1 / 17

Phishing

Phishing. Definition: a criminal mechanism employing both social engineering and technical subterfuge to steal consumers’ personal identity data and financial account credentials Social engineering: Spoofed emails Counterfeit websites Trick users into giving credentials

lyndon
Download Presentation

Phishing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Phishing Definition: a criminal mechanism employing both social engineering and technical subterfuge to steal consumers’ personal identity data and financial account credentials Social engineering: Spoofed emails Counterfeit websites Trick users into giving credentials Technical subterfuge Install software that steals credentials directly Corrupt web navigation Either to a counterfeit website Or a proxy to the real site (man in the middle)

  2. Numbers (Q1 – 2010) 85.2% of all email is spam Sources USA – 16% India – 7% Russia – 6% 0.68% of all email has malicious content 0.57% of all email has a link to a phishing site Targets Germany – 11.6% Great Britain – 10.2% Japan – 7.7% Twain – 7.1% USA – 6.9% 67.34% of the phishing related websites are hosted in the USA

  3. Numbers (Q1 – 2010) Number of: Unique phishing emails – 30,577 Unique phishing websites – 29,879 Brands hijacked – 298 Industries targeted Payment services (Paypal) – 35.9% Financial (Chase) – 37% Gaming, social networks, online classified – 17.9% Auction sites - 8.3%

  4. Phishing Steps 1) Get an email list Google “email lists for sale” 2) Develop the attack Create the email Use logos, convincing language, urgency Create the website Use look and feel of original website Ask for user id/password Ask for credit card/ssn numbers

  5. Phishing Steps 3) Locate sites to host your website Use many sites Update DNS to have a very similar name to the original Chase.org, paypal.us.com, etc… Citibahk.com with a valid ssl certificate Paypal.com with a Cyrillic ‘a’ Median uptime: 13 hours 42 minutes 4) Locate email sender Google ‘email sender’ Usually use a botnet. Many infected computers that send emails from a “command and control” computer Most phishers use their own botnet

  6. Sending Machines Phish Web Sites Receivers John Mary Tim Tomas Frank Evan 152.146.187.172 210.114.175.226 66.165.106.111 61.152.175.161 161.58.214.148 211.23.187.151 212.250.162.8 195.75.241.4 Jan George Ramona Phil Charlie Elisa Dom Herman June Scott Lana Luann Vadim Andy Tonia Venkat Chao Joe Oliver Phishing Steps 5) Launch the attack Maybe use “Fast Flux” Image from Adrew Klein – Sonic Wall

  7. Phishing Steps 6)Collect Example: 2,000,000 emails sent 5% get to a real end user – 100,000 5% click on the link – 5,000 2% enter data into the site – 100 Average of $1,200 per incident or $120,000 Not bad for about 14 hours!!

  8. Phishing Gangs David Levi – UK 6 people $360,000 from 160 people Arrested in 2006 USA and Egypt Gang 100 people Egypt created websites and emails US side laundered the money Romanian Gang 70 people $1,000,000 transferred from bank account to western union Arrested May 2010

  9. Phishing Gangs Largest current gang is Avalanche 2/3 of all phishing comes from this gang 4,272 attacks in the first quart of 2010 1,624 domains are theirs They have had a sudden decrease in email phishing and have instead switched to malware phishing

  10. Phishing Gangs Infrastructure Not just a individual Creative department Create email, website Come up with DNS names Admin department Pay role Office space rent President, etc… Money Launderer (Mule)

  11. Money Laundering (the Mule) People create accounts on banks they are about to attack. Transfer the stolen account/id from one account to the other. Cash out. Close the account “Make money at home” Dad has money sent to his bank account Dad then wires the money to another bank Dad get 10% Small amounts are transacted ~$3-5K

  12. Money Laundering (the Mule) “Financial Operations Manager” job “Help young cancer patient transfer funds” “African finance minister” …

  13. Collect Construct Launch • Account Info • Credit Info • Identity Info • Logins & Passwords Sending Machines Email list Hosting Sites Email & Web site Phishing Kit Phishing Ecosystem $ $ Phished information turned into Cash The Phisher The Malware Community Tools to the Trade $ Harvested Information • DHA • Site Crawlers • Spyware • Templates • Sitecopy & wget • Botnets • Trojans • Worms • Keyloggers • Hacks & Attacks • “Real” Domain Names Image from Andrew Klein – Sonic Wall

  14. Protect your company If your company sends emails you are more vulnerable If you must send emails Put identifiable info in the email Last 4 of credit card number Your name Account ending in… Address Provide non-email ways to verify Use standard company domain names Do not use chase.offer.com, etc… Avoid web page links

  15. Protect your company Educate your clients Tell them how you will communicate What to look for in an email Monitor new customers (they might be a mule) Report phishing to authorities

  16. Protect yourself If you get an email, DO NOT click on the link, copy and paste Is this someone I do business with? Was I expecting this email? Be aware of attachments. Keep your anti-virus software up to date!

  17. Resources APWG – Aniti Phishing Working Group Kaspersky Labs www.securelist.com Adrew Klein – Sonic Wall from the Secure IT conference in 2006

More Related