Download presentation
Presentation is loading. Please wait.
Published byMagdalen Wilson Modified over 9 years ago
1
Learn to protect yourself..
2
a 21 st Century Scam.. Phishing.
3
Define: Phishing Phishing is a type of deception designed to steal your valuable personal data, such as credit card numbers, usernames, passwords, or other information. You might see a phishing scam: In e-mail messages, even if they appear to be from a coworker or someone you know On a fake Web site that accepts donations for charity. On Web sites that spoof your familiar sites using slightly different Web addresses, hoping you won't notice. In your instant message program. On your cell phone or other mobile device. On your social networking Web site.
4
Phishing: Statistics
6
Example: a Phishing Attack The following is an email sent to many thousands of Westpac banking customers in May 2004. While the language sophistication is poor (probably due to the writer not being a native English speaker), many recipients were still fooled.
7
Things to note with this particular attack: The email was sent in HTML format Lower-case L’s have been replaced with upper-case I’s. to fool the recipient into reading them as L’s.. These words were set to white (on the white background of the email) so they were not directly visible The purpose of these words was to help bypass standard anti- spam filters. Within the HTML-based email, the URL link https://oIb.westpac.com.au/ib/defauIt.asp in fact points to a escape-encoded version of the following URL: http://olb.westpac.com.au.userdll.com:4903/ib/index.htm This was achieved using standard HTML coding such as:
8
The Phishers have used a sub-domain of USERDLL.COM in order to lend the illusion of it really being the Westpac banking site. Many recipients are likely to be fooled by olb.westpac.com.au.userdll.com. Recipients that clicked on the link were then forwarded to the real Westpac application. However a JavaScript popup window containing a fake login page was presented to them. Expert analysis of this JavaScript code identified that pieces of it had been used previously in another phishing attack – one targeting HSBC. This fake login window was designed to capture and store the recipient’s authentication credentials. An interesting aspect to this particular phishing attack is that the JavaScript also submitted the authentication information to the real Westpac application and forwarded them on to the site. Therefore the recipient would be unaware that their initial connection had been intercepted and their credentials captured.
9
Example: facebook The emails sent by the phishers direct the users to fbstarter.com,fbaction.net and thisisnetfacebook.com, which has exaclty the same interface as the original facebook.
10
Example: Twitter
11
Phishing Attack: Vectors Man – in – the middle attacks Cross-site Scripting Attacks Observing Customer Data
12
Man- in- the- middle attack Transparent Proxies DNS Cache Poisoning URL Obfuscation THIS METHOD IS CARRIED OUT THROUGH A NUMBER OF WAYS
13
By overriding the customers web-browser setup and setting proxy configuration options, an attacker can force all web traffic through to their nominated proxy server. This method is not transparent to the customer, and the customer may easily review their web browser settings to identify an offending proxy server.In many cases browser proxy configuration changes setting up the attack will have been carried out in advance of receipt of the Phishing message. Browser Proxy Configuration
14
Cross Site Scripting Attacks
15
The customer has received the following URL via a Phishers email: http://mybank.com/ebanking?URL=http://evilsite.com/phishing/fakepage.htm While the customer is indeed directed and connected to the real MyBank web application, due to poor application coding by the bank, the ebanking component will accept an arbitrary URL for insertion within the URL field the returned page. Instead of the application providing a MyBank authentication form embedded within the page, the attacker has managed to reference a page under control on an external server (http://evilsite.com/phishing/fakepage.htm).http://evilsite.com/phishing/fakepage.htm Unfortunately, as with most CSS vulnerabilities, the customer has no way of knowing that this authentication page is not legitimate. While the example URL may appear obvious, the attacker could easily obfuscate it using the techniques explained earlier. For example, http://evilsite.com/phishing/fakepage.htm may instead become: http%3A%2F%2F3515261219%2Fphishing%C0%AEfakepage%2Ehtm
16
Hidden Attacks Hidden Frames Hiding HTML code from the customer. Customers will not be able to view the hidden pages code through the standard “View Source” functions available to them. Combined with client-side scripting languages, it is possible to replicate functionality of the browser toolbar; including the representation of URLinformation and pageheaders.
17
Overriding Page Content Several methods exist for Phishers to override displayed content. One of the most popular methods of inserting fake content within a page is to use the DHTML function - DIV. The DIV function allows an attacker to place content into a “virtual container” that, when given an absolute position and size through the STYLE method, can be positioned to hide or replace (by “sitting on top”) underlying content. This malicious content may be delivered as a very long URL or by referencing a stored script.
18
Observing Customer Data Key - Logging The purpose of key loggers is to observe and record all key presses by the customer – in particular, when they must enter their authentication information into the web-based application login pages
19
Countering Phishing: Strategies Never trust strangers: The same rules you were taught as a child come into play here; DO NOT open emails that are from people you don’t know. Set your junk and spam mail filter to deliver only content from those in your address book. Sidestep those links: What happens if your spam filter is fooled into delivering junk mail to your inbox, and you happen to open it? Simple – NEVER click on links embedded in your email. Guard your privacy: Your mouse just happened to move over the link and lo and behold, you’re transported to another website where you’re asked to provide sensitive information like user names, account numbers, password and credit card and social security numbers. Just one word for you - DON’T. Use the keypad, not the mouse: TYPE in URLs instead of clicking on links to online shopping and banking sites that typically ask for credit card and account numbers.
20
Look for the lock: Valid sites that use encryption to securely transfer sensitive information are characterized by a lock on the bottom right of your browser window, NOT your web page. They also have addresses that begin with https:// rather than the usual http://. Spot the difference: Sometimes, just the presence of the lock alone is proof enough that the site is authentic. To verify its genuineness, double- click the lock to display the site’s security certificate, and CHECK if the name on the certificate and the address bar match. If they don’t you’re on a problem site, so get the hell out of there.
22
than Q
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.