Docstoc

Phishing Phishing by Farhan Sajjad Outline  Introduction 

Document Sample
Phishing Phishing by Farhan Sajjad Outline  Introduction  Powered By Docstoc
					Phishing
     by
Farhan Sajjad
                   Outline
   Introduction
   What is Phishing?
   Ethics of Phishing
   Case Studies
   Defense Methods
   Conclusion
   Discussion topics
             What is Phishing?
   A criminal act using Social Engineering.
       Social engineering: Techniques used to
        manipulate people into performing actions
        or giving out confidential information.
       Definition: To fraudulently acquire sensitive
        information, by masquerading as a
        trustworthy person or business in an
        electronic communication.
How much Phishing?
     A Typical Phishing Scheme
   A fraudulent email is sent from a financial
    institution asking the victim to verify
    account details or transactions.
   Victim is then pointed towards a fake
    website using JavaScript and URL Masking
   The fake website collects the confidential
    information such as passwords and credit
    card details.
Example of Phishing:
(using JavaScript and URL Masking)
              Ethics of Phishing
   How is the information gathered?
       In a fraudulent way! Phishers steal
        confidential information.
   What could be done with the information?
       Very sensitive information such as: SSN,
        passwords, credit card numbers, personal
        details.
       Identity Theft!
   It is WRONG because it is stealing!
             Threats of Phishing
   Identity theft
       Stolen bank accounts and passwords/PINs
       Stolen social security numbers, addresses
       Stolen credit card numbers
   Download spyware to victim PC to
    eavesdrop and use as zombies
   Infect victim with virus
          The Victims of Phishing
   Individual consumers
   Financial organizations:
       Banks: Citibank, SAMBA…
       Credit Card Companies: Visa, MasterCard…
       Online Retailers: eBay, Amazon, PayPal…
       ISPs: AOL, Yahoo!, MSN…
   Between May 2004 and May 2005, approximately 1.2
    million computer users in the United States suffered
    losses caused by phishing, totaling approximately $929
    million USD.
   In U.S.A. alone businesses lose an estimated $2 billion
    USD a year as their clients become victims.
Case Study I

      Linked to a website in China
       Case Study II




cgi3.ebay.com.wws2.us/update/aw-cgi/eBayISAPI.dll/index.html
                    Conclusion
   Phishing continues social engineering in
    modern vectors (email + Web)
       Will keep increasing as long as it works
   Current defenses are educational and
    technological
       Defenses are trying to keep up with attacks,
        not keep ahead
   International Phishing Laws need to
    drafted and standardized.
               Defense Methods
   Never click on email links especially if they come from a
    financial organization.
   Verify the receipt of such emails with the organization.
   Use secure connections and the HTTPS protocol.
   Make sure the security certificate issued by reputed
    security authorities such as VeriSign.
   Carefully check the domain name and the links and see
    if you are being directed elsewhere.
   Type web addresses manually and stay within the
    website.
   Use updated versions of internet browsers.
               Discussion Points
   Motivation of the Phishers:
       Easy Profits:
          Low cost setup
          Easy to craft and setup

          Very low success rates can be very profitable

       Low Risks:
          Zombies are used to relay Phishing emails
          Phishing websites are registered with phony
           information
          International laws are not standard
                 Sources
   http://en.wikipedia.org/wiki/Phishing
   http://engr.smu.edu/~tchen/papers/talk-
    lmu-Dec2004.pdf
   http://www.microsoft.com/athome/securit
    y/email/phishing.mspx
   http://www.auscert.org.au/render.html?it
    =5932

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:7
posted:9/5/2011
language:English
pages:15