1 / 0

Phishing

Phishing. A Pretty Kettle of Phish Examining the Impact of Website Take-down on Phishing Presented by Meidanis Haris. Phishing is the practice of posting a deceptive message as part of an attempt at fraud and/or identity theft.

linore
Download Presentation

Phishing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Phishing

    A Pretty Kettle of Phish Examining the Impact of Website Take-down on Phishing Presented by MeidanisHaris
  2. Phishing is the practice of posting a deceptive message as part of an attempt at fraud and/or identity theft. The use of “ph” instead of “f” is probably influenced by the term “phreaking” (phone freaking). It is also referred as carding, hoax mail and spoofing
  3. A brief history of phishing Older e-mail scams : techniques such as pyramid schemes, lottery pyramids e.t.c existed before e-mail scams. Pump and Dump scams: designed to temporarily inflate the value of stock held by the scammer in order to deceive naïve investors.
  4. A brief history of phishing The eternal 419: took its name from the nigerian criminal code. It offers victims large sums of money, when victims respond they have to pay fees in advance. Commonly implemented by gangs for money gathering and money-laundering.
  5. Phresher Phish Changes in tone, targets and technology brought phishing attacks into much greater prominence. How does it work? Web sites constructed to resemble the genuine site. Pop up windows designed to appear when the real site is accessed.
  6. Phresher Phish How does it work? Deceptive links, disguised in various ways to resemble links to legitimate sites. Replication of the entire genuine site
  7. Phishing Attack Components Bait distribution Data collection Techniques used to increase efficacy
  8. Phishing Attack Components Bait distribution Usually phishing emails distributed by networks (botnets). These include disguised urls which link to deceptive sites . Phishing targets: organizations (ISPs), individuals, sites (Paypal, eBay), groups of people.
  9. Phishing Attack Components Data collection Usually interested in credit card data, bank account passwords, personal data… Using the previous methods collect this information to an anonymous drop box or using a scriptable bot that connects to a chat room for control and data transfer.
  10. Phishing Attack Components Techniques used to increase efficacy Phishing emails use techniques to evade detection technologies. Hash busters. Spam flagging words are split in html code using commends. Using white characters in white background.
  11. Phishing Attack Components Techniques used to increase efficacy Cousin Domains (www.ebaay.com instead of www.ebay.com) DNS spoofing (cache poisoning by exploiting a flaw in the DNS software, effective technique as it works even when the user directly enters the correct url into a browser)
  12. Solutions There is a number of collaborative groups (Anti-Phishing Working Group- APWG) that are working on this space. There is no single solution to the phishing problem.
  13. Solutions Technological solutions Web filtering Browser security plug-ins Malware management solutions DNS blacklisting Mutual authentication in banking activities as well as better policy in customer communications
  14. Solutions Prevention is better than cure! Detection technologies such as anti-phishing toolbars, firewalls, anti-virus and anti-spam technologies are highly recommended.
  15. Solutions Phish Education! Approach to end user education through quiz, questions and recognition tests in an attempt to raise consciousness about phishing issues. http://www.mysecurityplan.net/score/ http://www.mysecurityplan.com/quiz/
  16. Solutions What if you get caught out? The sooner you realize it the better! http://www.ftc.gov/bcp/edu/microsites/idtheft/
  17. Conclusion The phisher’s most potent weapon is the victim’s confusion about the nature of the problem. Banks and ISPs should improve their practice in their communications with their costumers. Never use email to answer/send personal identification information.
  18. Questions – Remarks?
  19. End of paper “A Pretty Kettle of Phish”
  20. Examining the Impact of Website Take-down on Phishing
  21. Main Idea Solution by removing the phishing sites from the internet. Examine the damage of phishing sites and how feasible and effective this solution can be.
  22. Phishing Mechanism Transmission of spam emails which include links (URLs) to websites under phisher’s control. Examples (URLS): http://www.bankname.example.com/ http://www.bankname.freehostsite.com/login
  23. Phishing Mechanism Spoof websites are hosted on free webspace where anyone can register and upload pages or they are placed on a compromised machine.
  24. Defence Phishing targets (banks, ISPs, etc) are conducting research to locate and take down phishing sites. Once a site is reported as malicious defenders will send a take-down request to the operator of the free space or to the relevant ISP in case of a compromised machine.
  25. Rock-Phish Attacks Rock-Phish allows a single website with multiple DNS names to host a variety of phishing webpages, covering several banks and companies. Uses unique URLs in the form http://{domain name}/r1/{letter}
  26. Fast-flux phishing domains Fast-flux is a technique used by phishers to maketheir sites more resillient to discovery and take-down. Compromised hosts are used as proxieswhile a single domainnameassosiatedwithnumerousIPs. TheseIPs are swappedfrequentlythroughchanging DNS records.
  27. Data collection Information was collected from PhishTank, a phishing-report collator. The PhishTank database records the URL that has been reported to them and the time of that report. Unfortunately it doesn’t provide information of when a site is removed.
  28. The concept The system fetches reports of phishing websites and when they discovered. Match the host name to the relevant IP and monitor this website through the reverse DNS process (this also helps to link together multiple IPs referring to the same site). They tested all of these sites on a continuous basis twice every hour.
  29. Rock-phish statistics Rock-phish attacks make up 52.6% of phishing attacks in the internet. The next figure shows the Rock-phish site activity per day.
  30. Rock-phish statistics
  31. Rock-phish statistics
  32. More statistics
  33. User responses
  34. User responses An average of 18 victims per site if the site is removed within one day of reporting. +8 victims for each day the site was online
  35. Cost estimation Only ordinary phishing sites account for an average of $160.4m annual loss ($572 per victim). 3.5 million Americans give away their details annually, which leads to an estimated cost of $2bn.
  36. Do weekends affect take down? The answer is no. Neither the fraction of phishing sites is bigger nor they last longer than those reported earlier in the week. Although it is impossible to tell if this estimation is because there are fewer sites appearing or fewer people looking for them.
  37. Comparing targets
  38. Countermeasures Reduce the availability of compromised hosts. Banks should improve their back-office controls to reduce phisher’s motive.
  39. Conclusion Phishing targets invest significant resources in removing phishing sites. Take-down technique hastens the fraudsters’ movement to create new sites. Although take-down action reduces the damage to a certain degree.
  40. End of presentation! Questions?
More Related