280 likes | 601 Views
Spam / Phishing. Björn Bittins Sebastian Kühnau FHTW-Berlin. Structure. Spam (Sebastian) Definition History Types Counteraction Damage Facts Summary. Phishing (Björn) Definition History Types Counteraction Damage Facts Summary. Spam. Definition of SPAM.
E N D
Spam / Phishing Björn Bittins Sebastian Kühnau FHTW-Berlin
Structure • Spam (Sebastian) • Definition • History • Types • Counteraction • Damage • Facts • Summary • Phishing (Björn) • Definition • History • Types • Counteraction • Damage • Facts • Summary
Spam Björn Bittins Sebastian Kühnau
Definition of SPAM massmail, not personal addressed, unwanted (commercial) content „recipient's personal identity and context are irrelevant because the message is equally applicable to many other potential recipients“www.spamhaus.org Björn Bittins Sebastian Kühnau
History spam: trademark for canned meat (spiced ham) word first used in a Monty Python sketch first spam mail in 1978:Digital Equipment Corp. sent commercial to 400users of ARPANET Björn Bittins Sebastian Kühnau
Types • UBE (unsolicited bulk email) • UCE (unsolicited commercial email) • collateral spam • forum-spam • index spamming, wiki spam, spam over mobile phone (Spom) • phishing mails own type of spam for every type of communication channel Björn Bittins Sebastian Kühnau
Counteraction • on user site: • using disposable mail adresses • post no mail adresses on public boards trash-mail.com • on blog/wiki operator site • using „captchas“ for posting messages • on mail server operator site • black-/white-/greylisting • using a secure configuration (no open relay) Björn Bittins Sebastian Kühnau
General counteraction changes in protocols (SMTP) legal basic conditions (laws) use of spam filters (bayes filter) Björn Bittins Sebastian Kühnau
Damage Björn Bittins Sebastian Kühnau financial loss (for provider/receiver) loss of time / productivity slowdown of mail traffic / breakdown of server spam filters are needed
Facts / Statistics www.spam-filter-review.toptenreviews.com/spam-statistics.html www.spamhaus.org/statistics/countries.lasso Björn Bittins Sebastian Kühnau
more Facts / Statistics - 2006 www.computerbase.de Björn Bittins Sebastian Kühnau
Summary Björn Bittins - FHTW Spam / Phishing unwanted mail, without preexisting relationship almost every communication channel has it‘s own type of spam counteraction: on user/operator site causes damage in many areas
Phishing Björn Bittins - FHTW Spam / Phishing
Definition of phishing Björn Bittins - FHTW Spam / Phishing neogolism for password fishing getting confidential personal information from a user by pretending to be a serious provider (e.g. bank, eBay)
History of phishing Björn Bittins - FHTW Spam / Phishing 1990‘s: AOL accounts were stolen to share illegal content (warez) 2001: first known phishing attack against payment service (E-gold) since 2004: phishing is recognized as fully industrialized part of crime scene
Types / Functionality Björn Bittins - FHTW Spam / Phishing • email phishing • sending mails that look trustworthy to user • “man in the middle” – attack • uses trojan horses to intercept personal information
Types / Functionality Bjoern Bittins Sebastian Kuehnau
Types / Functionality Björn Bittins - FHTW Spam / Phishing • email phishing • sending mails that look trustworthy to user • “man in the middle” – attack • uses trojan horses to intercept personal information
Types / Functionality Bjoern Bittins Sebastian Kuehnau
Counteraction / Protection Björn Bittins - FHTW Spam / Phishing • phishing filter • compares website with a black list • senses typical criteria of phishing mails • avoid clicking on links from untrustworthy sources • be sensible in publishingprivate data
Counteraction / Protection Bjoern Bittins Sebastian Kuehnau
Damage Björn Bittins - FHTW Spam / Phishing • wide range of damage possible • denial of access to mail account • identitytheft (used to commit crime) • financial loss • US 04-05: 1.2 mio user suffered loss of $ 929mio • UK losses by bank fraud (mostly phishing) • 2004: £ 12.2mio 2005: £ 23.2mio • Forrester survey (2005) • “trillion dollar problem”
Facts / Statistics Björn Bittins - FHTW Spam / Phishing 2004: one in every 943 mails 2005: one in every 304 mails
Facts / Statistics 2 origin of phishing attacks Björn Bittins - FHTW Spam / Phishing
Summary Björn Bittins - FHTW Spam / Phishing getting confidential personal information email phishing / “man in the middle” – attacks amount of phishing attacks grows phishing filter / user awareness wide range of damage
The End Questions? Björn Bittins - FHTW Spam / Phishing
Sources http://www.forrester.com http://www.bsi.de http://www.spamhaus.org http://www.spampolitik.de http://en.wikipedia.org Björn Bittins - FHTW Spam / Phishing