Phishing

By
K. Nirmala
07A41A0529

Topics

Phishing Basics
Serious Problem
APWG Regular Reports
Recent Examples
Phishing Harms Firms
Problem Increasing
Anti-Phishing Steps
Public Education
Possible Solutions

Phishing Basics (1)

Pronounced "fishing"
Scam to steal valuable information such as
credit cards, social security numbers, user
IDs and passwords.
Also known as "brand spoofing"
Official-looking e-mail sent to potential
victims
Pretends to be from their ISP, retail store, etc.,
Due to internal accounting errors or some other
pretext, certain information must be updated
to continue the service.

Phishing Basics (2)

Link in e-mail message directs the user to a Web page

Asks for financial information
Page looks genuine
Easy to fake valid Web site
Any HTML page on the real Web can be copied and
modified
E-mails sent to people on selected lists or to any list
Some % will actually have account
Phishing kit"
Set of software tools
Help novice phisher imitate target Web site
Make mass mailings
May include lists of e-mail addresses

Serious Problem
Illegal access to checking
accounts, often gained via
phishing scams, has become
the fastest-growing form of
consumer theft in the United
States, accounting for a
staggering $2.4 billion in fraud
in the previous 12 months.

APWG Regular Reports

Phishing Activity Trends Report Oct 2004
1142: Number of active phishing sites
reported in Oct 2004
25%: Average monthly growth rate in
phishing sites July through Oct
44: # brands hijacked Oct
6: # brands comprising top 80% of brands
hijacked by phishing campaigns in Oct
USA: country hosting most phishing Websites
20%: contain some form of the target name
in URL
63%: no hostname, just IP address
6 days: average time online for phishing site
http://www.antiphishing.org/APWG_Phishing_Activity_Report-Oct2004.pdf

Recent Examples of Attacks

From APWG
Nov 15 - People's Bank - 'New Mail from
People'
Nov 10 - Citibank - 'Citibank Alert Service'
Nov 9 - Paypal - 'Your Account Will Be
Suspended'
Nov 2 - Sovereign Bank - 'Sovereign Bank
Unauthorized Account Access'
Nov 1 - Citibank - 'Security Alert on Microsoft
Internet Explorer'
Oct 29 - eBay - 'TKO NOTICE: Verify Your
Identity'
Oct 28 - Verizon - 'Update your Verizon billing
profile'
Oct 27 - Washington Mutual Bank 'Washington Mutual Bank : Notification of
Washington Mutual Internet Banking Account

Peoples Bank

Not the
proper
domain for
peoples.com

Citibank (Nov 10)

Links to
http://82.90.165.65/cit
i

PayPal (1)

Actually links to
http://212.45.13.185/.payp
al/index.php

PayPal (2)

Citibank (Nov 1)

Links to
http://200.189.70.90/citi/

eBay

http://signinebay.com-cgibin.tk/eBaydll.php

APWG (antiphishing.org)
Anti-Phishing Working Group

Phishing Harms Firms

Harmful at many levels
Threatens effective communication
Undermines goodwill and trust

Customers
Direct harm from stolen IDs, passwords
Could perceive business as not taking
adequate steps to protect users

Diminishes value of brand

Could affect shareholders
Possibility of liability for failure to
exercise due diligence in protecting
trademark
Based in part on material that is
copyright 2004 Don Holden, CISSP
Used with permission (and thanks).

Problem Increasing

Get a Job and Lose Money

Free training offer is latest spam scam
By John Leyden
Published Tuesday 2nd November 2004 12:35
GMT
http://www.theregister.com/2004/11/02/training_s
pam_scam/

Apply for training and job at Credit Suisse

Fill in banking details (!)
Lose control over your financial information
to criminals

Spoofed Page and

Address Bar Not the real
address bar

See http://www.antiphishing.org/news/03-31-04_Alert-FakeAddressBar.html

Based on a slide copyright 2004 Don Holden, CISSP

Used with permission (and thanks).

Spoofed Address Bar

Problem
JavaScript device replaces address bar
Allows complete control
Can show one URL while going to another
Viewing source code for page does NOT
show Java source code

Implications
With address bar installed, could track
other sites visited
Could do a man-inthe-middle attack to see
everything entered

Recent Alert
@RISK: Consensus Security
Vulnerability Alert 3(45) Nov 14, 2004
From SANS Institute

Internet Explorer Phishing Vulnerability

Attacker can construct malicious hyperlink
Hundreds of attacks reported per week
Object element embedded in hyperlink
Can embed flash movie or other executable
code in a hyperlink

Tabbed Browser Problems

(1)
Phishing for dummies: hook, line and sinker
By Scott Granneman, SecurityFocus
Published Tuesday 2nd November 2004 14:55
GMT
http://www.theregister.com/2004/11/02/phishing
_tabbed_browsers/

Vulnerabilities in many tabbed browsers that

allow easy switch from one window to another
Mozilla 1.7.3
Mozilla Firefox 0.10.1
Camino 0.8
Opera 7.54
Konqueror 3.2.2-6
Netscape 7.2
Avant Browser 9.02 build 101 and 10.0 build 029
Maxthon (MyIE2) 1.1.039

Tabbed Browser Problems

(2)
Dialog box can be spawned in active window
from connection to an inactive window
E.g., visit PayPal
Get popup box to verify password
Actually comes from rogue site in different window

Possibility of diverting data into a form on a

different window for a malicious Website
Would try to enter data into form on legitimate site
Data would actually go somewhere else

Anti-Phishing Steps
Proclaim, Protect, Pursue
Proclaim in all correspondence the
use of an official mark (e.g.
TrustedSender stamp)
Protect all messages, Web pages
with the mark
Pursue all impostors actively seek
reports of phishing

Public Education
Use digitally-signed documents ONLY
Dont release unsigned documents
Get consumers used to idea that an
unsigned document is an untrustworthy
document

Use public education campaigns

No one will ever ask you to confirm your
password
Dont believe alerts that address you as
Dear Customer.
Link to APWG documents; e.g.,
http://www.antiphishing.org/consumer_recs.html

Possible Solutions
Strong Website authentication
Mail server authentication
Digitally-signed e-mail with desktop
verification
Digitally-signed e-mail with gateway
verification

AWPG: Proposed Solutions to Address the Threat of Email Spoofing

Scams

APWG Resources Page

CloudMarks Community
Approach
Cloud mark Safety Bar
http://www.cloudmark.com/
Works for Outlook and Outlook Express

Community members report new spam or

fraud at push of button
Information sent worldwide to improve
blocking

Anti-fraudster measures
Reliability of reports affects credibility of
reporter
Spammers and fraudsters would lose
credibility fast

Cloudmark SafetyBar (2)

QUERIES ?

THANQ