1 / 12

Phishing Attacks

Phishing Attacks. Internet Security Research Lab Brigham Young University by Jim Henshaw, Travis Leithead, Kent Seamons jph26@email.byu.edu, {travisl, seamons}@cs.byu.edu February 9, 2004. Deceptive login name. Actual URL. Trusted Server?.

cannonh
Download Presentation

Phishing Attacks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Phishing Attacks Internet Security Research LabBrigham Young UniversitybyJim Henshaw, Travis Leithead, Kent Seamons jph26@email.byu.edu, {travisl, seamons}@cs.byu.edu February 9, 2004

  2. Deceptive login name Actual URL Trusted Server? • Threat: Attacker fools the client into trusting the server • Typo pirates: • www.paypa1.com vs. www.paypal.com • HTTP URL login • http://www.trustedsite.com/~.../@hacker.org

  3. Trusted Server? • IE address bar URL spoofing flaw(announced Dec. 10, 2003 by Sam Greenhalgh)(patch available Feb. 2, 2004 from Microsoft) • http://microsoft.com[null character]@hacker.orgcauses browser to display • http://microsoft.com • Information on MS IE security patch: • http://support.microsoft.com/default.aspx?scid=834489 • Demonstration of address bar URL spoofing • http://www.secunia.com/internet_explorer_address_bar_spoofing_test/

  4. “Phishing” defined • Phishing attacks:“The mass distribution of e-mail messages with return addresses, links, and branding which appear to come from legitimate companies, but which are designed to fool the recipients into divulging personal authentication data”(www.antiphishing.org) • “Up to 20% of recipients may respond to [the phishing attack], resulting in financial losses, identity theft, and other fraudulent activity.”(www.antiphishing.org)

  5. Phishing Attack Example

  6. Phishing Attack Example

  7. Possible URL spoofing attack:http://pages.ebay.com/reactivate[null]@steal_your_identity.com travis2004 *******

  8. Content Triggered Trust Negotiation • Protection against the submission of trusted information to untrusted servers. • Uses filters on client-disclosed content to detect sensitive information • Initiates a trust negotiation to prove authenticity of the server before disclosing content

  9. Travis’ Computer username password confidential Content Triggered TN username password username password Trust NegotiationProxy Server Phishing Web Server

  10. Travis’ Computer username password confidential Content Triggered TN Trust NegotiationProxy Server Phishing Web Server

  11. Travis’ Computer Content Triggered TN Trust NegotiationProxy Server username password confidential Trusted Web Server

  12. Conclusion • Content Triggered Trust Negotiation prevents unwanted disclosure of sensitive content • Content Triggered Trust Negotiation is one approach to detecting • Typo pirates • URL spoofing • Phishing attacks

More Related