1 / 27

PHISHING

PHISHING. VENKAT DEEP RAJAN SUMALATHA REDDY KARTHIK INJARAPU CPSC 620 CLEMSON UNIVERSITY. INTRODUCTION. Identity Theft Number of phishing cases escalating in number Customers tricked into submitting their personal data. Phishing .. ?.

bruno
Download Presentation

PHISHING

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. PHISHING VENKAT DEEP RAJAN SUMALATHA REDDY KARTHIK INJARAPU CPSC 620 CLEMSON UNIVERSITY

  2. INTRODUCTION • Identity Theft • Number of phishing cases escalating in number • Customers tricked into submitting their personal data

  3. Phishing .. ? • Defined as the task of sending an email, falsely claiming to be an established enterprise in an attempt to scam a user into surrendering private information • Redirects user to a scam website, where the user is asked to submit his private data. • Derivation of the word “phishing”

  4. Social Engineering Factors • Phishing attacks rely on a combination of technical deceit and social engineering practices • Phisher persuades the victim to perform some series of actions • Phisher impersonates a trusted source for the victim to believe

  5. How does it look .. ? • Sophisticated e-mail messages and pop-up windows. • Official-looking logos from real organizations

  6. A Phishing mail

  7. Another example

  8. Delivery Techniques • Mails or spam’s: • Most common way and done by utilizing spam tools. • Web-sites: • Embedding malicious content into the website.

  9. Delivery Techniques • Redirecting: • Cheat the customer to enter illicit website. • Trojan horse: • Capturing home PC’s and utilizing them to propagate the attacks.

  10. Attack Techniques Man-in-the-middle Attacks URL Obfuscation Attacks Cross-site Scripting Attacks Preset Session Attack Hidden Attacks

  11. Man-in-the-middle Attacks

  12. Cross-site Scripting Attacks

  13. Preset Session Attack:

  14. Defensive mechanisms Client-Side Server-Side Enterprise Level

  15. Client-Side • Desktop Protection Technologies • Browser Capabilities • Digitally signed Emails • User-application level monitoring solutions

  16. Desktop Protection Technologies • Local Anti-Virus protection • Personal Firewall • Personal IDS • Personal Anti-Spam • Spy ware Detection

  17. Browser Capabilities Disable all window pop-up functionality Disable Java runtime support Disable ActiveX support Disable all multimedia and auto-play/auto-execute extensions Prevent the storage of non-secure cookies

  18. Digitally Signed Email

  19. Server-side • Validating Official Communications • Strong token based authentication

  20. Validating Official Communications Digital Signatures Visual or Audio personalization of email

  21. Strong token based authentication

  22. Enterprise Level Mail Server Authentication Digitally Signed Email Domain Monitoring

  23. Mail Server Authentication

  24. Digitally Signed Email

  25. Domain Monitoring • Monitor the registration of Internet domains relating to their organization • The expiry and renewal of existing corporate domains • The registration of similarly named domains

  26. Conclusion Understanding the tools and technologies User awareness Implementing Multi-tier defense mechanisms

  27. References Cyveillance the brand monitoring network www.cyveillance.com http://www.technicalinfo.net/index.html The phishing Guide www.ngssoftware.com http://www.webopedia.com/TERM/P/phishing.html http://www.wordspy.com/words/phishing.asp Stutz, Michael (January 29, 1998). "AOL: A Cracker's Paradise” http://www.technicalinfo.net/papers/Phishing.html

More Related