Upload
emily-gallagher
View
213
Download
0
Embed Size (px)
Citation preview
Phishing Problem
Kristián KučerákMilan Just
Abstract
In this age of broadband, wireless, and network interconnectivity, we enjoy the unprecedented power of information exchange and commerce at our fingertips.
Networks and systems are continuously evolving to become more robust, thereby maximizing our convenience and
productivity – 24 hours a day, seven days a week. Over the last few years, online banking, including online bill paying, has
become very popular as more financial institutions begin to offer free online services.With the increase in online fraud and
identity theft, financial crimes have changed from direct attacks to indirect attacks—in other words, rather than
robbing a bank at gunpoint, the criminals target the bank's customers. This type of indirect attack significantly impacts
the financial institutions themselves because their inability to adequately protect their customer assets tarnishes their
reputations and overall trust.
Spam Classification Spam organization1. Bulk-mailing tool identification. Identification of unique mailing
attributes found in the e-mail header.2. Feature subsets Items such as hash busters, (format and location),
content attributes (spelling errors, grammar), and unique feature subsets from the bulk-mailing tool.
3. Sending methods
Classification techniques1. Unsolicited commercial e-mail (UCE)2. Nonresponsive commercial e-mail (NCE)3. List makers4. Scams (Phishing)
Cyber Crime Evolution
What is Phishing ?
Gather private information (credit card information, bank account passwords
First Phishing reported against financial institution in July 2003
It introduced a new class of attack vektor – overlooked human element
Phishing Statistics Phishers are refining their e-mail techniques Phishers of 2005 build their own PHP bulk-
mailing Phishers are becoming more technically
savvy Phishers are taking advantage of Cross-Site
Scripting (XSS) vulnerabilities Phishers are refining their key-logging
malware
Go Phish!
Most popular phishing methods :
Impersonating Attack Forwarding Attack Pop-up Attack
Impersonating Attack
Forwarding Attack
Popup Attack
Harvesting e-mail Addresses
86 percent of the e-mail addresses posted to Web pages receive spam (@ sign)
the majority of spammers and phishers use bots or crawlers (www.bestextractor.com)
Extract Link, Whois Extractor, List Monitor, Email Verifier
Sending Spam/PhishTwo competing popular bulk
mailers:
Send-Safe ( “real anonymous mailer”, was authored by Ruslan Ibragimov – author of Sobig Virus )
Dark-Mailer ( easy of use, forging headers, sending roughly 500,000 e-mails per hour, supports HTTP and SOCKS proxies )
Conclusion Significant and growing problem A lot of antiphishing vendors – be
careful “secure by marketing” – campaing
just to get sales Good idea product
evaluated by a professional security team
Thank you for your attention
Any questions ???