Upload
myron-walters
View
214
Download
0
Embed Size (px)
Citation preview
Phishing to Fraud
• Introduction • The Phishing Hole• New Targets – Beyond Banks• Fraud• Cash• Cracking• Downfall
Phishing to Fraud
• Phishing• Fraud• Credit Cards– Sources– Card Not Present– Carding– BINs– CCV/CVC
Phishing to Fraud• Phishing Hole – Compromised Server– Old School– Extremely Common– More Obvious
• Phishing Hole – Phished/New Hosting Account– Brandjacking– Register.com– GoDaddy– Yahoo!
• Scripting• Packageify it…
Phishing to Fraud• Payment Processors
– PayPal– BoA Merchant Services– Chase Paymentech– Intuit Payment Solutions– Merchant One
• Hosting/Registrars– GoDaddy– Register.com– Intuit– Yahoo!
• Vulnerability Assessment Providers– Qualys– Trustwave
Phishing to Fraud
• How are the CC’s used?– Purchasing– Selling to card numbers– Cash
• How to get Cash?– Refunds– Transfers– Phishing
Phishing to Fraud
• Payment Processors– Credit Card No. Generation– Cracking CVV/CVC– Carding– BIN Attacks
Phishing to Fraud• How they get caught…– Trending– Referencing Hosted Data
• Images• Javascript• CSS
• What is wrong with this picture?– Too many transactions per second– Too many authorizations – Sudden increase in cost to the victim merchant
Phishing to Fraud
• Conclusion