Phishing, Spoofing, Spamming and Security

1
Phishing, Spoofing, Spamming and Security

• How To Protect Yourself

Dr. Harold L. Bud Cothern
Additional Credits Educause/SonicWall, Hendra
Harianto Tuty, Microsoft Corporation, some images
from Anti-Phishing Workgroups Phishing
Archive,Carnegie Mellon CyLab
2
Recognize Phishing Scams and Fraudulent E-mails

• Phishing is a type of deception designed to
  steal your valuable personal data, such as credit
  card numbers, passwords, account data, or other
  information.
• Con artists might send millions of fraudulent
  e-mail messages that appear to come from Web
  sites you trust, like your bank or credit card
  company, and request that you provide personal
  information.

3
History of Phishing

• Phreaking Fishing Phishing
• - Phreaking making phone calls for free back in
  70s
• - Fishing Use bait to lure the target
• Phishing in 1995
• Target AOL users
• Purpose getting account passwords for free time
• Threat level low
• Techniques Similar names ( www.ao1.com for
  www.aol.com ), social
• engineering
• Phishing in 2001
• Target Ebayers and major banks
• Purpose getting credit card numbers, accounts
• Threat level medium
• Techniques Same in 1995, keylogger
• Phishing in 2007
• Target Paypal, banks, ebay
• Purpose bank accounts

4
A bad day phishin, beats a good day workin

• 2,000,000 emails are sent
• 5 get to the end user 100,000 (APWG)
• 5 click on the phishing link 5,000 (APWG)
• 2 enter data into the phishing site 100
  (Gartner)
• 1,200 from each person who enters data (FTC)
• Potential reward 120,000

In 2005 David Levi made over 360,000 from 160
people using an eBay Phishing scam
5
Phishing A Growing Problem

• Over 28,000 unique phishing attacks reported in
  Dec. 2006, about double the number from 2005
• Estimates suggest phishing affected 2 million US
  citizens and cost businesses billions of dollars
  in 2005
• Additional losses due to consumer fears

6
What Does a Phishing Scam Look Like?

• As scam artists become more sophisticated, so do
  their phishing e-mail messages and pop-up
  windows.
• They often include official-looking logos from
  real organizations and other identifying
  information taken directly from legitimate Web
  sites.

7
Current Phishing Techniques

• Employ visual elements from target site
• DNS Tricks
• www.ebay.com.kr
• www.ebay.com_at_192.168.0.5
• www.gooogle.com
• Unicode attacks
• JavaScript Attacks
• Spoofed SSL lock
• Certificates
• Phishers can acquire certificates for domains
  they own
• Certificate authorities make mistakes

8
Spear-Phishing Improved Target Selection

• Socially aware attacks
• Mine social relationships from public data
• Phishing email appears to arrive from someone
  known to the victim
• Use spoofed identity of trusted organization to
  gain trust
• Urge victims to update or validate their account
• Threaten to terminate the account if the victims
  not reply
• Use gift or bonus as a bait
• Security promises
• Context-aware attacks
• Your bid on eBay has won!
• The books on your Amazon wish list are on sale!

9
Another Example
10
But wait
WHOIS 210.104.211.21 Location Korea,
Republic Of
Even bigger problem I dont have an account
with US Bank!
Images from Anti-Phishing Working Groups
Phishing Archive
11
How To Tell If An E-mail Message is Fraudulent

• Here are a few phrases to look for if you think
  an e-mail message is a phishing scam.
• "Verify your account."?Businesses should not ask
  you to send passwords, login names, Social
  Security numbers, or other personal information
  through e-mail. If you receive an e-mail from
  anyone asking you to update your credit card
  information, do not respond this is a phishing
  scam.
• "If you don't respond within 48 hours, your
  account will be closed."?These messages convey a
  sense of urgency so that you'll respond
  immediately without thinking.

12
How To Tell If An E-mail Message is Fraudulent
(contd)

• "Dear Valued Customer."?Phishing e-mail messages
  are usually sent out in bulk and often do not
  contain your first or last name.
• "Click the link below to gain access to your
  account."?HTML-formatted messages can contain
  links or forms that you can fill out just as
  you'd fill out a form on a Web site. ?The links
  that you are urged to click may contain all or
  part of a real company's name and are usually
  "masked," meaning that the link you see does not
  take you to that address but somewhere different,
  usually a phony Web site.?
• Resting the mouse pointer on the link reveals
  the real Web address. The string of cryptic
  numbers looks nothing like the company's Web
  address, which is a suspicious sign.

13
How To Tell If An E-mail Message is Fraudulent
(contd)
Con artists also use Uniform Resource Locators
(URLs) that resemble the name of a well-known
company but are slightly altered by adding,
omitting, or transposing letters. For example,
the URL "www.microsoft.com" could appear instead
as? www.micosoft.com ? www.mircosoft.com
? www.verify-microsoft.com
14

• Never respond to an email asking for personal
  information
• Always check the site to see if it is secure.
  Call the phone number if necessary
• Never click on the link on the email. Retype the
  address in a new window
• Keep your browser updated
• Keep antivirus definitions updated
• Use a firewall

P.S Always shred your home documents before
discarding them.