ECE 4112 Final Lab Project Group #19 Enid Brown & Linda Larmore

1. ECE 4112 Final Lab Project Group #19 Enid Brown & Linda Larmore

2. Outline • Phishing for facts • Goals of Lab • Anti-Phishing techniques • Lab Procedures • Lab Results • Conclusion • Discussion

3. Background • Phishing can be defined as an attempt to obtain sensitive and personal information by masquerading as a trustworthy entity in some form of electronic communication. • This sensitive information includes, but is not limited to passwords, credit card numbers, and usernames. • As a result, all major browsers contain some type of anti-phishing measure, that is either turned on or off by default. • With an increase in the amount of spam that most email addresses receive, phishing has become more and more popular and it is important that we learn how to protect out information and detect these sites.

4. YeahRight ● ● ● ● ● ● ●

5. Outline • Phishing for facts • Goals of Lab • Anti-Phishing techniques • Lab Procedures • Lab Results • Conclusion • Discussion

6. Goals • The goals for this lab are: • To introduce the concept of Phishing exploits • Compare the anti-phishing techniques that different browsers utilize • Compare the anti-phishing software available.

7. Outline • Phishing for facts • Goals of Lab • Anti-Phishing techniques • Lab Procedures • Lab Results • Conclusion • Discussion

8. Microsoft Phishing Filter in Windows Internet Explorer 7 • Microsoft Phishing Filter, uses a combination of Microsoft’s URL Reputation Service (URS) and local heuristics built into the IE 7 browser. • These methods allow it to identify and warn users in real time of suspected phish URLs, and block them from accessing confirmed phishing sites that have been reported to the URS by either users or third-party data providers.

9. Netscape Browser 9.0 • Includes a built in phishing filter • Relies solely on a blacklist, which is maintained by AOL and updated frequently

10. Opera • When Opera Fraud Protection is enabled, a server is contacted at Opera every time you request a Web page. • HTTPS sites are checked via an encrypted channel, while IP addresses on the local intranet will never be checked. • The server checks the domain name of the requested page against live whitelists compiled by GeoTrust, and blacklists compiled by GeoTrust and Phishtank. • Opera's fraud protection server downloads blacklists directly from Phishtank, and sends a query to GeoTrust.

11. Mozilla Firefox • Phishing Protection is turned on by default in Firefox 2 or later, and works by checking the sites that you browse to against a list of known phishing sites. • This list is automatically downloaded and regularly updated within Firefox when the Phishing Protection feature is enabled.

12. McAfee SiteAdvisorToolbar • McAfee's SiteAdvisor product is a free stand-alone anti-phishing product • Suspect or blocked sites are identified by a popup balloon and by color and text changes in the button. • SiteAdvisor offers a wealth of information about sites, including whether the site appears to send spam and whether it is suspected of being a phishing site.

13. Netcraft Toolbar • Utilizes Netcraft's very large database of Web servers to flag suspected or actual phishing sites. • The toolbar displays several useful characteristics of the current page, including the country where the Web server is hosted, the true IP address, and a bar-graph "risk rating" indicator.

14. GeoTrust TrustWatch Toolbar • The TrustWatch Toolbar combines site lookups with phishing protection and Google search. • The toolbar shows the real DNS name of the currently loaded site, and it allows users to specify a visual or textual identifier that the toolbar knows and can display; this helps guard against sites that put up their own fake address bars.

15. How to rate Phishing tools • Catch rate: how well each tool catches known phish from a common pool of known phish, either by generating a warning or blocking access to the phish page. • False positive rate: how many false warnings or blocks each tool generates from a pool of known-good URLs.

16. Outline • Phishing for facts • Goals of Lab • Anti-Phishing techniques • Lab Procedures • Lab Results • Conclusion • Discussion

17. Lab Procedures • Setting up browsers • Mozilla Firefox • Microsoft Internet Explorer • Opera • Netscape Navigator • Enabling browser anti-phishing • Browser Anti-Phishing

18. Lab Procedures • Attempted to access known phishing websites using the four browsers • Known phishing websites listed at http://www.phishtank.com

19. Outline • Phishing for facts • Goals of Lab • Anti-Phishing techniques • Lab Procedures • Lab Results • Conclusion • Discussion

20. Warning Pages

21. Browser Results

22. Mozilla with Toolbars Results

23. IE7 with Toolbars Results

24. 2006 Phishing Studies Source: http://www.3sharp.com/projects/antiphishing/gone-phishing.pdf

25. Outline • Phishing for facts • Goals of Lab • Anti-Phishing techniques • Lab Procedures • Lab Results • Conclusion • Discussion

26. Summary of new Lab proposal • Students will: • Section 1: Browsers and Phishing • Setting up browsers • Enabling browser anti-phishing • Section 2: Browser Anti-Phishing • Anti-phishing and PhishTank • Analyze and compare results between different browsers • Section 3: Anti-Phishing Toolbar • Analyze and compare results between different browsers and toolbars

27. Outline • Phishing for facts • Goals of Lab • Anti-Phishing techniques • Lab Procedures • Lab Results • Conclusion • Discussion

28. Preventing Phishing • Enable browser anti-phishing • Setup spam/junk mail filters • Install anti-phishing toolbars • Check suspected websites against blacklists and whitelists • Use false info to check validity • If in doubt, DON’T DO IT!!!

29. Questions