Presentation is loading. Please wait.

Presentation is loading. Please wait.

George Mason University and SonicWALL The Phishing Ecosystem Analyzing the Dynamics for Maximum Defense Tuesday, April 11th 2006 – 2:45pm.

Published byEdmund Baldwin Modified over 9 years ago

Similar presentations

Presentation on theme: "George Mason University and SonicWALL The Phishing Ecosystem Analyzing the Dynamics for Maximum Defense Tuesday, April 11th 2006 – 2:45pm."— Presentation transcript:

1 George Mason University and SonicWALL The Phishing Ecosystem Analyzing the Dynamics for Maximum Defense Tuesday, April 11th 2006 – 2:45pm

2 2 Agenda  Overview of the Phishing Ecosystem  Questions for the panel  Scope of the problem  What did GMU do  Results  Phishing education  Other email issues  Ask questions as we go  Wrap up & lessons learned

3 Let’s Go Phishing

4 4 The Phishing Checklist 1. Get an email list 2. Develop the attack 3. Locate sites to send phishing email from 4. Locate sites to host the phishing site 5. Launch the attack 6. Collect the information 7. Transform into cash

5 5 A bad day phishin’, beats a good day workin’  2,000,000 emails are sent  5% get to the end user – 100,000 (APWG)  5% click on the phishing link – 5,000 (APWG)  2% enter data into the phishing site –100 (Gartner)  $1,200 from each person who enters data (FTC)  Our potential reward: $120,000 In 2005 David Levi made over $360,000 from 160 people using an eBay Phishing scam

6 6 A little phishing gang  The David Levi phishing gang – UK  6 members  Operated for 12 months  At least $360,000 from 160 people  Segmentation of jobs  Techie  Creative designer  Money laundering – mule driver Caught – received sentences from 1 to 4 years each

7 7 Tools to the Trade The Malware Community Email list Sending Machines Hosting Sites Email & Web site Construct Launch Collect Account Info Credit Info Identity Info Logins & Passwords Phished information turned into Cash Phishing Kit The phishing ecosystem DHA Site Crawlers Spyware Harvested Information $ Templates Sitecopy & wget Botnets Trojans Worms Keyloggers Hacks & Attacks “Real” Domain Names The Phisher $

8 8 The money laundering “Mule”  “Make Money at Home”  Recruits receive funds in their accounts  Transfer funds from their account via Western Union wire transfers to a 2nd (phishers) account  Paid 10% of the sum of each money transfer  One or two transfers each week - $3,000 to $5,000 each  “Nations Welfare Foundation”  Looking for a “Financial Operations Manager”  Transfer money for young cancer patients in USSR  Real looking web site complete with pictures  Paid 7% - can make $500 to $2,000 per week

9 9 Botnets  Botnet: A collection of compromised computers that are run under a common control structure  Functions  Email senders  DHA, spam, phishing, virus  DOS attacks  Rented out for $300 to $700 per hour  Jeanson James Ancheta made $60,000 by selling access  Over 10,000 botnets become active each day (Symantec)

10 10 Hacks and Attacks  9,715 – Number of phishing sites operational in January 2006 (APWG)  34% – The percentage of phishing sites hosted in the United States for December 2005 (APWG)  31% - The percentage of phishing sites that are being hosted on “real” web servers (SonicWALL) Hacked bank server hosts phishing sites March 13, 2006 (IDG News Service) – Criminals appear to have hacked a Chinese bank’s server and are using it to host phishing sites to steal personal data from customers of eBay Inc. and a major U.S. bank.

11 11 Scaling a phishing gang  The Campina Grande - Brazil  65 members  Operated for at least 3 months  200 accounts in six banks  $4.7 million stolen from bank accounts Feb 2006 – 41 members caught, 24 more still on the run

12 12 Tools to the Trade The Malware Community Email list Sending Machines Hosting Sites Email & Web site Construct Launch Collect Account Info Credit Info Identity Info Logins & Passwords Phished information turned into Cash Phishing Kit The phishing ecosystem DHA Site Crawlers Spyware Harvested Information $ Templates Sitecopy & wget Botnets Trojans Worms Keyloggers Hacks & Attacks “Real” Domain Names The Phisher

13 13 Roles of the Education in Phishing  Victim  Receive and respond to phishing attack  Bad for victim / Bad for you  Labor  Mules  Coders  Phisher  Organized cooperative environment  Participant  Hosting phishing sites  Sending email – Botnets

14 GMU Slides

15 15 Email and Academia: The Challenge  Email supports communications, academic projects and business administration, but also makes you vulnerable  Diverse user needs  Limited resources and need to reduce operating costs

16 16 Email At George Mason University  30,000 active email accounts  400,000 inbound messages/day (82% junk)  Decentralized, ineffective protection for spam  No protection from phishing  Six AV appliances  Costly maintenance

17 17 Determine The Requirements  User Town Hall Meetings  Quarantine is required  Ability to opt-out  Systems Management  No new staff – minimize daily tasks  Solaris-based  Management reporting

18 18 Evaluation Requirements  Effective - we receive only the emails we want to receive  Easy to manage – something that doesn’t require additional IT time (actually, less time than what we’re spending is better)  Easy for end users – little to no training required, also something they can self-manage

19 19 The Process…  Product analysis, review requirements  Vendor questionnaire  Review responses  Invitation to technology day  Each vendor given 50 minutes  Present same info in specified order  Must include pricing and references  Q&A  Vendors cannot see other vendor presentations

20 20 Evaluation  All vendors that satisfied all requirements invited  Solutions placed in production mail flow for 15 days

21 21 spam, spam, spam, spam, spam, spam

22 Wrap-up

23 23 Wrap-up  Overview of the Phishing Ecosystem  Phish School  Scope of the problem  What did GMU do  Results  Phishing education  Other email issues

24 Thank you Andrew Klein aklein@sonicwall.com www.sonicwall.com

25 The Four Parts of the Solution

26 26 The email process The Brand A company that sends email to it’s customers or employees and therefore is a target for phishing scams The Web Site The web site where you are directed to by the email You The person who receives email The Mailman A company that receives email and delivers it to its employees/customers

27 27 The brand  Cut-and-Paste links, minimize links  Use personal information where possible  Dear John J. Smith  Account ending in 1234  Your zip code is 94304  Provide non-email ways to verify  Use standard company domain names  Identify your partners  Set and follow standard communication practices  Internally and externally

28 28 The mailman  Preemptive  Protect your email address  Phishing is more than spam – think Virus  Technology  Multi-faceted solution – No silver bullet  Sender authentication and reputation, content, contact point divergence, URL exploits, real-time phish lists, etc.  World-wide community collaboration  Change is part of the business  Psychology  Educate your customers/employees – their PhishingIQ  Email is still Good! Really it is!

29 29 The web site  Company and personal sites  Monitor your site  Know your content  Practice good passwords  Keep logs, report phishing to authorities  Hosting services  Monitor new customers  Take phishing seriously  Unless they are eBay, assume they are not eBay!  Domain name registration services  Be diligent about domain registrations  Actively work to shut down phishing sites

30 30 You  Know your senders  Is this someone I do business with?  Is this something I was told I’d receive?  Look for other ways to respond  Be aware  Look for clues – improve your PhishingIQ  Don’t be afraid to ask  Protect your system  Know how your system is updated  Check your records

Download ppt "George Mason University and SonicWALL The Phishing Ecosystem Analyzing the Dynamics for Maximum Defense Tuesday, April 11th 2006 – 2:45pm."

Similar presentations

DTT Welcome Kit: Account Setup Instructions

DTT Welcome Kit: Account Setup Instructions
What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via

What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via
SECURITY CHECK Protecting Your System and Yourself Source:

SECURITY CHECK Protecting Your System and Yourself Source:
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
1 Identity Theft and Phishing: What You Need to Know.

1 Identity Theft and Phishing: What You Need to Know.
BEWARE! IDENTITY THEFT CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.

BEWARE! IDENTITY THEFT CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.
ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.

ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
What is identity theft, and how can you protect yourself from it?

What is identity theft, and how can you protect yourself from it?
Phishing (pronounced “fishing”) is the process of sending e-mail messages to lure Internet users into revealing personal information such as credit card.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
Hey check out this cool PHISHING presentation! Benjamin Ross Lyerly.

Hey check out this cool PHISHING presentation! Benjamin Ross Lyerly.
Phishing Definition: a criminal mechanism employing both social engineering and technical subterfuge to steal consumers’ personal identity data and financial.

Phishing Definition: a criminal mechanism employing both social engineering and technical subterfuge to steal consumers’ personal identity data and financial.
Freud and Phishing: The Psychology Behind Internet Scams JC Lamkin, CNA, PMP Gypsy Lane Technologies Philadelphia, PA 19144 (215) 843-1039

Freud and Phishing: The Psychology Behind Internet Scams JC Lamkin, CNA, PMP Gypsy Lane Technologies Philadelphia, PA (215)
Australian High Tech Crime Centre What is cybercrime & trends Monday 5 November 2007.

Australian High Tech Crime Centre What is cybercrime & trends Monday 5 November 2007.
Phishing – Read Behind The Lines Veljko Pejović

Phishing – Read Behind The Lines Veljko Pejović
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.

Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.
BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 

BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 
DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?

DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?

Similar presentations

Ads by Google