Internet vulnerabilities criminal activity
This presentation is the property of its rightful owner.
Sponsored Links
1 / 37

Internet Vulnerabilities & Criminal Activity PowerPoint PPT Presentation


  • 68 Views
  • Uploaded on
  • Presentation posted in: General

Internet Vulnerabilities & Criminal Activity. Phishing, Nigerian 419’s, & High-Yield Investment Programs (HYIP) 8.2 10/31/2011. Phishing.

Download Presentation

Internet Vulnerabilities & Criminal Activity

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Internet vulnerabilities criminal activity

Internet Vulnerabilities & Criminal Activity

Phishing, Nigerian 419’s, & High-Yield Investment Programs (HYIP)

8.2

10/31/2011


Phishing

Phishing

“The criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.”

(Wikipedia.org)


Why ph phishing history

Why ‘ph’ ? Phishing History

  • Original hackers

    • phone + freaks = phreakers

  • Term first used 1996

    • Coined by hackers who conned AOL users into divulging their passwords

    • ‘Phish’ = hacked account

  • Phish traded as currency among hackers by 1997


How phishing works

How Phishing Works

  • Victim receives an official looking e-mail from and ISP, online bank, or government agency

  • Victim advised he/she must validate or his/her information to prevent dire consequences

  • Victim clicks on provided link and is taken to a spoofed website

  • Victim asked to enter personal information to validate/update his/her account

    • User name, account number, credit card number, password, etc.


Phishing techniques

Phishing Techniques

  • Social engineering

    • “Subject: To restore access to your bank account..”

  • Link manipulation

    • Casual observation leads victim to believe the link in e-mail is to legitimate web page

  • Filter evasion

    • Use of images rather than text


Phishing techniques cont

Phishing Techniques cont.

  • Website forgery

    • Address bar forgery

    • Cross-scripting

    • Man-in-the-middle attacks

  • Phone phishing

    • Phone message apparently from bank has victim call phishers using VOIP

    • Vishing

  • Other techniques

    • Pop-up windows over legitimate bank sites


Spear phishing

Spear Phishing

  • An e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data

  • E-mail appears to come from a trusted source usually within one’s own company

  • Likely to be conducted by "sophisticated groups out for financial gain, trade secrets or military information.” NY Times

  • Overcomes normal suspicions


Rock phish

Rock Phish

  • No one really sure what it is

  • Wikipedia - phishing tool

  • Others - one of the most prominent phishing groups in operation

  • Techno-savvy

  • Specializes in European and U.S. financial institutions

  • Responsible for 1/3 to 1/2 of all phishing e-mails sent in any given day

  • Credit card fraud, money laundering


Rock phish demo

Rock Phish Demo

  • http://www.youtube.com/watch?v=6NviimO64qA


Phishing costs

Phishing Costs

  • $2.8 billion in 2006

  • $3.2 billion in 2007

  • $350 - $1244 per victim

  • Most cost born by financial institutions

  • Costs are dropping - $1.29 billion in 2010


Phishing in 2009

Phishing in 2009

APWG


Phishing laws

Phishing Laws

  • CAN SPAM Act

    • Controls conditions under which unsolicited commercial e-mail may be sent

  • Anti-phishing Act of 2004

    • Did not become law


Problems for law enforcement

Problems for Law Enforcement

  • Phishing web sites quickly move from one ISP to another

    • 7 different servers in 12 days

  • Average phishing web site active for only 54 hours

  • Web sites gone long before victim realizes he/she is a victim

  • Webs sites have global location


Phishing example

Phishing Example


Phishing example1

Phishing Example

URL - http://mail.opmcm.gov.np/locale/ar/LC_MESSAGES/online.lloydstsb.co.uk/customer.ibcWT.ac=hpIBlogon/

202.45.147.69 is from Nepal(NP) in region Southern and Eastern Asia


Pharming

Pharming

“Redirecting one web sites traffic to another web site.”


Nigerian 419 s

Nigerian 419’s

“An advance-fee fraud in which the target is persuaded to advance sums of money in the hope of realizing a significantly larger gain.”

(Wikipedia.org)


Nigerian 419 e mail scams

Nigerian 419 e-mail scams

  • Advanced Fee Fraud - (AFF)

  • 419 - Nigerian criminal code

  • Originated in early 1980’s as Nigerian oil profits declined

  • “One of Nigeria’s most important export industries”

  • Many variations


419 elements

419 Elements

  • Scammers use Internet Cafes / Spoofed web sites

  • “Official” sounding introduction and correspondence

  • Uses name of real individual

  • May use religious theme


419 elements cont

419 Elements cont.

  • Knows about a large sum of money that scammer cannot directly access

  • Victim offered 10% - 40% of money for assisting scammer

  • Victim asked to send money to assist scammer in accessing large fund

    • Amount asked for may be large, but not in comparison to promised portion

    • Funds transferred by untraceable wire transfer


419 elements cont1

419 Elements cont.

  • If victim is hooked, scammer will continue to ask for funds for various purposes

    • Once victim has invested in scam, he/she will feel the need to see the deal through

  • Victim may be scammed a second time by scammer pretending to be law enforcement or government official


Problems for law enforcement1

Problems for Law Enforcement

  • Anonymity

  • Jurisdiction

  • Untraceable wire transfer

  • Prosecutions by Nigerian government have become opportunities for bribery


Example recent 419 scam

Example Recent 419 Scam


High yield investment programs

High-Yield Investment Programs

“A type of Ponzi scheme, which is an investment scam that promises an unsustainably high return on investment by paying previous investors with the money invested by newcomers.”

(Wikipedia.org)


Ponzi scheme

Ponzi Scheme

Ponzi schemes are a type of illegal pyramid scheme named for Charles Ponzi, who duped thousands of New England residents into investing in a postage stamp speculation scheme back in the 1920s. Ponzi thought he could take advantage of differences between U.S. and foreign currencies used to buy and sell international mail coupons. Ponzi told investors that he could provide a 40% return in just 90 days compared with 5% for bank savings accounts. Ponzi was deluged with funds from investors, taking in $1 million during one three-hour period and this was 1921! Though a few early investors were paid off to make the scheme look legitimate, an investigation found that Ponzi had only purchased about $30 worth of the international mail coupons.


Hyip operators

HYIP Operators

  • Set up web site offering investments

  • Promised returns of 45% per month, 6% per day

  • No details offered on underlying investments

  • Incorporate in countries with lax investment laws

  • Web sites frequently infect visitors with malware


Hyip monitor sites

HYIP Monitor Sites

http://lifehyips.net/


Hyip web site

HYIP Web Site


Start your own hyip

Start Your Own HYIP


Hyip and us law

HYIP and US Law

  • HYIP is a fraud

  • Prosecution by the SEC - Security & Exchange Commission

  • Problems

    • Anonymity

    • Jurisdiction


  • Login