: The fraudster invokes that this is a sensitive situation (e.g. tax control; merger; acquisition etc).
Step 4: The fraudster pressures the employee not to follow the regular authorization procedures and bypass the security checks.
Step 5: The fraudster gives the proper instructions to the employee on how to proceed. Instructions might also be given later by a third-person or via e-mail.
Step 6: The final step is the employee to transfer the funds to an account controlled by the fraudster. The money is re-transferred to accounts in multiple jurisdictions.
Vishing: Phishing through VOIP and Telephone.
Be AWARE of the risks and spread the information within your company.
Be careful when using social media: by sharing information on your workplace and responsibilities you increase the risks of becoming a target.
Avoid sharing sensitive information on the company’s hierarchy, security or procedures.
Never open suspicious links or attachments received by e-mail. Be particularly careful when checking your personal mail boxes on the company’s computers.
Always carefully check e-mail addresses when dealing with sensitive information/money transfers. Fraudsters often use copycat e-mails where only one character differs from the original.
If you receive a suspicious e-mail or call, always inform your IT department; they are the ones in charge of such issues. They can check the content of suspicious mail and block the sender if necessary.
In case of doubt on a transfer order, always consult a colleague even if you were asked to use discretion.
If you receive a call/email alerting you of a security breach, do not provide information right away or proceed with a transfer. Always start by calling the person back using a phone number found in your own records or on the official website of the company; do not use the number provided to you in the mail or by the caller. If you were contacted by phone, call back using another phone (fraudsters use technology to remain online after you hang up).
In case of doubt on a transfer order, always consult a colleague even if you were asked to use discretion.
Consider assigning responsibility to an employee whom others can consult in case of doubt.
If a supplier informs you of a change in payment details, always contact him to confirm the new information. Keep in mind that the e-mail/phone number provided on the invoice might have been modified.
Strictly apply the security procedures in place for payments and procurement. Do not skip any steps and do not give in to pressure.
Always contact the police in case of fraud attempts, even if you did not fall victim to the scam.
Phishing is a highly profitable activity for cybercriminals.
Phishing and its specific forms such as the spear phishing reveal that internet users may be vulnerable if they are not properly trained and do not know the immense dangers.
No single technology will completely stop phishing.
Good organization and practices, awareness training, proper application of current technologies, and improvements in security technology has the potential to drastically reduce the prevalence of phishing.