View
51
Download
0
Category
Preview:
Citation preview
PhishingIDENTITY THEFT VECTOR OF THE ELECTRONIC AGE
What is Phishing?
Phishing is defined as an attempt to get personal data through masquerading as a trusted source through an electronic media
Many common sources are: Government agencies Large Corporations Help/Service desks
A Phishing tale
The “PH” in Phishing is a reference to the term phreak, and early term for hackers
These types of scams began surfacing around 1995 with the expansion of the internet
The term “Phishing” was first recorded on Jan 2 1996 in a Usenet newsgroup on AOL
AOL, as America’s largest internet provider of the 90’s was the testing and breeding ground of Phishing techniques
The “warez” community are the people who traffic in this type of data
Phishing Spoof-sites began appearing in 2003-2004 time frame with the rise of eCommerce
12 Common Methods
Email/SpamBulk emails asking users to send data with promises of rewards
Key LoggersAn application that captures every key stroke and sends it off
Web DeliverySniffing valid web traffic for user data
Session HackingAccessing a web session on the user side.
Instant MessageA link sent from a compromised account to contacts
System reconfigurationAn attempt to get a user to compromise a system by reducing it’s protections.
Trojan ApplicationsAutomated processes sending data from compromised machines
Content InjectionThis is adding content to a valid website that then takes you away from that site for nefarious purposes
Link ManipulationA difference between link text, and the actual link
Search Phishing Injecting malicious websites into common search results
Phone PhishingA call directing a user to a phishing site
Malware PhishingUsually comes in the form of an attachment in email and is a delivery mechanism for malicious code
There are a lot of phish in the seaHow they make their money…
Emails sent 1,000,000Percent filtered by SPAM filters 95% (5% success on total – 50,000)Percentage who open the mail 10% (.5% success on total – 5,000)Percentage who read the mail and click though
10% (.05% success on total - 500)
Percentage who fill out the form and fall for the attack
10% (.005% success on total - 50)
Revenue generated per Phish $1,800 Phishing revenue generated 50 * $1800 = $90,000
Phishing creates $1.5 Billion a year (in 2012) in global losses, and there are nearly ½ million unique attacks a year
Phishing at CWUIt’s happening all the time!
Email is the most common delivery method here at CWU. On a daily basis we average 1.5 as much SPAM as “good” email. Email forms (80% of Phishing attempts at CWU)
Mostly “classic” money schemes Used to generate cash, and while it has an extremely low success rate, it is
enough to keep them coming. Link Manipulation (20% of Phishing attempts at CWU)
Usually username and account phishing Used to generate “the next wave” of accounts to send from
This model is used to avoid account spam filtering from known SPAM accounts Malware and Trojans (<1%)
Averages a dozen (12) mails a day
Things to watch for:
The “To:” field The “To:” field in many phishing emails is left blank. This is because a phisher uses a compromised account to send an
email, and instead of obviously sending an email to 50 users from different organizations, they use the BCC to prevent you notifying all the other potential victims, and tipping their hand that this is not to a homogenous group of recipients.
The “From:” field In an IT Scam, it will come from someone NOT in your IT org, and likely not at the university at all! In a money Phishing scheme, these will often not match at all
FBI (Director) James Comey Jr. <simonlin@chinaconstruction.com.sg> Links
Look for links that use “Click Here” or other generic terms to hide the link path. Links that lead to a site other than the organization they are pretending to be. Often generis sub-sites, or foreign sites
ending in a 2 letter country suffix like “.ru”, “.hu”, or “.ch” Spelling and Grammar
Most Phishing attempts are initiated in countries where English is not a primary language. As such, emails are fraught with grammatical and spelling errors. See the examples below.
Generic IT terms Phishing attempts use terms like “Web-Mail” or “Help Desk” so they don’t need to specialize to individual
organizations. While some more sophisticated attacks will include certain levels of detail, they are always clear upon scrutiny.
Recommended