SlideShare a Scribd company logo

Strategies to handle Phishing attacks

Download as PPT, PDF
Sreejith.D. Menon
Sreejith.D. Menon

Strategies to handle Phishing attacks - a seminar for ISACA coimbatore chapter. It talks about phishing and strategies to defend phishing.

1 of 30
d DATE: 4th March, 2017 Venue: Hotel Grand Regent (Coimbatore)
[- AGENDA -] [x] Overview of Phishing. [x] Types of Phishing. [x] What Phishing is not? [x] Techniques of Phishing. [x] Phishing information flow. [x] Phishing attack life cycle and taxonomy. [x] Anti-phishing efforts (Community & Commercial). [x] Detection, Prevention and Incident response. [x] Educational videos. [x] Bibliography.
[^] Phishing is an attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. [- Overview of Phishing -] [^] Phishing is typically carried out by email spoofing or instant messaging. [^] It presents a fake website that has almost the same look-and-feel of the original. It directs the user to enter sensitive information. [^] Communications purporting to be from social web sites, auction sites, banks, online payment processors or IT administrators are often used to lure victims. [^] Phishing can also be achieved by tricking a victim into installing a malware with the intention of gaining sensitive information. However one or more malware may also corrupt data. [^] According to the 3rd Microsoft Computing Safer Index Report released in February 2014, the annual worldwide impact of phishing could be as high as $5 billion.
[^] Spear phishing:- Phishing attempts directed at specific individuals or companies have been termed spear phishing. Attackers may gather personal information about their target to increase their probability of success. This technique is, by far, the most successful on the internet today, accounting for 91% of attacks. [^] Clone phishing:- Clone phishing is a type of phishing attack whereby a legitimate, and previously delivered,email containing an attachment or link has had its content and recipient address(es) taken and used to create an almost identical or cloned email. The attachment or link within the email is replaced with a malicious version and then sent from an email address spoofed to appear to come from the original sender. It may claim to be a re-send of the original or an updated version to the original. This technique could be used to pivot (indirectly) from a previously infected machine and gain foothold on another machine, by exploiting the social trust associated with the inferred connection due to both parties receiving the original email. Types of phishing
5 [^] Whaling :- - Several phishing attacks have been directed specifically at senior executives and other high-profile targets within businesses, and the term whaling has been coined for these kinds of attacks. - In the case of whaling, the masquerading web page/email will take a more serious executive-level form. The content will be crafted to target an upper manager and the person's role in the company. - The content of a whaling attack email is often written as a legal subpoena,customer complaint, or executive issue. Whaling scam emails are designed to masquerade as a critical business email, sent from a legitimate business authority. The content is meant to be tailored for upper management,and usually involves some kind of falsified company-wide concern. Whaling “phishermen” have also forged official-looking FBI subpoena emails, and claimed that the manager needs to click a link and install special software to view the subpoena. Types of phishing
Click What Phishing is not? add title [^] Firstly Phishing is different from “Fraud” because it combines: - Social Engineering - Phishing exploits individuals’ vulnerabilities to dupe victims into acting against their own interests. - Automation - Computers are used to carry out phishing attacks on a massive scale. - Electronic Communication - Phishers use electronic communications networks (primarily the Internet). - Impersonation - A phishing attack requires perpetrators to impersonate a legitimate firm or government agency. [^] Non-Phishing examples:- - Internet-based worms (attacks) - Virus-email (attacks) - Relatives stealing your wallet (identity theft) - Spam
Techniques of Phishing [^] Link manipulation:- Link manipulation is done by at least four methods as understood currently - Misspelled URLs – The hacker takes a domain that has a name quite similar to some legitimate domain name. Example:- www.citihank.com - Sub-domains – Many links on a portal/website redirect traffic to sub-domains Example:(legit) support.microsoft.com. It is easy for the hacker to craft a URL to confuse the user Example:- (Illicit) microsoft.secuvity.com. While it looks like “secuvity” is some sub-domain of Microsoft, it is actually a trickery. The “Microsoft” word is resolved in the “secuvity” domain (not the other way) which might be the hacker-owned domain. - HTML anchor tag manipulation – The <A> is a tag that belongs to HTML. It is what helps us to put links on web pages. However a hacker can show some legitimate text to the user as a destination URL while internally it takes a malefic route. Example: <a href=”www.badhacker.com”>www.indiatimes.com</a> - IDN spoofing/Homograph attack – Since the internet (software) has to support different languages even domain names and URLs can have characters of different languages. A hacker can replace a similar-looking alphabet (Homoglyph but sometimes called Homograph) belonging to a different language in the domain name and acquire a separate domain name that looks similar to something existing. For example the Cyrillic “Ё” can be used in place of an English “E”.
Techniques of Phishing [^] Filter evasion:- Since phishing filters rely mostly on characters in phishing emails, hackers have started using images, clicking which the user is directed to the malefic site. Anti-phishing filters are emerging that can now counter-attack these cases. [^] Website forgery:- - After a user enters a phishing site, the hacker, further, uses JavaScript commands to fake the web address by super-imposing images. - Hackers have used Cross-site scripting (XSS) attacks against well known payment sites to force the user to enter his/her login credentials. XSS exploits the existing source script and injects malefic code which the user's browser (script engine) executes unknowingly. - Prevalence of “kits” like the notorious MITM phishing kit (2007) helps design fake websites, that can capture login details, easily. - PHLASHING - To counter-attack anti-phishing technology, hackers have started using “FLASH” based objects in their website. This way all graphics including text and graphics are “sand-boxed”.
Techniques of Phishing [^] Open & Covert redirect :- URL redirection is a productive functionality that helps a webpage to redirect a page request to another page. However the same can be exploited if appropriate validation is not being done by the webpage (code) when it redirects the user to a page as per user input. Such an option is termed as open-redirect and the attack itself is called open-redirect attack. Example:- http://example.com/example.php?url=http://malicious.example.com A covert-redirect happens because of the overconfidence one party has on its partner when it redirects to the partner. But this also exploits the fact that the partner website is vulnerable to the open-redirect attack. Example:- Facebook logins are allowed in few “partner” websites. A hacker can misuse this and provide partner's domain in the request which Facebook will respond with an “login and authorize” fashion. Once this login is successful the hacker will use a open redirect attack vulnerability to transfer the user to the malicious site. In the interim the attacker would probably even get full control on the user account. Several well-known websites are prone to this attack. [^] VISHINGVISHING or phone-phishing is where fake message claim to dial back onto specific numbers. These callback-numbers have automated-request for account number and PIN. Thereby the hacker gets the user credentials.
Phishing information flow Three componentsThree components Mail senderMail sender: sends large: sends large volume of fraudulent emails.volume of fraudulent emails. CollectorCollector: collect sensitive: collect sensitive information from users.information from users. CasherCasher: use the collected: use the collected sensitive information to en-sensitive information to en- cash.cash.
Phishing attack life-cycle [^] Planning:- Whom to attack, what/how to steal, what ruse to use. [^] Setup:- Creates attack materials and “machinery” . [^] Attack:- [^] Collection:- Harvest credentials. [^] Fraud and abuse:- Trade, use or store credentials. [^] Post-attack:- a) Attacker clean-up and lessons learned. b) Victim clean-up.
Anti-Phishing communities Among the various Anti-Phishing communities, below are two well known ones. The Anti-Phishing Working Group (APWG) is an international consortium that brings together businesses affected by phishing attacks, security products and services companies, law enforcement agencies, government agencies, trade association, regional international treaty organizations and communications companies. Founded in 2003 by David Jevans, the APWG has more than 3200+ members from more than 1700 companies and agencies worldwide. Member companies include leading security companies such as BitDefender, Symantec, McAfee, VeriSign, IronKey and Internet Identity. Financial Industry members include the ING Group, VISA, MasterCard and the American Bankers Association. PhishTank is an anti-phishing site.PhishTank was launched in October 2006 by entrepreneur David Ulevitch as an offshoot of OpenDNS. The company offers a community-based phish verification system where users submit suspected phishes and other users "vote" if it is a phish or not.PhishTank is used by Opera, WOT, Yahoo! Mail, McAfee, APWG, CMU, ST Benard, Mozilla, Kaspersky, Firetrust, Officer Blue, FINRA, Message Level, SURBL, Sanesecurity for ClamAV,Career Builder, Site Truth, Avira, C-SIRT, and by PhishTank SiteChecker. PhishTank data is provided gratis for download or for access via an API call, including for commercial use, under a restrictive license.
Anti-phishing working group (APWG)
PHISHTANK
Server-based solutions (Used by service providers – ISP, financial institutions) Brand monitoring - Crawling on-line to identify “clones” which are nothing but the phishing pages. Suspected websites are added to a centralized “Black-list”. Behavior detection - Study user behavior with some algorithms. Continue the study for a certain epoch. Subsequent transnational-behavior is validated against the recorded behavior. Security event monitoring - Security event analyses by way of correlation of security events generated as part of OS,network and device logging. Strong authentication - More than one factor authentication. This ensure loss of one factor doesn't completely result in an identify theft.
Client-based solutions (Browser plugins and email clients) E-mail analysis – Bayes spam filtering with Hidden-Markov model based algorithms can be leveraged to detect even phishing. Black-list – Collection of URLs that are identified as malicious. Information flow – While a user could be tricked with obfuscated URLs the code flow itself cannot be cheated easily. The code path (and data being processed) can be analyzed to identify phishing. Similarity of layouts – Advanced techniques that analyze visual similarity between two web pages.
Client-based anti-phishing programs Avast! Avira Premium Security Suite CryptoPhoto mutual authentication Cyscon Security Shield - browser extension for Firefox Earthlink ScamBlocker (discontinued) eBay Toolbar ESET Smart Security GeoTrust TrustWatch Google Safe Browsing (used in Mozilla Firefox, Google Chrome, Opera, Safari, and Vivaldi) SmartScreen Filter (used in Microsoft Edge and Internet Explorer)
Client-based anti-phishing programs Kaspersky Internet Security McAfee SiteAdvisor Mozilla Thunderbird Netcraft Toolbar NetProtector-web security Netscape Norton 360/ Internet Security PhishDetector an extension for Google Chrome PhishTank SiteChecker PineApp Mail-SeCure Quick Heal Windows Mail, [with WOT extensions]
Service-based anti-phishing programs Area 1 Security Google Safe Browsing API Mimecast Targeted Threat Protection OpenDNS PhishTank Votiro Webroot Real-time Anti-Phishing API Anti-Phishing Working Group
Incident response (IR) for Individuals (Local law of the nation/region applies- below information is applicable for India) Each sort of loss has its own strategy to be worked-out for solution. Below discussion applies to “card/credentials/monetary loss” although some of it can be applicable to other sort of “loss” too. • Banking: It's banks' discretion to report. While one bank may provide data for all such cases, another might only report those that are only proven. If a customer falls prey to a “fraud”, the onus is on him to prove it wasn't his mistake. Banks do not take responsibility. Though RBI believes the primary responsibility of preventing fraud lies with banks; it has done little to shift the onus of investigation from customers to banks. • Immediately block the card and/or temporarily freeze the account if needed. Give details of amount debited. Get a reference number. • For online fraud, approach cyber cell and file a complaint. Ref: http://cybercrimecomplaints.com/
Incident response (IR) for Individuals (Local law of the nation/region applies- below information is applicable for India) • For other fraud, lodge a complaint with nearest police station. • Send a legal notice to the bank, asking to preserve original records and camera footages. • It is currently an unfortunate situation that the customer has to preserve all evidence of the phishing. This includes proof of the fabricated email/website etc. Basic forensic evidence collected from disk like cookies and logs etc will help. Look up to an expert for the same. Also refer next topic “IR for IT” on some techniques that individuals too can follow. • Maintain written communication with bank’s nodal officer. • If bank dismisses your case, approach ombudsman in 30 days. • If aggrieved by ombudsman’s decision, approach the appellate authority, an RBI deputy governor. In India, the Ombudsman is known as the Lokpal or Lokayukta. These are functionally, state-wise setups. • Follow up with police. Take the case to court if no progress for a month.
Incident response (IR) for IT professionals (adopted from Wombat Security blog & Paladion networks) [^] Activate IR procedures:- Fail-over/Back-up protocol, Identify origin of attack, magnitude of impact – damage and costs, recovery of systems etc. [^] Obtain full email headers to backtrack the path of attack. [^] Mine the web for threat intelligence – Run the suspicious URLs in a sandbox (Virustotal.com/IPVoid.com etc.). [^] Talk to the victim(s). [^] Set security perimeter's filters. [^] Search system-internal logs – Firewall,DNS, DHCP logs etc., Use Splunk or Elasticsearch/Logstash/Kibana(ELK). [^] Review proxy or outbound logs – Proxies like BlueCoat, Websense etc to mine IP addresses
Incident response (IR) for IT professionals (adopted from Wombat Security blog & Paladion networks) [^] Review mail server logs. [^] Plan for log retaining. [^] Reset account credentials and other settings. [^] Review the systems for any persistent threats [^] Train the users and set plan for awareness. [^] Actively feed wrong data to phishing site for temporary obfuscation of critical data acquired through phishing. [^] Bring down the phishing site. [^] Review authentication mechanism introduce multi-factor authentication scheme (MFA)
CyberSafe [Canada] [3:07 mins]
Spear Phishing [2:53 mins] [Office of the Director of National Intelligence]
Bibliography [x] Pat Cain's Phishing seminar [x] Phishing attacks - Dr. Neminath Hubballi [IIT Indore]Dr. Neminath Hubballi [IIT Indore] [x] https://en.wikipedia.org/wiki/Phishing [x] https://en.wikipedia.org/wiki/Anti-phishing_software [x] Anti-phishing security strategy – Angelo Rosiello (Black- Hat) [x] https://paladion.net/ [x] https://www.wombatsecurity.com/ [x] AWPG – Anti-phishing best practices
Q & A
Thank You

Recommended

Intro phishing
Intro phishingIntro phishing
Intro phishing
Sayali Dayama
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
Sachin Saini
 
Anti phishing
Anti phishingAnti phishing
Anti phishing
Shethwala Ridhvesh
 
Phishing
PhishingPhishing
PhishingSyahida
 
Phishing
PhishingPhishing
Phishing
oitaoming
 
ICT-phishing
ICT-phishingICT-phishing
ICT-phishingMH BS
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharks
Nalneesh Gaur
 
Phishing
PhishingPhishing
Phishing
Syeda Javeria
 

Recommended

Intro phishing
Intro phishingIntro phishing
Intro phishing
Sayali Dayama
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
Sachin Saini
 
Anti phishing
Anti phishingAnti phishing
Anti phishing
Shethwala Ridhvesh
 
Phishing
PhishingPhishing
PhishingSyahida
 
Phishing
PhishingPhishing
Phishing
oitaoming
 
ICT-phishing
ICT-phishingICT-phishing
ICT-phishingMH BS
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharks
Nalneesh Gaur
 
Phishing
PhishingPhishing
Phishing
Syeda Javeria
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Security
anjuselina
 
Phishing attack
Phishing attackPhishing attack
Phishing attack
Raghav Chhabra
 
PHISHING PROJECT REPORT
PHISHING PROJECT REPORTPHISHING PROJECT REPORT
PHISHING PROJECT REPORTvineetkathan
 
Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark World
Avishek Datta
 
Phishing
PhishingPhishing
Phishing
Arpit Patel
 
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Er. Rahul Jain
 
Phishing technology
Phishing technologyPhishing technology
Phishing technologyPreeti Papneja
 
Phishing
PhishingPhishing
Phishing
SouganthikaSankaresw
 
Phishing
PhishingPhishing
Phishing
Jayaseelan Vejayon
 
Phishing exposed
Phishing exposedPhishing exposed
Phishing exposedtamfin
 
Phishing Attack : A big Threat
Phishing Attack : A big ThreatPhishing Attack : A big Threat
Phishing Attack : A big Threat
sourav newatia
 
Phishing attack till now
Phishing attack till nowPhishing attack till now
Phishing attack till now
elakkiya poongunran
 
Phishing
PhishingPhishing
PhishingKiran Patil
 
Introduction to phishing
Introduction to phishingIntroduction to phishing
Introduction to phishing
Raviteja Chowdary Adusumalli
 
Ict Phishing (Present)
Ict Phishing (Present)Ict Phishing (Present)
Ict Phishing (Present)aleeya91
 
A presentation on Phishing
A presentation on PhishingA presentation on Phishing
A presentation on Phishing
Creative Technology
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniques
Sushil Kumar
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
harpinderkaur123
 
Phishing
PhishingPhishing
Phishing
Sagar Rai
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gtemi
 
Shiv seminar final
Shiv seminar finalShiv seminar final
Shiv seminar finalShivarajkumar Badiger
 
December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10
seadeloitte
 

More Related Content

What's hot

Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Security
anjuselina
 
Phishing attack
Phishing attackPhishing attack
Phishing attack
Raghav Chhabra
 
PHISHING PROJECT REPORT
PHISHING PROJECT REPORTPHISHING PROJECT REPORT
PHISHING PROJECT REPORTvineetkathan
 
Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark World
Avishek Datta
 
Phishing
PhishingPhishing
Phishing
Arpit Patel
 
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Er. Rahul Jain
 
Phishing
PhishingPhishing
Phishing
SouganthikaSankaresw
 
Phishing
PhishingPhishing
Phishing
Jayaseelan Vejayon
 
Phishing exposed
Phishing exposedPhishing exposed
Phishing exposedtamfin
 
Phishing Attack : A big Threat
Phishing Attack : A big ThreatPhishing Attack : A big Threat
Phishing Attack : A big Threat
sourav newatia
 
Phishing attack till now
Phishing attack till nowPhishing attack till now
Phishing attack till now
elakkiya poongunran
 
Introduction to phishing
Introduction to phishingIntroduction to phishing
Introduction to phishing
Raviteja Chowdary Adusumalli
 
Ict Phishing (Present)
Ict Phishing (Present)Ict Phishing (Present)
Ict Phishing (Present)aleeya91
 
A presentation on Phishing
A presentation on PhishingA presentation on Phishing
A presentation on Phishing
Creative Technology
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniques
Sushil Kumar
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
harpinderkaur123
 
Phishing
PhishingPhishing
Phishing
Sagar Rai
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gtemi
 

What's hot (20)

Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Security
 
Phishing attack
Phishing attackPhishing attack
Phishing attack
 
PHISHING PROJECT REPORT
PHISHING PROJECT REPORTPHISHING PROJECT REPORT
PHISHING PROJECT REPORT
 
Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark World
 
Phishing
PhishingPhishing
Phishing
 
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Phishing
PhishingPhishing
Phishing
 
Phishing
PhishingPhishing
Phishing
 
Phishing exposed
Phishing exposedPhishing exposed
Phishing exposed
 
Phishing Attack : A big Threat
Phishing Attack : A big ThreatPhishing Attack : A big Threat
Phishing Attack : A big Threat
 
Phishing attack till now
Phishing attack till nowPhishing attack till now
Phishing attack till now
 
Phishing
PhishingPhishing
Phishing
 
Introduction to phishing
Introduction to phishingIntroduction to phishing
Introduction to phishing
 
Ict Phishing (Present)
Ict Phishing (Present)Ict Phishing (Present)
Ict Phishing (Present)
 
A presentation on Phishing
A presentation on PhishingA presentation on Phishing
A presentation on Phishing
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniques
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Phishing
PhishingPhishing
Phishing
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
 

Similar to Strategies to handle Phishing attacks

December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10
seadeloitte
 
Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing Tools
IRJET Journal
 
Phishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresPhishing: Analysis and Countermeasures
Phishing: Analysis and Countermeasures
IRJET Journal
 
Phishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresPhishing: Analysis and Countermeasures
Phishing: Analysis and Countermeasures
IRJET Journal
 
Phishing attack types and mitigation strategies
Phishing attack types and mitigation strategiesPhishing attack types and mitigation strategies
Phishing attack types and mitigation strategies
Sarim Khawaja
 
Modern phishing-techniques
Modern phishing-techniquesModern phishing-techniques
Modern phishing-techniques
Farkhad Badalov
 
Improving Phishing URL Detection Using Fuzzy Association Mining
Improving Phishing URL Detection Using Fuzzy Association MiningImproving Phishing URL Detection Using Fuzzy Association Mining
Improving Phishing URL Detection Using Fuzzy Association Mining
theijes
 
IP management on the interent
IP management on the interentIP management on the interent
IP management on the interent
Craig Dsouza
 
Exploring And Investigating New Dimensions In Phishing
Exploring And Investigating New Dimensions In PhishingExploring And Investigating New Dimensions In Phishing
Exploring And Investigating New Dimensions In Phishing
Muhammad Haroon CISM PCI QSA ISMS LA CPTS CEH
 
Phishing.pdf
Phishing.pdfPhishing.pdf
Phishing.pdf
MariGogokhia
 
Intelligent Phishing Website Detection and Prevention System by Using Link Gu...
Intelligent Phishing Website Detection and Prevention System by Using Link Gu...Intelligent Phishing Website Detection and Prevention System by Using Link Gu...
Intelligent Phishing Website Detection and Prevention System by Using Link Gu...
IOSR Journals
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing Attacks
SysCloud
 
Phishing 101 General Course
Phishing 101 General CoursePhishing 101 General Course
Phishing 101 General Course
Aaron Keating
 
The Evolution of Phising Attacks
The Evolution of Phising AttacksThe Evolution of Phising Attacks
The Evolution of Phising Attacks
Bee_Ware
 
A Review on Antiphishing Framework
A Review on Antiphishing FrameworkA Review on Antiphishing Framework
A Review on Antiphishing Framework
IJAEMSJORNAL
 
CYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_ReportCYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_ReportChris Taylor
 
Ethical Hacking and Cyber Security
Ethical Hacking and Cyber SecurityEthical Hacking and Cyber Security
Ethical Hacking and Cyber Security
Neeraj Negi
 
Sip 140208055023-phpapp02
Sip 140208055023-phpapp02Sip 140208055023-phpapp02
Sip 140208055023-phpapp02mark scott
 

Similar to Strategies to handle Phishing attacks (20)

Shiv seminar final
Shiv seminar finalShiv seminar final
Shiv seminar final
 
December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10
 
Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing Tools
 
Phishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresPhishing: Analysis and Countermeasures
Phishing: Analysis and Countermeasures
 
Phishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresPhishing: Analysis and Countermeasures
Phishing: Analysis and Countermeasures
 
Web spoofing (1)
Web spoofing (1)Web spoofing (1)
Web spoofing (1)
 
Phishing attack types and mitigation strategies
Phishing attack types and mitigation strategiesPhishing attack types and mitigation strategies
Phishing attack types and mitigation strategies
 
Modern phishing-techniques
Modern phishing-techniquesModern phishing-techniques
Modern phishing-techniques
 
Improving Phishing URL Detection Using Fuzzy Association Mining
Improving Phishing URL Detection Using Fuzzy Association MiningImproving Phishing URL Detection Using Fuzzy Association Mining
Improving Phishing URL Detection Using Fuzzy Association Mining
 
IP management on the interent
IP management on the interentIP management on the interent
IP management on the interent
 
Exploring And Investigating New Dimensions In Phishing
Exploring And Investigating New Dimensions In PhishingExploring And Investigating New Dimensions In Phishing
Exploring And Investigating New Dimensions In Phishing
 
Phishing.pdf
Phishing.pdfPhishing.pdf
Phishing.pdf
 
Intelligent Phishing Website Detection and Prevention System by Using Link Gu...
Intelligent Phishing Website Detection and Prevention System by Using Link Gu...Intelligent Phishing Website Detection and Prevention System by Using Link Gu...
Intelligent Phishing Website Detection and Prevention System by Using Link Gu...
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing Attacks
 
Phishing 101 General Course
Phishing 101 General CoursePhishing 101 General Course
Phishing 101 General Course
 
The Evolution of Phising Attacks
The Evolution of Phising AttacksThe Evolution of Phising Attacks
The Evolution of Phising Attacks
 
A Review on Antiphishing Framework
A Review on Antiphishing FrameworkA Review on Antiphishing Framework
A Review on Antiphishing Framework
 
CYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_ReportCYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_Report
 
Ethical Hacking and Cyber Security
Ethical Hacking and Cyber SecurityEthical Hacking and Cyber Security
Ethical Hacking and Cyber Security
 
Sip 140208055023-phpapp02
Sip 140208055023-phpapp02Sip 140208055023-phpapp02
Sip 140208055023-phpapp02
 

Recently uploaded

Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 

Recently uploaded (20)

Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 

Strategies to handle Phishing attacks

  • 1. d DATE: 4th March, 2017 Venue: Hotel Grand Regent (Coimbatore)
  • 2. [- AGENDA -] [x] Overview of Phishing. [x] Types of Phishing. [x] What Phishing is not? [x] Techniques of Phishing. [x] Phishing information flow. [x] Phishing attack life cycle and taxonomy. [x] Anti-phishing efforts (Community & Commercial). [x] Detection, Prevention and Incident response. [x] Educational videos. [x] Bibliography.
  • 3. [^] Phishing is an attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. [- Overview of Phishing -] [^] Phishing is typically carried out by email spoofing or instant messaging. [^] It presents a fake website that has almost the same look-and-feel of the original. It directs the user to enter sensitive information. [^] Communications purporting to be from social web sites, auction sites, banks, online payment processors or IT administrators are often used to lure victims. [^] Phishing can also be achieved by tricking a victim into installing a malware with the intention of gaining sensitive information. However one or more malware may also corrupt data. [^] According to the 3rd Microsoft Computing Safer Index Report released in February 2014, the annual worldwide impact of phishing could be as high as $5 billion.
  • 4. [^] Spear phishing:- Phishing attempts directed at specific individuals or companies have been termed spear phishing. Attackers may gather personal information about their target to increase their probability of success. This technique is, by far, the most successful on the internet today, accounting for 91% of attacks. [^] Clone phishing:- Clone phishing is a type of phishing attack whereby a legitimate, and previously delivered,email containing an attachment or link has had its content and recipient address(es) taken and used to create an almost identical or cloned email. The attachment or link within the email is replaced with a malicious version and then sent from an email address spoofed to appear to come from the original sender. It may claim to be a re-send of the original or an updated version to the original. This technique could be used to pivot (indirectly) from a previously infected machine and gain foothold on another machine, by exploiting the social trust associated with the inferred connection due to both parties receiving the original email. Types of phishing
  • 5. 5 [^] Whaling :- - Several phishing attacks have been directed specifically at senior executives and other high-profile targets within businesses, and the term whaling has been coined for these kinds of attacks. - In the case of whaling, the masquerading web page/email will take a more serious executive-level form. The content will be crafted to target an upper manager and the person's role in the company. - The content of a whaling attack email is often written as a legal subpoena,customer complaint, or executive issue. Whaling scam emails are designed to masquerade as a critical business email, sent from a legitimate business authority. The content is meant to be tailored for upper management,and usually involves some kind of falsified company-wide concern. Whaling “phishermen” have also forged official-looking FBI subpoena emails, and claimed that the manager needs to click a link and install special software to view the subpoena. Types of phishing
  • 6. Click What Phishing is not? add title [^] Firstly Phishing is different from “Fraud” because it combines: - Social Engineering - Phishing exploits individuals’ vulnerabilities to dupe victims into acting against their own interests. - Automation - Computers are used to carry out phishing attacks on a massive scale. - Electronic Communication - Phishers use electronic communications networks (primarily the Internet). - Impersonation - A phishing attack requires perpetrators to impersonate a legitimate firm or government agency. [^] Non-Phishing examples:- - Internet-based worms (attacks) - Virus-email (attacks) - Relatives stealing your wallet (identity theft) - Spam
  • 7. Techniques of Phishing [^] Link manipulation:- Link manipulation is done by at least four methods as understood currently - Misspelled URLs – The hacker takes a domain that has a name quite similar to some legitimate domain name. Example:- www.citihank.com - Sub-domains – Many links on a portal/website redirect traffic to sub-domains Example:(legit) support.microsoft.com. It is easy for the hacker to craft a URL to confuse the user Example:- (Illicit) microsoft.secuvity.com. While it looks like “secuvity” is some sub-domain of Microsoft, it is actually a trickery. The “Microsoft” word is resolved in the “secuvity” domain (not the other way) which might be the hacker-owned domain. - HTML anchor tag manipulation – The <A> is a tag that belongs to HTML. It is what helps us to put links on web pages. However a hacker can show some legitimate text to the user as a destination URL while internally it takes a malefic route. Example: <a href=”www.badhacker.com”>www.indiatimes.com</a> - IDN spoofing/Homograph attack – Since the internet (software) has to support different languages even domain names and URLs can have characters of different languages. A hacker can replace a similar-looking alphabet (Homoglyph but sometimes called Homograph) belonging to a different language in the domain name and acquire a separate domain name that looks similar to something existing. For example the Cyrillic “Ё” can be used in place of an English “E”.
  • 8. Techniques of Phishing [^] Filter evasion:- Since phishing filters rely mostly on characters in phishing emails, hackers have started using images, clicking which the user is directed to the malefic site. Anti-phishing filters are emerging that can now counter-attack these cases. [^] Website forgery:- - After a user enters a phishing site, the hacker, further, uses JavaScript commands to fake the web address by super-imposing images. - Hackers have used Cross-site scripting (XSS) attacks against well known payment sites to force the user to enter his/her login credentials. XSS exploits the existing source script and injects malefic code which the user's browser (script engine) executes unknowingly. - Prevalence of “kits” like the notorious MITM phishing kit (2007) helps design fake websites, that can capture login details, easily. - PHLASHING - To counter-attack anti-phishing technology, hackers have started using “FLASH” based objects in their website. This way all graphics including text and graphics are “sand-boxed”.
  • 9. Techniques of Phishing [^] Open & Covert redirect :- URL redirection is a productive functionality that helps a webpage to redirect a page request to another page. However the same can be exploited if appropriate validation is not being done by the webpage (code) when it redirects the user to a page as per user input. Such an option is termed as open-redirect and the attack itself is called open-redirect attack. Example:- http://example.com/example.php?url=http://malicious.example.com A covert-redirect happens because of the overconfidence one party has on its partner when it redirects to the partner. But this also exploits the fact that the partner website is vulnerable to the open-redirect attack. Example:- Facebook logins are allowed in few “partner” websites. A hacker can misuse this and provide partner's domain in the request which Facebook will respond with an “login and authorize” fashion. Once this login is successful the hacker will use a open redirect attack vulnerability to transfer the user to the malicious site. In the interim the attacker would probably even get full control on the user account. Several well-known websites are prone to this attack. [^] VISHINGVISHING or phone-phishing is where fake message claim to dial back onto specific numbers. These callback-numbers have automated-request for account number and PIN. Thereby the hacker gets the user credentials.
  • 10. Phishing information flow Three componentsThree components Mail senderMail sender: sends large: sends large volume of fraudulent emails.volume of fraudulent emails. CollectorCollector: collect sensitive: collect sensitive information from users.information from users. CasherCasher: use the collected: use the collected sensitive information to en-sensitive information to en- cash.cash.
  • 11. Phishing attack life-cycle [^] Planning:- Whom to attack, what/how to steal, what ruse to use. [^] Setup:- Creates attack materials and “machinery” . [^] Attack:- [^] Collection:- Harvest credentials. [^] Fraud and abuse:- Trade, use or store credentials. [^] Post-attack:- a) Attacker clean-up and lessons learned. b) Victim clean-up.
  • 12.
  • 13. Anti-Phishing communities Among the various Anti-Phishing communities, below are two well known ones. The Anti-Phishing Working Group (APWG) is an international consortium that brings together businesses affected by phishing attacks, security products and services companies, law enforcement agencies, government agencies, trade association, regional international treaty organizations and communications companies. Founded in 2003 by David Jevans, the APWG has more than 3200+ members from more than 1700 companies and agencies worldwide. Member companies include leading security companies such as BitDefender, Symantec, McAfee, VeriSign, IronKey and Internet Identity. Financial Industry members include the ING Group, VISA, MasterCard and the American Bankers Association. PhishTank is an anti-phishing site.PhishTank was launched in October 2006 by entrepreneur David Ulevitch as an offshoot of OpenDNS. The company offers a community-based phish verification system where users submit suspected phishes and other users "vote" if it is a phish or not.PhishTank is used by Opera, WOT, Yahoo! Mail, McAfee, APWG, CMU, ST Benard, Mozilla, Kaspersky, Firetrust, Officer Blue, FINRA, Message Level, SURBL, Sanesecurity for ClamAV,Career Builder, Site Truth, Avira, C-SIRT, and by PhishTank SiteChecker. PhishTank data is provided gratis for download or for access via an API call, including for commercial use, under a restrictive license.
  • 16.
  • 17. Server-based solutions (Used by service providers – ISP, financial institutions) Brand monitoring - Crawling on-line to identify “clones” which are nothing but the phishing pages. Suspected websites are added to a centralized “Black-list”. Behavior detection - Study user behavior with some algorithms. Continue the study for a certain epoch. Subsequent transnational-behavior is validated against the recorded behavior. Security event monitoring - Security event analyses by way of correlation of security events generated as part of OS,network and device logging. Strong authentication - More than one factor authentication. This ensure loss of one factor doesn't completely result in an identify theft.
  • 18. Client-based solutions (Browser plugins and email clients) E-mail analysis – Bayes spam filtering with Hidden-Markov model based algorithms can be leveraged to detect even phishing. Black-list – Collection of URLs that are identified as malicious. Information flow – While a user could be tricked with obfuscated URLs the code flow itself cannot be cheated easily. The code path (and data being processed) can be analyzed to identify phishing. Similarity of layouts – Advanced techniques that analyze visual similarity between two web pages.
  • 19. Client-based anti-phishing programs Avast! Avira Premium Security Suite CryptoPhoto mutual authentication Cyscon Security Shield - browser extension for Firefox Earthlink ScamBlocker (discontinued) eBay Toolbar ESET Smart Security GeoTrust TrustWatch Google Safe Browsing (used in Mozilla Firefox, Google Chrome, Opera, Safari, and Vivaldi) SmartScreen Filter (used in Microsoft Edge and Internet Explorer)
  • 20. Client-based anti-phishing programs Kaspersky Internet Security McAfee SiteAdvisor Mozilla Thunderbird Netcraft Toolbar NetProtector-web security Netscape Norton 360/ Internet Security PhishDetector an extension for Google Chrome PhishTank SiteChecker PineApp Mail-SeCure Quick Heal Windows Mail, [with WOT extensions]
  • 21. Service-based anti-phishing programs Area 1 Security Google Safe Browsing API Mimecast Targeted Threat Protection OpenDNS PhishTank Votiro Webroot Real-time Anti-Phishing API Anti-Phishing Working Group
  • 22. Incident response (IR) for Individuals (Local law of the nation/region applies- below information is applicable for India) Each sort of loss has its own strategy to be worked-out for solution. Below discussion applies to “card/credentials/monetary loss” although some of it can be applicable to other sort of “loss” too. • Banking: It's banks' discretion to report. While one bank may provide data for all such cases, another might only report those that are only proven. If a customer falls prey to a “fraud”, the onus is on him to prove it wasn't his mistake. Banks do not take responsibility. Though RBI believes the primary responsibility of preventing fraud lies with banks; it has done little to shift the onus of investigation from customers to banks. • Immediately block the card and/or temporarily freeze the account if needed. Give details of amount debited. Get a reference number. • For online fraud, approach cyber cell and file a complaint. Ref: http://cybercrimecomplaints.com/
  • 23. Incident response (IR) for Individuals (Local law of the nation/region applies- below information is applicable for India) • For other fraud, lodge a complaint with nearest police station. • Send a legal notice to the bank, asking to preserve original records and camera footages. • It is currently an unfortunate situation that the customer has to preserve all evidence of the phishing. This includes proof of the fabricated email/website etc. Basic forensic evidence collected from disk like cookies and logs etc will help. Look up to an expert for the same. Also refer next topic “IR for IT” on some techniques that individuals too can follow. • Maintain written communication with bank’s nodal officer. • If bank dismisses your case, approach ombudsman in 30 days. • If aggrieved by ombudsman’s decision, approach the appellate authority, an RBI deputy governor. In India, the Ombudsman is known as the Lokpal or Lokayukta. These are functionally, state-wise setups. • Follow up with police. Take the case to court if no progress for a month.
  • 24. Incident response (IR) for IT professionals (adopted from Wombat Security blog & Paladion networks) [^] Activate IR procedures:- Fail-over/Back-up protocol, Identify origin of attack, magnitude of impact – damage and costs, recovery of systems etc. [^] Obtain full email headers to backtrack the path of attack. [^] Mine the web for threat intelligence – Run the suspicious URLs in a sandbox (Virustotal.com/IPVoid.com etc.). [^] Talk to the victim(s). [^] Set security perimeter's filters. [^] Search system-internal logs – Firewall,DNS, DHCP logs etc., Use Splunk or Elasticsearch/Logstash/Kibana(ELK). [^] Review proxy or outbound logs – Proxies like BlueCoat, Websense etc to mine IP addresses
  • 25. Incident response (IR) for IT professionals (adopted from Wombat Security blog & Paladion networks) [^] Review mail server logs. [^] Plan for log retaining. [^] Reset account credentials and other settings. [^] Review the systems for any persistent threats [^] Train the users and set plan for awareness. [^] Actively feed wrong data to phishing site for temporary obfuscation of critical data acquired through phishing. [^] Bring down the phishing site. [^] Review authentication mechanism introduce multi-factor authentication scheme (MFA)
  • 27. Spear Phishing [2:53 mins] [Office of the Director of National Intelligence]
  • 28. Bibliography [x] Pat Cain's Phishing seminar [x] Phishing attacks - Dr. Neminath Hubballi [IIT Indore]Dr. Neminath Hubballi [IIT Indore] [x] https://en.wikipedia.org/wiki/Phishing [x] https://en.wikipedia.org/wiki/Anti-phishing_software [x] Anti-phishing security strategy – Angelo Rosiello (Black- Hat) [x] https://paladion.net/ [x] https://www.wombatsecurity.com/ [x] AWPG – Anti-phishing best practices
  • 29. Q & A