Phishing: Difference between revisions
(11 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
=[[Image:new.gif|New]]Study Guide= | =[[Image:new.gif|New]]Study Guide= | ||
==Why is phishing unethical?== | |||
Phishing in computing is the process of acquiring private and sensitive information by pretending to be a trustworthy or a legitimate website through the online communications. Phishing is an example of fraudulent use of social engineering techniques to deceive an online service user. In this article some of the known attacks will be discussed following with some solutions to guard against these attacks. | Phishing in computing is the process of acquiring private and sensitive information by pretending to be a trustworthy or a legitimate website through the online communications. Phishing is an example of fraudulent use of social engineering techniques to deceive an online service user. In this article some of the known attacks will be discussed following with some solutions to guard against these attacks. | ||
==Phishing | ==Phishing attacks== | ||
As the technology advances and anti malware applications become more efficient, phishing attacks adopt new forms to stay away from detection. First different forms of attack will be discussed and then some of the solutions that one may prevent these attacks with will be presented. | |||
====Keyloggers==== | ====Keyloggers==== | ||
Line 11: | Line 11: | ||
These are spywares that can get installed either into a web browser or as a device driver. They record the user’s input to the computer by recording the keyboard keystrokes or mouse click. This information will be then sent to the spyware owner. These spywares can cause severe data leak. | These are spywares that can get installed either into a web browser or as a device driver. They record the user’s input to the computer by recording the keyboard keystrokes or mouse click. This information will be then sent to the spyware owner. These spywares can cause severe data leak. | ||
===Torpig- | ===Torpig-family Trojan=== | ||
These Trojans are using advanced technologies that help them to spread very fast and hide very well. They are designed to hijack sessions. These Trojans are constantly monitoring major banks’ websites throughout the world. They display a fake page when a user tries to log in to these websites, and in this way continue to steal the private information of their victims. | These Trojans are using advanced technologies that help them to spread very fast and hide very well. They are designed to hijack sessions. These Trojans are constantly monitoring major banks’ websites throughout the world. They display a fake page when a user tries to log in to these websites, and in this way continue to steal the private information of their victims. | ||
===Session | ===Session hijackers=== | ||
These attacks can take place either from the malware that is installed on the victim’s computer or remotely. The attacks are triggered when users is trying to log into they account (usually bank accounts) or when they initiate a transaction. The malware then hijack the session for malicious purposes. | These attacks can take place either from the malware that is installed on the victim’s computer or remotely. The attacks are triggered when users is trying to log into they account (usually bank accounts) or when they initiate a transaction. The malware then hijack the session for malicious purposes. | ||
===Content- | ===Content-injection phishing=== | ||
This phishing refers to the situations when malicious or fake content gets injected into some legitimate Web sites. This content then can deceive the users of the Web site by redirecting them to other Web sites, install malware on their computers, or redirect the input that users is inputting to that Web site to the phishing server. | This phishing refers to the situations when malicious or fake content gets injected into some legitimate Web sites. This content then can deceive the users of the Web site by redirecting them to other Web sites, install malware on their computers, or redirect the input that users is inputting to that Web site to the phishing server. | ||
===“Universal” | ===“Universal” man-in-the-middle phishing kit=== | ||
There is only little effort required for the attackers to use this method to attack their victims. The attackers use a kit which is called MITM that includes several PHP files that get installed on the phishing server. This server then acts as a medium between the user and the legitimate website that he/she wants to access. These victims receive emails that include a purported link to their known website. Once they click on the link, they’ll be redirected to the phishing server which then will communicate with the original Web site on behalf of the user. | There is only little effort required for the attackers to use this method to attack their victims. The attackers use a kit which is called MITM that includes several PHP files that get installed on the phishing server. This server then acts as a medium between the user and the legitimate website that he/she wants to access. These victims receive emails that include a purported link to their known website. Once they click on the link, they’ll be redirected to the phishing server which then will communicate with the original Web site on behalf of the user. | ||
===Search | ===Search engine phishing=== | ||
In this type pf phishing, phishers establish a webpage, and then get it indexed by the search engines to make it searchable. These pages are usually designed to include items and services at very low price to attract visitors to sign up or to enter their confidential information. The phisher then get the hold of the private information of the visitors. | In this type pf phishing, phishers establish a webpage, and then get it indexed by the search engines to make it searchable. These pages are usually designed to include items and services at very low price to attract visitors to sign up or to enter their confidential information. The phisher then get the hold of the private information of the visitors. | ||
===Spear | ===Spear phishing=== | ||
In this approach the phisher targets a particular person or a specific department in a company. The phisher then contacts the person by email and pretends to be from a legitimate department and is a trustworthy staff. The attacker then asks for the username and password with some fake reasons. Once the attacker get those information the can by pass the firewalls and break into the secured network. | In this approach the phisher targets a particular person or a specific department in a company. The phisher then contacts the person by email and pretends to be from a legitimate department and is a trustworthy staff. The attacker then asks for the username and password with some fake reasons. Once the attacker get those information the can by pass the firewalls and break into the secured network. | ||
Line 47: | Line 47: | ||
Using bookmarks and history to detect the list of the websites that the user uses. Then if a new website is visited randomly by the user that he/she did not visit before, chances are that this website is has malicious purposes. The down side of this method is that the history feature holds a history of the limited and short time. | Using bookmarks and history to detect the list of the websites that the user uses. Then if a new website is visited randomly by the user that he/she did not visit before, chances are that this website is has malicious purposes. The down side of this method is that the history feature holds a history of the limited and short time. | ||
===Two- | ===Two-way authentication=== | ||
In this method once a user signs up for an online service they receive and image in a secure way. Thereafter whenever the user visits the website and enters his/her username the website displays the image to prove its legitimacy. The user then can continue to enter his/her password. | In this method once a user signs up for an online service they receive and image in a secure way. Thereafter whenever the user visits the website and enters his/her username the website displays the image to prove its legitimacy. The user then can continue to enter his/her password. | ||
===VeriSign | ===VeriSign identity protection (VIP)=== | ||
VIP has been design to protect the digital identities of the people who use online services. VIP provides number of rules that organizations should comply with if they want use VIP services. The VIP suite then provides a secure way for users to log into their account and transactions to take place. | VIP has been design to protect the digital identities of the people who use online services. VIP provides number of rules that organizations should comply with if they want use VIP services. The VIP suite then provides a secure way for users to log into their account and transactions to take place. | ||
Line 60: | Line 60: | ||
=[[Image:new.gif|New]]Bibliography= | =[[Image:new.gif|New]]Bibliography= | ||
===What is phishing?=== | |||
[http://en.wikipedia.org/wiki/Phishing Phishing] ''Wikipedia'' | |||
[http://www.identityprotection101.com/phishing/ Phishing Scams] ''identityprotection101.com'' | |||
[http://delivery.acm.org.www.lib.ncsu.edu:2048/10.1145/1130000/1121968/p21-berghel.pdf?key1=1121968&key2=8870097121&coll=ACM&dl=ACM&CFID=72977&CFTOKEN=33062475 Phishing mongers and posers] Hal Berghel, ''Digital Village'' | |||
===Privacy and ethical Issues=== | ===Privacy and ethical Issues=== | ||
[http://www.springerlink.com.www.lib.ncsu.edu:2048/content/xg41104w066612m7/fulltext.pdf Privacy and e-commerce: a consumer-centric perspective] Rhys Smith and Jianhua Shao, ''Electronic Commerce Research'', Volume 7, Number 2 / June, 2007 | [http://www.springerlink.com.www.lib.ncsu.edu:2048/content/xg41104w066612m7/fulltext.pdf Privacy and e-commerce: a consumer-centric perspective] Rhys Smith and Jianhua Shao, ''Electronic Commerce Research'', Volume 7, Number 2 / June, 2007 | ||
Line 67: | Line 75: | ||
[http://delivery.acm.org.www.lib.ncsu.edu:2048/10.1145/1130000/1124861/p581-dhamija.pdf?key1=1124861&key2=4842557121&coll=ACM&dl=ACM&CFID=38796614&CFTOKEN=46500553 Why phishing works] Rachna Dhamija, J. D. Tygar, Marti Hearst | [http://delivery.acm.org.www.lib.ncsu.edu:2048/10.1145/1130000/1124861/p581-dhamija.pdf?key1=1124861&key2=4842557121&coll=ACM&dl=ACM&CFID=38796614&CFTOKEN=46500553 Why phishing works] Rachna Dhamija, J. D. Tygar, Marti Hearst | ||
[http://delivery.acm.org.www.lib.ncsu.edu:2048/10.1145/1080000/1073009/p77-dhamija.pdf?key1=1073009&key2=1444557121&coll=ACM&dl=ACM&CFID=38796614&CFTOKEN=46500553 The | [http://delivery.acm.org.www.lib.ncsu.edu:2048/10.1145/1080000/1073009/p77-dhamija.pdf?key1=1073009&key2=1444557121&coll=ACM&dl=ACM&CFID=38796614&CFTOKEN=46500553 The battle against phishing: Dynamic security skins] Rachna Dhamija, J. D. Tygar | ||
[http://www.springerlink.com.www.lib.ncsu.edu:2048/content/d284629556533224/fulltext.pdf A Revocation | [http://www.springerlink.com.www.lib.ncsu.edu:2048/content/d284629556533224/fulltext.pdf A Revocation scheme preserving privacy] Łukasz Krzywiecki, Przemysław Kubiak and Mirosław Kutyłowski | ||
[http://www.springerlink.com.www.lib.ncsu.edu:2048/content/h62k448875177211/fulltext.pdf Security and | [http://www.springerlink.com.www.lib.ncsu.edu:2048/content/h62k448875177211/fulltext.pdf Security and privacy as market failures]L. Jean Camp,''Economics of Identity Theft: Avoidance, Causes and Possible Cures'' | ||
[http://www.springerlink.com.www.lib.ncsu.edu:2048/content/q808084h875464v5/fulltext.pdf Protection or | [http://www.springerlink.com.www.lib.ncsu.edu:2048/content/q808084h875464v5/fulltext.pdf Protection or privacy? Data mining and personal data] David J. Hand | ||
===Protection against | ===Protection against phishing attacks=== | ||
[http://www.springerlink.com.www.lib.ncsu.edu:2048/content/0p748n8766732770/fulltext.pdf Method for | [http://www.springerlink.com.www.lib.ncsu.edu:2048/content/0p748n8766732770/fulltext.pdf Method for evaluating the security risk of a website against phishing attacks] Young-Gab Kim, Sanghyun Cho, Jun-Sub Lee, Min-Soo Lee, In Ho Kim and Sung Hoon Kim | ||
[http://www.springerlink.com.www.lib.ncsu.edu:2048/content/307774n374w42854/fulltext.pdf An Intrusion | [http://www.springerlink.com.www.lib.ncsu.edu:2048/content/307774n374w42854/fulltext.pdf An Intrusion detection system for detecting phishing attacks] Hasika Pamunuwa, Duminda Wijesekera and Csilla Farkas | ||
[http://www.springerlink.com.www.lib.ncsu.edu:2048/content/50hln6j1b04ftbw1/fulltext.pdf Protection | [http://www.springerlink.com.www.lib.ncsu.edu:2048/content/50hln6j1b04ftbw1/fulltext.pdf Protection mechanisms against phishing attacks] Klaus Plössl, Hannes Federrath and Thomas Nowey | ||
[http://www.springerlink.com.www.lib.ncsu.edu:2048/content/w833450106412039/fulltext.pdf On the | [http://www.springerlink.com.www.lib.ncsu.edu:2048/content/w833450106412039/fulltext.pdf On the effectiveness of techniques to detect phishing sites] Christian Ludl, Sean McAllister, Engin Kirda and Christopher Kruegel | ||
[http://www.springerlink.com.www.lib.ncsu.edu:2048/content/bq4mj20enhm3ep0x/fulltext.pdf Effective | [http://www.springerlink.com.www.lib.ncsu.edu:2048/content/bq4mj20enhm3ep0x/fulltext.pdf Effective protection against phishing and web spoofing] Rolf Oppliger and Sebastian Gajek | ||
[http://www.springerlink.com.www.lib.ncsu.edu:2048/content/w81x1n840w231177/fulltext.pdf Usability evaluation of anti-phishing toolbars] Linfeng Li and Marko Helenius | [http://www.springerlink.com.www.lib.ncsu.edu:2048/content/w81x1n840w231177/fulltext.pdf Usability evaluation of anti-phishing toolbars] Linfeng Li and Marko Helenius | ||
===Others=== | ===Others=== | ||
[http://pg-server.csc.ncsu.edu/mediawiki/index.php/CSC_379_SUM2008:Topics#Phishing Topic | [http://pg-server.csc.ncsu.edu/mediawiki/index.php/CSC_379_SUM2008:Topics#Phishing Topic page] | ||
[http://ethics.csc.ncsu.edu/abuse/spam/phishing/new.html Old phishing page] |
Latest revision as of 01:49, 5 August 2008
Study Guide
Why is phishing unethical?
Phishing in computing is the process of acquiring private and sensitive information by pretending to be a trustworthy or a legitimate website through the online communications. Phishing is an example of fraudulent use of social engineering techniques to deceive an online service user. In this article some of the known attacks will be discussed following with some solutions to guard against these attacks.
Phishing attacks
As the technology advances and anti malware applications become more efficient, phishing attacks adopt new forms to stay away from detection. First different forms of attack will be discussed and then some of the solutions that one may prevent these attacks with will be presented.
Keyloggers
These are spywares that can get installed either into a web browser or as a device driver. They record the user’s input to the computer by recording the keyboard keystrokes or mouse click. This information will be then sent to the spyware owner. These spywares can cause severe data leak.
Torpig-family Trojan
These Trojans are using advanced technologies that help them to spread very fast and hide very well. They are designed to hijack sessions. These Trojans are constantly monitoring major banks’ websites throughout the world. They display a fake page when a user tries to log in to these websites, and in this way continue to steal the private information of their victims.
Session hijackers
These attacks can take place either from the malware that is installed on the victim’s computer or remotely. The attacks are triggered when users is trying to log into they account (usually bank accounts) or when they initiate a transaction. The malware then hijack the session for malicious purposes.
Content-injection phishing
This phishing refers to the situations when malicious or fake content gets injected into some legitimate Web sites. This content then can deceive the users of the Web site by redirecting them to other Web sites, install malware on their computers, or redirect the input that users is inputting to that Web site to the phishing server.
“Universal” man-in-the-middle phishing kit
There is only little effort required for the attackers to use this method to attack their victims. The attackers use a kit which is called MITM that includes several PHP files that get installed on the phishing server. This server then acts as a medium between the user and the legitimate website that he/she wants to access. These victims receive emails that include a purported link to their known website. Once they click on the link, they’ll be redirected to the phishing server which then will communicate with the original Web site on behalf of the user.
Search engine phishing
In this type pf phishing, phishers establish a webpage, and then get it indexed by the search engines to make it searchable. These pages are usually designed to include items and services at very low price to attract visitors to sign up or to enter their confidential information. The phisher then get the hold of the private information of the visitors.
Spear phishing
In this approach the phisher targets a particular person or a specific department in a company. The phisher then contacts the person by email and pretends to be from a legitimate department and is a trustworthy staff. The attacker then asks for the username and password with some fake reasons. Once the attacker get those information the can by pass the firewalls and break into the secured network.
Phishing solutions
To fight against the phishers, in the first place, the online service users should be educated. Once users know what phishing is and what methods phishers use, less people will fall for their tricks and many of their method then become useless. However some countermeasures have been developed and some of them are explained below.
Phishing blacklist
A server that is containing a list of all of the malicious websites and phishing servers should be established and be accessible by the internet browsers. The list should be updated on daily basis due to the lifetime of the phishing servers. The malicious URLs should be reported immediately.
Bookmarks or history
Using bookmarks and history to detect the list of the websites that the user uses. Then if a new website is visited randomly by the user that he/she did not visit before, chances are that this website is has malicious purposes. The down side of this method is that the history feature holds a history of the limited and short time.
Two-way authentication
In this method once a user signs up for an online service they receive and image in a secure way. Thereafter whenever the user visits the website and enters his/her username the website displays the image to prove its legitimacy. The user then can continue to enter his/her password.
VeriSign identity protection (VIP)
VIP has been design to protect the digital identities of the people who use online services. VIP provides number of rules that organizations should comply with if they want use VIP services. The VIP suite then provides a secure way for users to log into their account and transactions to take place.
Early alarm
This solution requires sort of add-on tool to be installed on Web browsers. This tool contains several rules and ways to check the authentication of the Web sites. The tool will notify the user if the Web site is legitimate and trusted.
Bibliography
What is phishing?
Phishing Wikipedia
Phishing Scams identityprotection101.com
Phishing mongers and posers Hal Berghel, Digital Village
Privacy and ethical Issues
Privacy and e-commerce: a consumer-centric perspective Rhys Smith and Jianhua Shao, Electronic Commerce Research, Volume 7, Number 2 / June, 2007
Phishers “net” unsuspecting consumers fraud alert october/november 2004
Why phishing works Rachna Dhamija, J. D. Tygar, Marti Hearst
The battle against phishing: Dynamic security skins Rachna Dhamija, J. D. Tygar
A Revocation scheme preserving privacy Łukasz Krzywiecki, Przemysław Kubiak and Mirosław Kutyłowski
Security and privacy as market failuresL. Jean Camp,Economics of Identity Theft: Avoidance, Causes and Possible Cures
Protection or privacy? Data mining and personal data David J. Hand
Protection against phishing attacks
Method for evaluating the security risk of a website against phishing attacks Young-Gab Kim, Sanghyun Cho, Jun-Sub Lee, Min-Soo Lee, In Ho Kim and Sung Hoon Kim
An Intrusion detection system for detecting phishing attacks Hasika Pamunuwa, Duminda Wijesekera and Csilla Farkas
Protection mechanisms against phishing attacks Klaus Plössl, Hannes Federrath and Thomas Nowey
On the effectiveness of techniques to detect phishing sites Christian Ludl, Sean McAllister, Engin Kirda and Christopher Kruegel
Effective protection against phishing and web spoofing Rolf Oppliger and Sebastian Gajek
Usability evaluation of anti-phishing toolbars Linfeng Li and Marko Helenius