phishing a practical case study. what is phishing? phishing involves fraudulently acquiring...
TRANSCRIPT
PhishingA practical case study
What is phishing?
• Phishing involves fraudulently acquiring sensitive information (e.g. passwords, credit card details etc) by masquerading as a trusted entity.
The sites
• www.noodlebank.com (i.e NOODLEBANK.com)
• www.nood1ebank.com (i.e NOOD1EBANK.com)
The real site
The spoofed email
The spoofing
• The link appears as
www.noodlebank.com (i.e NOODLEBANK.com)
• But actually it links to
www.nood1ebank.com (i.e NOOD1EBANK.com)
The fake site
The “steal”
• When Debasis entered his username-password at the spoofed website, the username-password was sent across to the criminal carrying out the phishing attack.
• In this case study the username-password is sent across to a spamavert email address so that it can be seen by everyone trying out this case study.
More examples…
• In this case study, the user was enticed with a misleading URL. Such urls can be created easily using simple html code such as:
<a href=http://www.nood1ebank.com>http://www.noodlebank.com</a>
• This link displays the correct url but on clicking takes the user to the spoofed url.
Using a url with an ip address
http://[email protected]
• This url does not lead to noodlebank.com, it leads to the website on the IP address 67.19.217.53
Using a split domain name
http://www.NOODLEBANK.com.securitycheck.secure-login.nood1ebank.com/login.asp
• This url does not lead to noodlebank.com, it leads to the spoofed website.
Using an obfuscated url
http://www.NOODLEBANK.com%00@%36%37%2e%31%39%2e%32%31%37%2e%35%33
• This url does not lead to noodlebank.com, it leads to the website on the IP address 67.19.217.53
Hex to ASCII converter
http://www.dolcevie.com/js/converter.html
Useful urls
• To try out the genuine website:http://www.noodlebank.com
• To try out the spoofed website:http://www.nood1ebank.com
• To see the usernames-passwords being “stolen”http://spamavert.com/mail.php?alias=noodlebank_com
Questions?