1 / 14

Phishing Problem

Phishing Problem. Kristi án Kučerák Milan Just. Abstract.

alexis
Download Presentation

Phishing Problem

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Phishing Problem Kristián Kučerák Milan Just

  2. Abstract In this age of broadband, wireless, and network interconnectivity, we enjoy the unprecedented power ofinformation exchange and commerce at our fingertips. Networks and systems are continuously evolving tobecome more robust, thereby maximizing our convenience and productivity – 24 hours a day, seven days aweek. Over the last few years, online banking, including online bill paying, has become very popular as morefinancial institutions begin to offer free online services.With the increase in online fraud and identity theft,financial crimes have changed from direct attacks to indirect attacks—in other words, rather than robbing a bankat gunpoint, the criminals target the bank's customers. This type of indirect attack significantly impacts thefinancial institutions themselves because their inability to adequately protect their customer assets tarnishestheir reputations and overall trust.

  3. Spam Classification • Spam organization • Bulk-mailing tool identification. Identification of unique mailing attributes found in the e-mail header. • Feature subsets Items such as hash busters, (format and location), content attributes (spelling errors, grammar), and unique feature subsets from the bulk-mailing tool. • Sending methods • Classification techniques • Unsolicited commercial e-mail (UCE) • Nonresponsive commercial e-mail (NCE) • List makers • Scams (Phishing)

  4. Cyber Crime Evolution

  5. What is Phishing ? • Gather private information (credit card information, bank account passwords • First Phishing reported against financial institution in July 2003 • It introduced a new class of attack vektor – overlooked human element

  6. Phishing Statistics • Phishers are refining their e-mail techniques • Phishers of 2005 build their own PHP bulk-mailing • Phishers are becoming more technically savvy • Phishers are taking advantage of Cross-Site Scripting (XSS) vulnerabilities • Phishers are refining their key-logging malware

  7. Go Phish! Most popular phishing methods : • Impersonating Attack • Forwarding Attack • Pop-up Attack

  8. Impersonating Attack

  9. Forwarding Attack

  10. Popup Attack

  11. Harvesting e-mail Addresses • 86 percent of the e-mail addresses posted to Web pagesreceive spam (@ sign) • the majority ofspammers and phishers use bots or crawlers (www.bestextractor.com) • Extract Link, Whois Extractor, List Monitor, Email Verifier

  12. Sending Spam/Phish Two competing popular bulk mailers: • Send-Safe ( “real anonymous mailer”, was authored by Ruslan Ibragimov – author of Sobig Virus ) • Dark-Mailer ( easy of use, forging headers, sending roughly 500,000 e-mails per hour, supports HTTP and SOCKS proxies )

  13. Conclusion • Significant and growing problem • A lot of antiphishing vendors – be careful • “secure by marketing” – campaing just to get sales • Good idea product evaluated by a professional security team

  14. Thank you for your attention Any questions ???

More Related