7
Phishing IDENTITY THEFT VECTOR OF THE ELECTRONIC AGE

Phishing

Embed Size (px)

Citation preview

Page 1: Phishing

PhishingIDENTITY THEFT VECTOR OF THE ELECTRONIC AGE

Page 2: Phishing

What is Phishing?

Phishing is defined as an attempt to get personal data through masquerading as a trusted source through an electronic media

Many common sources are: Government agencies Large Corporations Help/Service desks

Page 3: Phishing

A Phishing tale

The “PH” in Phishing is a reference to the term phreak, and early term for hackers

These types of scams began surfacing around 1995 with the expansion of the internet

The term “Phishing” was first recorded on Jan 2 1996 in a Usenet newsgroup on AOL

AOL, as America’s largest internet provider of the 90’s was the testing and breeding ground of Phishing techniques

The “warez” community are the people who traffic in this type of data

Phishing Spoof-sites began appearing in 2003-2004 time frame with the rise of eCommerce

Page 4: Phishing

12 Common Methods

Email/SpamBulk emails asking users to send data with promises of rewards

Key LoggersAn application that captures every key stroke and sends it off

Web DeliverySniffing valid web traffic for user data

Session HackingAccessing a web session on the user side.

Instant MessageA link sent from a compromised account to contacts

System reconfigurationAn attempt to get a user to compromise a system by reducing it’s protections.

Trojan ApplicationsAutomated processes sending data from compromised machines

Content InjectionThis is adding content to a valid website that then takes you away from that site for nefarious purposes

Link ManipulationA difference between link text, and the actual link

Search Phishing Injecting malicious websites into common search results

Phone PhishingA call directing a user to a phishing site

Malware PhishingUsually comes in the form of an attachment in email and is a delivery mechanism for malicious code

Page 5: Phishing

There are a lot of phish in the seaHow they make their money…

Emails sent 1,000,000Percent filtered by SPAM filters 95% (5% success on total – 50,000)Percentage who open the mail 10% (.5% success on total – 5,000)Percentage who read the mail and click though

10% (.05% success on total - 500)

Percentage who fill out the form and fall for the attack

10% (.005% success on total - 50)

Revenue generated per Phish $1,800 Phishing revenue generated 50 * $1800 = $90,000

Phishing creates $1.5 Billion a year (in 2012) in global losses, and there are nearly ½ million unique attacks a year

Page 6: Phishing

Phishing at CWUIt’s happening all the time!

Email is the most common delivery method here at CWU. On a daily basis we average 1.5 as much SPAM as “good” email. Email forms (80% of Phishing attempts at CWU)

Mostly “classic” money schemes Used to generate cash, and while it has an extremely low success rate, it is

enough to keep them coming. Link Manipulation (20% of Phishing attempts at CWU)

Usually username and account phishing Used to generate “the next wave” of accounts to send from

This model is used to avoid account spam filtering from known SPAM accounts Malware and Trojans (<1%)

Averages a dozen (12) mails a day

Page 7: Phishing

Things to watch for:

The “To:” field The “To:” field in many phishing emails is left blank.  This is because a phisher uses a compromised account to send an

email, and instead of obviously sending an email to 50 users from different organizations, they use the BCC to prevent you notifying all the other potential victims, and tipping their hand that this is not to a homogenous group of recipients.

The “From:” field In an IT Scam, it will come from someone NOT in your IT org, and likely not at the university at all! In a money Phishing scheme, these will often not match at all

FBI (Director) James Comey Jr. <[email protected]> Links

Look for links that use “Click Here” or other generic terms to hide the link path. Links that lead to a site other than the organization they are pretending to be.  Often generis sub-sites, or foreign sites

ending in a 2 letter country suffix like “.ru”, “.hu”, or “.ch” Spelling and Grammar

Most Phishing attempts are initiated in countries where English is not a primary language.  As such, emails are fraught with grammatical and spelling errors.  See the examples below.

Generic IT terms Phishing attempts use terms like “Web-Mail” or “Help Desk” so they don’t need to specialize to individual

organizations.  While some more sophisticated attacks will include certain levels of detail, they are always clear upon scrutiny.


What is Phishing | How to Spot a Phishing email or Website 2020 | Antivirus for Phishing Attack

What is Phishing | How to Spot a Phishing email or Website 2020 | Antivirus for Phishing Attack

Services
AWARENESS OF PHISHING SCENARIO - CYBERWISER.eu · 2020. 11. 19. · Phishing attack exercise •Identify phishing indicators in an email. •Distinguish phishing from legitimate emails

AWARENESS OF PHISHING SCENARIO - CYBERWISER.eu · 2020. 11. 19. · Phishing attack exercise •Identify phishing indicators in an email. •Distinguish phishing from legitimate emails

Documents
Phishing & spamming

Phishing & spamming

Documents
Phishing - Study Mafiastudymafia.org/wp-content/uploads/2015/03/CSE-phishing-report.pdf · Phishing software and computer programs are designed to prevent the occurrence of Phishing

Phishing - Study Mafiastudymafia.org/wp-content/uploads/2015/03/CSE-phishing-report.pdf · Phishing software and computer programs are designed to prevent the occurrence of Phishing

Documents
Phishing Awareness - Valdosta State University€¦ · Types of Phishing Attacks Spear phishing - Phishing attempts directed at specific individuals or companies have been termed

Phishing Awareness - Valdosta State University€¦ · Types of Phishing Attacks Spear phishing - Phishing attempts directed at specific individuals or companies have been termed

Documents
Phishing Attacks

Phishing Attacks

Documents
Table of Contents - RiskSOURCE Clark-Theders › wp-content › uploads › 2019 › 05 › ... · 4 Phishing vs. Spear Phishing Often, the terms phishing and spear phishing are used

Table of Contents - RiskSOURCE Clark-Theders › wp-content › uploads › 2019 › 05 › ... · 4 Phishing vs. Spear Phishing Often, the terms phishing and spear phishing are used

Documents
How to Spot Phishing Attacks - MicroAge · How to Spot Phishing Attacks What is Spear Phishing? Like phishing ploys, spear phishing scams are designed to obtain sensitive information

How to Spot Phishing Attacks - MicroAge · How to Spot Phishing Attacks What is Spear Phishing? Like phishing ploys, spear phishing scams are designed to obtain sensitive information

Documents
PHISHING By, Himanshu Mishra Parrag Mehta. OUTLINE What is Phishing ? Phishing Techniques Message Delivery Effects of Phishing Anti-Phishing Techniques

PHISHING By, Himanshu Mishra Parrag Mehta. OUTLINE What is Phishing ? Phishing Techniques Message Delivery Effects of Phishing Anti-Phishing Techniques

Documents
My Phishing

My Phishing

Documents
CAPTCHA & PHISHING

CAPTCHA & PHISHING

Documents
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks

Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks

Internet
Detecting a Phishing Attack with Phishing Intelligence ... · Detecting a Phishing Attack with Phishing Intelligence Engine (PIE) 1 Phishing Statistics: What Every Business Needs

Detecting a Phishing Attack with Phishing Intelligence ... · Detecting a Phishing Attack with Phishing Intelligence Engine (PIE) 1 Phishing Statistics: What Every Business Needs

Documents
Phishing techniques

Phishing techniques

Technology
UNCLASSIFIED//FOUO DoD Spear-Phishing Awareness Training · Spear Phishing is a GREATER threat!!! Spear Phishing is a highly targeted phishing attempt. The attacker selectively chooses

UNCLASSIFIED//FOUO DoD Spear-Phishing Awareness Training · Spear Phishing is a GREATER threat!!! Spear Phishing is a highly targeted phishing attempt. The attacker selectively chooses

Documents
Phishing story

Phishing story

Education
Phishing attack

Phishing attack

Technology
Mobile Phishing Protection · Mobile Phishing Protection Anywhere Zero-Hour Protection Against the Broadest Range of Phishing Threats for iOS and Android SlashNext Mobile Phishing

Mobile Phishing Protection · Mobile Phishing Protection Anywhere Zero-Hour Protection Against the Broadest Range of Phishing Threats for iOS and Android SlashNext Mobile Phishing

Documents
Phishing and Trust. Agenda Questions? Questions? Phishing Phishing Project feedback Project feedback Trust Trust

Phishing and Trust. Agenda Questions? Questions? Phishing Phishing Project feedback Project feedback Trust Trust

Documents
Phishing Ppt

Phishing Ppt

Documents
Table of Contents - Sutcliffe Insurance · 2020. 3. 26. · 4 Phishing versus Spear Phishing Often, the terms phishing and spear phishing are used interchangeably. However, there

Table of Contents - Sutcliffe Insurance · 2020. 3. 26. · 4 Phishing versus Spear Phishing Often, the terms phishing and spear phishing are used interchangeably. However, there

Documents
Phishing-Aware: A Neuro-Fuzzy Approach for Anti-Phishing ...networking.khu.ac.kr/.../data/Phishing-Aware.pdfPhishing-Aware: A Neuro-Fuzzy Approach for Anti-Phishing on Fog Networks

Phishing-Aware: A Neuro-Fuzzy Approach for Anti-Phishing ...networking.khu.ac.kr/.../data/Phishing-Aware.pdfPhishing-Aware: A Neuro-Fuzzy Approach for Anti-Phishing on Fog Networks

Documents
SPEAR PHISHING - dandh.com...SPEAR PHISHING VS PHISHING Spear phishing and phishing attacks both leverage impersonation to commit fraud. The difference between the two is that spear

SPEAR PHISHING - dandh.com...SPEAR PHISHING VS PHISHING Spear phishing and phishing attacks both leverage impersonation to commit fraud. The difference between the two is that spear

Documents
COMBATTING MODERN EMAIL PHISHING ATTACKS · 2016-11-07 · Combatting modern email phishing attacks More effective than traditional phishing scams, spear-phishing attacks are carefully

COMBATTING MODERN EMAIL PHISHING ATTACKS · 2016-11-07 · Combatting modern email phishing attacks More effective than traditional phishing scams, spear-phishing attacks are carefully

Documents
Phishing Pd

Phishing Pd

Documents
Phishing Thesis

Phishing Thesis

Documents
Gone Phishing

Gone Phishing

Technology
Internet Phishing

Internet Phishing

Services
Intro phishing

Intro phishing

Technology
Anti phishing

Anti phishing

Engineering