Upload
vinod-vinu
View
213
Download
0
Embed Size (px)
Citation preview
7/28/2019 Vinod_ppt
1/21
7/28/2019 Vinod_ppt
2/21
Fishing = Phishing
7/28/2019 Vinod_ppt
3/21
Anti-Phishing and Online Detecti
By
V. Vinod Kumar
[09BK1A0557]
CSE Department
St. Peters Engg colleg
7/28/2019 Vinod_ppt
4/21
What is Phishing?????
The word Phishing emerged in 1990s.
Phishing is a new word produced from `fishing', it refers to
that the attacker allure users to visit a faked Web site by se
them faked e-mails (or instant messages)
Phishing is a type of deception designed to steal your vapersonal data, such as credit card numbers, passwords, accoun
or other information.
Phishing is part of Social Engineering.
7/28/2019 Vinod_ppt
5/21
Why they Phish?
Phishing is about playing the oddsSimple to do and high gain for little work
No real knowledge necessary
4.5 people out 10 fall for it.(ZDNet)
Most Phishing is for financial gain
Some do it to spread malicious programs
that in turn carry out other attacks
7/28/2019 Vinod_ppt
6/21
History of Phishing
Phreaking + Fishing = Phishing
Phreaking = making phone calls for free backin 70s
Fishing = Use bait to lure the target
Phishing in 1995
Target: AOL users
Purpose: getting account passwords for free
time
Threat level: low
Techniques: Similar names (www.ao1.comforwww.aol.com ), social engineering
Phishing in 200
Target: Ebayers and major ban
Purpose: getting credit card nu
Threat level: medium
Techniques: Same in 1995, ke
Phishing in 2007
Target: Paypal, banks, ebayPurpose: bank accounts
Threat level: high
Techniques: browser vulnerab
obfuscation
http://www.ao1.com/http://www.aol.com/http://www.aol.com/http://www.aol.com/http://www.aol.com/http://www.aol.com/http://www.aol.com/http://www.ao1.com/http://www.ao1.com/http://www.ao1.com/http://www.ao1.com/http://www.ao1.com/http://www.ao1.com/7/28/2019 Vinod_ppt
7/21
How they Phish?
Web based attacks (XSS, Droppers, Malware, Fake sites,
Forums, Compromised sites, Social Media).
Email Programs / Open Relays
Tor for anonymity
Crazy Browser
7/28/2019 Vinod_ppt
8/21
Web Based Phishing Attacks
Attackers use
Forums: Posting malicious URLs, XSS
Fake domains: PayPal vs. PayPaI
7/28/2019 Vinod_ppt
9/21
The Procedure of Phishing Attacks
Phishing attacks are performed with the following four steps:
1) Phishers set up a counterfeited website which looks exactly like the
website.
2) Send large amount of spoofed e-mails to target users in the nam
legitimate companies and organizations.
3) Receivers receive the e-mail, open it, click the spoofed hyperlinmail, and input the required information.
4) Phishers steal the personal information and perform their fraud activ
7/28/2019 Vinod_ppt
10/21
Approaches to Prevent Phishing Attacks
There are several (technical or non-technical) ways to prevent phishing a
1) Educate users to understand how phishing attacks work and be alephishing-alike e-mails are received;
2) Use legal methods to punish phishing attackers;3) Use technical methods to stop phishing attackers. In this paper,
focus on the third one.
7/28/2019 Vinod_ppt
11/21
Existing System
1) Detect and block the phishing Web sites in time
2) Enhance the security of the web sites
3) Block the phishing e-mails by various spam filters
4) Install online anti-phishing software in users
computers
7/28/2019 Vinod_ppt
12/21
Proposed System
i) Classification of the hyperlinks in the phishing e-mails
ii) Link guard algorithm
iii) Link guard implemented clientiv) Feasibility study
7/28/2019 Vinod_ppt
13/21
How to Detect Phishing?
Bad grammar
Generic Salutations
Account Information Requests / Threats
from companies you dont use.Mail Headers
Hovering over links / Long URL Service
Unknown senders
7/28/2019 Vinod_ppt
14/21
How to Avoid Phishing
Dont Click The Link
Type the site name in your browser (such as www.paypal.com)
Never send sensitive account information by e-mail
Account numbers, SSN, passwords
Never give any password out to anyone
Verify any person who contacts you (phone or email).
If someone calls you on a sensitive topic, thank them, hang upthem back using a number that you know is correct, like frcredit card or statement.
7/28/2019 Vinod_ppt
15/21
Architecture of LinkGuard
7/28/2019 Vinod_ppt
16/21
The Link Guard algorithm
LinkGuard works by analyzing the differences between the visualthe actual link. It also calculates the similarities of a URI with
trusted site.
The following terminologies are used in the algorithm
v_link: visual link;
a_link: actual_link;v_dns: visual DNS name;
a_dns: actual DNS name; sender_dns:
senders DNS name. int LinkGuard(v_link, a_link}
7/28/2019 Vinod_ppt
17/21
v_dns = GetDNSName(v_link);
a_dns = GetDNSName(a_link);
if ((v_dns and a_dns are not empty) and (v_dns != a_dns)) return PHISHING;
if (a_dns is dotted decimal)return POSSIBLE_PHISHING;
if(a_link or v_link is encoded)
{
v_link2 = decode (v_link);
a_link2 = decode (a_link);
return LinkGuard(v_link2, a_link2);
}
if(v_dns is NULL)
return AnalyzeDNS(a_link);
}
if (actual_dns in blacklist) return PHISHING;
if (actual_dns in whitelist return NOTPHISHING;
return PatternMatching(actual_link)
Working is as follows
7/28/2019 Vinod_ppt
18/21
Statistical Info
7/28/2019 Vinod_ppt
19/21
From: Customer Support [mailto:[email protected]]
Sent: Thursday, October 07, 2004 7:53 PM
To: Eilts
Subject: NOTE! Citibank account suspend in processDear Customer:
Recently there have been a large number of cyber attacks pointing our database servers
to safeguard your account, we require you to sign on immediately. This personal check is
you as a precautionary measure and to ensure yourselves that everything is normal with
and personal information. This process is mandatory, and if you did not sign on within the
your account may be subject to temporary suspension. Please make sure you have your
debit card number and your User ID and Password at hand. Please use our secure c
to indicate that you have signed on, please click the link bellow:http://211.158.34.249/cwe have no particular indications that your details have been compromised in any way. T
your prompt attention to this matter and thank you for using Citibank(R)
Regards,
Citibank(R) Card Department
(C)2004 Citibank. Citibank, N.A., Citibank, F.S.B.,
Citibank (West), FSB. Member FDIC.Citibank and Arc
Example of Phishing
http://211.158.34.249/citifi/http://211.158.34.249/citifi/7/28/2019 Vinod_ppt
20/21
Conclusion
Phishing has becoming a serious network security problemfinancial lose of billions of dollars to both consumers and e-c
companies.
Fundamentally, phishing has made e-commerce distrusted
attractive to normal consumers.
We have discussed the characteristics of the hyperlinks that were ein phishing e-mails.
We have implemented LinkGuard for Windows XP. Our ex
showed that LinkGuard is light-weighted and can detect up to 96%
phishing attacks in real-time.
7/28/2019 Vinod_ppt
21/21
Any Queries ????