SEMINAR

ON

INTRODUCTION TO PHISHING

BY:

– SAYALI DAYAMA

◦ SEMINAR GUIDE :

MRS. SWATI SHIRSATH 1

How To Protect Yourself

Additional Credits: Educause/SonicWall, Hendra Harianto Tuty, Microsoft Corporation, some images from Anti-Phishing Workgroup’s Phishing Archive,Carnegie Mellon CyLab

2

Recognize Phishing Scams and Fraudulent E-mails

• Phishing is a type of deception designed to steal your valuable personal data, such as credit card numbers, passwords, account data, or other information.

• Con artists might send millions of fraudulent e-mail messages that appear to come from Web sites you trust, like your bank or credit card company, and request that you provide personal information.

3

Phreaking + Fishing = Phishing- Phreaking = making phone calls for free back in 70’s- Fishing = Use bait to lure the target

Phishing in 1995Target: AOL usersPurpose: getting account passwords for free timeThreat level: lowTechniques: Similar names ( www.ao1.com for www.aol.com ), social engineering

Phishing in 2001Target: Ebayers and major banksPurpose: getting credit card numbers, accountsThreat level: mediumTechniques: Same in 1995, keylogger

Phishing in 2007

Target: Paypal, banks, ebay

Purpose: bank accounts

Threat level: high

Techniques: browser vulnerabilities, link obfuscation

History of Phishing

4

• 2,000,000 emails are sent• 5% get to the end user – 100,000 (APWG)• 5% click on the phishing link – 5,000 (APWG)• 2% enter data into the phishing site –100 (Gartner)• $1,200 from each person who enters data (FTC)• Potential reward: $120,000

A bad day phishin’, beats a good day workin’

In 2005 David Levi made over $360,000 from 160 people using an eBay Phishing scam

5

People today prefer card payments as well as online shopping and ecommerce as the world is at fingertips! The number of incidents are rising at an alarming pace and its necessary to educate people about the what measures should be taken to avoid becoming a victim of such an attack.

6

• Over 28,000 unique phishing attacks reported in Dec. 2006, about double the number from 2005

• Estimates suggest phishing affected 2 million US citizens and cost businesses billions of dollars in 2005

• Additional losses due to consumer fears

Phishing: A Growing Problem

7

Customer unknowingly gives confidential details of credit card on the fake bank website after receiving the threat via mail of strict actions.

8

What Does a Phishing Scam Look Like?

• As scam artists become more sophisticated, so do their phishing e-mail messages and pop-up windows.

• They often include official-looking logos from real organizations and other identifying information taken directly from legitimate Web sites.

9

• Employ visual elements from target site• DNS Tricks:

–www.ebay.com.kr–www.ebay.com@192.168.0.5–www.gooogle.com–Unicode attacks

• JavaScript Attacks–Spoofed SSL lock

• Certificates–Phishers can acquire certificates for domains they own–Certificate authorities make mistakes

Current Phishing Techniques

10

• Socially aware attacks Mine social relationships from public data Phishing email appears to arrive from someone known to the victim Use spoofed identity of trusted organization to gain trust Urge victims to update or validate their account Threaten to terminate the account if the victims not reply Use gift or bonus as a bait Security promises

• Context-aware attacks“Your bid on eBay has won!”“The books on your Amazon wish list are on sale!”

Spear-Phishing: Improved Target Selection

11

Another Example:

12

But wait…

WHOIS 210.104.211.21:

Location: Korea, Republic Of

Even bigger problem:

I don’t have an account with US Bank!

Images from Anti-Phishing Working Group’s Phishing Archive

13

Link Guard works by analysing the differences between the visible link and the actual link. It also calculates the similarities of URI with a known trusted site. The algorithm is illustrated below. The following terminologies are used in the algorithm: v_link: visual link; a_link: actual link; v_dns: visual DNS name; a_dns: actual DNS name; sender_dns: sender’s DNS name;

14

15

a_link: actual link;v_link: visual link;a_dns: actual DNS name;v_dns: visual DNS name;sender_dns: sender DNS names.intLinkGuard (a_link,v_link){a_dns=GetDNSName(a_link);v_dns=GetDNSName(v_link);if ((a_dns and v_dns are both empty) and (a_dns ! = a_dns))return phishing;if (a_dns is dotted decimal)returnpossible_phishing;if (v_link or a_link is encoded){a_link2=decode(a_link);v_link2=decode(v_link);returnLinkGuard (v_link2, a_link2);}

if (v_dns is NULL)returnAnalyzeDNS(a_link);}intAnalyzeDNS(actual_link){if (actual_dns in blacklist)return PHISHING;if (actual_dns in whitelist)return NOTPHISHING;returnPatternMatchingactual_link);}intPatternMatching(actual_link){if(sender_dns and actual_dns are different)return POSSIBLE_PHISHING;for (each item prev_dns in seed_set){bv=Similarity (prev_dns,actual_link);if (bv==true)return POSSIBLE_PHISHING;}return NO_PHISHING;}float similarity(str,actual_link){if (str is part of actual_link)return=true;intmaxlen=the maximum stringlengths of str and actual_dns

intminchange=the minimum number of changes needed to transform str to actual_dns;if(thresh<(maxlen-minchange)/maxlen<1)return truereturn false;}

16

IMPLEMENTATION ENVIRONMENTA. Execution Setup Intel R core TM i3 processor-2310M CPU @2.10ghz main memory RAM 3GB operating system 64bits java development lit jdk 1.7.0B.Results and discussionsWhen we compare with both link guard algorithm and SHA algorithm. SHA algorithm has more time complexity and it hasless secure because it is having more storage capacity. Link guard algorithm has more secure and has less rounds.

17

Attributes   

Existingalgorithm

Proposed 

Name SHA Algorithm Link guardalgorithm

Security 90% 94%Data storage 513bytes 100bytesNumber ofphishing attacks  

5 3

Generation time 4milliseconds 3milliseconds

COMPARISON OF SHA AND LINK GUARD

18

Here are a few phrases to look for if you think an e-mail message is a phishing scam.

"Verify your account."Businesses should not ask you to send passwords, login names, Social Security numbers, or other personal information through e-mail. If you receive an e-mail from anyone asking you to update your credit card information, do not respond: this is a phishing scam.

"If you don't respond within 48 hours, your account will be closed."These messages convey a sense of urgency so that you'll respond immediately without thinking.

How To Tell If An E-mail Message is Fraudulent

19

20

How To Tell If An E-mail Message is Fraudulent (cont’d) "Dear Valued Customer."Phishing e-mail messages are

usually sent out in bulk and often do not contain your first or last name.

"Click the link below to gain access to your account."HTML-formatted messages can contain links or forms that you can fill out just as you'd fill out a form on a Web site. The links that you are urged to click may contain all or part of a real company's name and are usually "masked," meaning that the link you see does not take you to that address but somewhere different, usually a phony Web site.

Resting the mouse pointer on the link reveals the real Web address. The string of cryptic numbers looks nothing like the company's Web address, which is a suspicious sign.

21

Con artists also use Uniform Resource Locators (URLs) that resemble the name of a well-known company but are slightly altered by adding, omitting, or transposing letters.

For example, the URL "www.microsoft.com" could appear instead as:

www.micosoft.com www.mircosoft.com www.verify-microsoft.com

How To Tell If An E-mail Message is Fraudulent (cont’d)

22

Never respond to an email asking for personal information Always check the site to see if it is secure. Call the phone

number if necessary Never click on the link on the email. Retype the address in

a new window Keep your browser updated Keep antivirus definitions updated Use a firewall

P.S: Always shred your home documents before discarding them.23

24

25