Antiphishing

In: Computers and Technology

Submitted By fernandezvikram
Words 15039
Pages 61
A Structured Analysis

of

PHISHING

By

Prasath Manimaran

ID: 20038303

Table of Contents

Chapter One – Introduction

1. Research Questions and Objectives……………….…………………………………………….5

Chapter Two – Literature Review & Definition of Phishing

2.1. Literature Review…………………………………………………………………………………………..8 2.1.2. Definitions of Phishing……………………………………………………………………..8 2.1.3. Outcomes of this Study…………………………………………………………………….16
2.2. Research Details 2.2.1. Scope of the Research……………………………………………………………………….17 2.2.2. Research Methodology……………………………………………………………………..17 2.2.3Inductive versus Deductive Study……..………………………………………………..20 2.2.4. Qualitative versus Quantative……………………………………………………..20

Chapter Three – Phishing in a Banking Context

3.1. Confidence in Internet Banking……………………………………………………………………22 3.1.1. Security Requirements………………………………………………………………………23
3.2. Threat Models……………………………………………………………………………………………….25 3.2.1. The Internet Threat Model……………………………………………………..25 3.2.2. Thompson Threat Model……………………………………………………….26 3.2.3. Viral Threaet Model………………………………………………………………26
3.3. The Phishing Threat Model…………………………………………………………………………..26 3.3.1. Identification of Internet Banking Components………………………………..27 3.3.2. Identification of Phishing Threats………………………………………………29

Chapter 4 – Analysis of Current Phishing Techniques

4.1. Modus Operandi………………………………………………………………………………………….…36
4.2. Roles of Adversary in Phishing………………………………………………………………………..38
4.3. Phishing Supply Chain……………………………………………………………………………………40
4.4. Phishing Techniques………………………………………………………………………………….…..40 4.4.1 Techniques to Improve the Lure…………………………………………………….…....40 4.4.2. Techniques to Improve the Hook………………………………………………….….…41 4.4.3. Techniques to Improve the Catch…………………………………………………...…..42
4.5. Popular Variants of…...

Similar Documents

Technology Solutions for North Valley Bank

...to be determined. With several factors such as the proliferation of smart card technology across industries, elimination of cash-based systems, rise in fraud, and the global migration of smart-card-enabled payments affecting the future of a smart-card-driven world. Only time will tell how soon Americans will adopt this savvy technology. The abandonment of email for anything sensitive already has begun, and the shift to total reliance on message centers, dedicated web portals designed for secure communication between a bank and its customers, looks to be here to stay. While organizations that have message centers today still use them inconsistently, says Aaron Higbee, CTO of PhishMe, a Chantilly, Va.-based company that specializes in antiphishing training and education, they increasingly will become the norm for communicating with customers, rather than email. The move to message centers will be beneficial on several fronts, according to Higbee. Many organizations currently employ third-party and joint marketing campaigns that have made unified messaging difficult, he explains. They also continue to send emails with the actual messages in the body of the email or include cryptic links. These practices make it difficult for end users to differentiate between a legitimate email and a phishing email, so they will have to change, Higbee contends. He adds that many bank employees believe only consumers are targeted by phishing scams; many are unaware that they themselves are......

Words: 3801 - Pages: 16

Business

...is phishing? How does pharming differ from phishing, and why is it more dangerous? How can you protect yourself from these scams? Phishing is a scam in which official looking (but fake) emails appearing to come from reputable organizations such as banks, credit agencies, or cybermediaries are sent to individuals in an attempt to trick them into divulging confidential personal information such as account numbers, social security numbers, user names and passwords. This information can be used for identity theft. Current versions of major Web browsers include filters to block phishing, but phishers are very clever at finding ways to get around filters, so you need to take extra precautions. In addition to using a browser with an antiphishing filter, remember that reputable businesses are highly unlikely to ask you for private information via email. Also, never click on a link in an email message to go to a website where you have financial accounts. Like phishing, pharming uses fake websites to trick people into divulging personal information. But pharming is more sophisticated and difficult to detect than phishing because it doesn’t require the intended victim to click on a bogus email link. Instead, it uses techniques to redirect Internet traffic to the fake sites. Thus, even if you type in the correct URL for a website you want to visit, you still might find yourself on a very realistic looking pharming site. One way to check the validity of the site is to look......

Words: 6094 - Pages: 25

Internet and Business

...international as well as State prosecution of cyber crimes, as classified by the United States Department of Justice: • Technological challenges – While it is possible to trace an electronic trail, the task has become very difficult because of the skill and technology that allow near-absolute anonymity for the cyber-culprit. Legal challenges – Laws and other legal tools to combat crime lag behind the rapid changes afforded by technology. Resource challenges – These refer to the problem of lack of sufficient experts or the lack of adequate budget for new technologies as well as for the training of personnel • • Innovative practices for combating cyber crime can be found everywhere. Here are a few: • • In Japan, the 2005 “Antiphishing Japan” campaign was launched to protect consumers against fraudsters using a fake website to get credit card details. Similarly, in the fall of 2005, the United States Federal Trade Commission and public and private sector partners launched “OnGuard Online”, a multimedia and interactive consumer education campaign to help consumers stay safe online. The comprehensive website of the campaign, available in both English and Spanish, uses straightforward, plain-language materials to help computer users be on guard against Internet fraud and secure their computers and to protect their personal information. In Austria, videos were shown in 2004 on information screens in underground railway stations to inform consumers about the......

Words: 27227 - Pages: 109

Firewall Security Project

...IPsec is a technology protocol suite for securing Internet Protocol (IP) communications by authenticating and/or encrypting each IP packet of a communication session Project Scope To combat these issues we will need to upgrade our current security posture by installing a Data closet on the second floor which will be our Access Point to the outside network. In the data closet we will be installing a service rack with the follow equipment a Cisco 2811 series router to serve as the organizations internet gateways, a Cisco ASA 5500 series firewall that will provided high-performance packet filtering security services, including application-aware firewall, SSL and IPsec encryption for VPN clients, IPS with, antivirus, antispam, antiphishing, and web filtering services, A Cisco Proxy Server Cache Engine 505 that will reduce WAN bandwidth usage and accelerate network performance, Secure WIFI Access Point. (See Diagram 2 below) [pic] Diagram 2 On the first and third floor we will be adding in some Cisco 2950 switches and Secure WIFI access point. See Diagram 3 and 4 below. [pic] Diagram 3 Diagram 4 To accomplish this we will need to expand our network from one floor to three floors. During this process we will continue to use the existing network and will switch over all users once the new network is up and has been validated as operational by our IT Team.......

Words: 1848 - Pages: 8

Cantina Antiphishing

...Q) How does your family contribute to the pollution of the environment?? Pollution is the introduction of contaminants into the natural environment that cause adverse change.[1] Pollution can take the form of chemical substances or energy, such as noise, heat or light. Pollutants, the components of pollution, can be either foreign substances/energies or naturally occurring contaminants. Pollution is often classed as point source or nonpoint source pollution. Pollution comes from both natural and human-made (anthropogenic) sources. However, globally human-made pollutants from combustion, construction, mining, agriculture and warfare are increasingly significant in the air pollution equation. Individuals cause pollution in their own ways. Like we every drop count, every individual has their contribution into the environmental pollution. Burning of plastics,deforestation, contamination of soil by dumping of waste even in households contribute to pollution. Smoking also causes air pollution, contaminating water sources , paving house frontage with tiles etc are the common errors which happen in the household. Frying chicken at the stove, spraying ants with insecticide, taking a hot shower, plugging in a room freshener, or sudsing the rug with detergent also causes pollution. Many common items found around our homes can reduce our air quality. While some sources, like oven cleaner, are obvious, others aren't. Cleaners, disinfectants and......

Words: 440 - Pages: 2

Security Basics

...WiFi 8-Port Gigabit VPN Firewall FVS318N Key Technologies: • Securely connects up to 5 remote office or traveling users • True firewall using stateful packet inspection (SPI) and intrusion detection • Initiates up to 12 VPN tunnels simultaneously • NAT routing and VPN pass-through for extra security • IPV4/IPV6 support • Application layer gateway support (SIP and FTP) • Smart Wizard® connects to your ISP quickly and easily • Windows®, UNIX®, Macintosh® and Linux compatible • Integrated 8-port 10/100/1000 Gigabit Ethernet switch • 5 SSL VPN connections • 64 VLAN support Norton by Symantec Internet Security for Mac Key Technologies: • Online identity protection • Antivirus • Antispyware • Browser protection • Antiphishing technology • Smart firewall • Vulnerability protection • Daily protection updates • Email and Instant Message monitoring • Location awareness • Confidential file guard • Free support 24x7 A firewall device is a protective system that provides a layer of protection between your computer network and the Internet. When used correctly a firewall prevents unauthorized use and access to your network. The firewall carefully analyzes data entering and exiting the network based on your configuration. It ignores information that comes from unsecured, unknown or suspicious locations. A firewall plays an important role on any network as it provides a protective barrier against most forms of attack coming from the outside world.......

Words: 1033 - Pages: 5

Alan

...was given a small card to write positve thoughts. Once we have positive thoughts, we'll feel good & speak well of company and others. Energizer: Brain Power Pictures of brains of males & females are shown. From the differences, we understand how each functions and eliminate conflicts. Service Value # 14 – Be Responsible for Safety and Security Energizer: Acronyms Game 1. Acronyms with relation to Citibank & Banking 2. Split group into teams to see which team can come up with the most answers ACL BISO CBNA COB CSI CAAS IP SAR UAT GEMS *For answers please log into: http://www.citigroup.net/informationsecurityservices/ace/acronyms.htm Energizer: Anti-Phishing PHIL (Please access http://lts.brandeis.edu/techresources/protect/antiphishing-phil/master.swf before starting the energizer.) You are PHIL, a young fish living in InterWeb Bay. Your father is teaching you how to find food and to avoid the dangers that lurk in InterWeb Bay. Use the mouse to swim around the bay in search of food. Swim over a worm to reveal its attached web address, known as a URL. If the URL is legitimate, press the 'UP' arrow or 'E' key while the URL is displayed to eat the worm. If the URL is fake, press the 'DOWN' arrow or 'R' key to reject the bait. Earn points by eating the good worms and rejecting the bad ones. Be careful of enemies that swim in the bay - you will lose a life if they touch you. Phishing attacks attempt to trick people into revealing personal information or bank or......

Words: 24325 - Pages: 98

Business and Ethics

...serious problems in the realm of computer scams against consumers is the scam recently identified as “phishing.” An example of this occurred when a Russian who goes by the cybername of Robotector sent an e-mail with the subject line “I still love you” to 3 million people. Within the message had been planted a small computer virus that, if executed, begins to record user names and passwords each time their owner visits more than 30 online banks or payment websites. Then, this information is secretly e-mailed back to Robotector. Business Ethics and Technology | Chapter 9 365 This technique is called “phishing” because it lures prey (computer users) with convincing bait into revealing passwords and other private data. The AntiPhishing Working Group, an industry association, reports that during one month, May 2007, it had received 23,415 reports of phishing and that this was a typical month. During this same one-month period, the group reported it knew of 37,438 unique phishing sites to which these e-mails would direct unaware consumers.59 The existence of these kinds of techniques points to the kinds of controversial ethical issues that arise in connection with electronic commerce. THE WORKPLACE AND COMPUTER TECHNOLOGY Whereas computer-based information technology creates ethical issues for consumer stakeholders with respect to electronic commerce and Web-based marketing, employee stakeholders also are significantly affected by technology in the workplace. We......

Words: 455665 - Pages: 1823

Systems Analysis and Design 8th Ed. - K. Kendall, J. Kendall

...entry. While this approach is efficient for the companies receiving data, it pushes the keying of that information to the user. Fortunately software is available to automate that process so users merely make a couple of clicks rather than typing in long strings of alphanumeric characters that make up IDs, passwords, and credit card numbers. On a PC, RoboForm by Siber Systems is a good alternative. On the Mac, 1Password by Agile Web Solutions appears to be the current leader. 1Password allows a user to automate logins, complete credit card information, fill in an identity complete with street address and email, and key secure notes. Like every good password program, 1Password includes important features such as strong password generators, antiphishing technology, and built-in protection from keyloggers. 1Password is also an app for the iPhone and a program for the Palm, so users can take their passwords with them. FIGURE 12.MAC 1Password from Agile Web Solutions. ©2006–09 Agile Web Solutions, all rights reserved. SUMMARY This chapter has covered elements of input design for forms, displays, and Web fill-in forms. Well-designed input should meet the goals of effectiveness, accuracy, ease of use, simplicity, consistency, and attractiveness. Knowledge of many different design elements will allow the systems analyst to reach these goals. The four guidelines for well-designed input forms are the following: (1) make forms easy to fill in, (2) ensure that forms meet the......

Words: 317454 - Pages: 1270

Final Proposal

...firewall, spam blocker, and popup blocker.”(“McAfee Internet Security Suite,” 2009, p. 1). This would of course require your approval of anything listed. I have also provided alphabetical steps to present to all Cyberdine staff members. We feel this would keep all company employees in sync, and the knowledge of our presence. The steps are as follows: (a) discuss the anti-virus software, (b) explain what happens if this software is not installed, (c) what benefits are achieved once the software is installed, and (d) show that in the end the company benefits from the software upgrade. “GIVEN RAPIDLY evolving dangers such as Conficker and silent threats that lurk on otherwise innocent Web sites, you need a suite of tools--antivirus, firewall, antiphishing, antispam--to combat potential attacks.” (Vermosi, 2009, para. 1). Report Once completed you would receive a final report with all of our upgrades and hardware modifications. My expert staff will also add any side notes, to prevent any future issues with the computer systems and data. The report will also include charts that show which facility ran into the most problems. Schedule With your total approval, the following schedule has been arranged: Evaluation of the computer systems and data processing July 12-17 Deadline for final analysis of all computer systems July 20 Security upgrades initiated throughout Cyberdine July 27-31 Completion of all computer systems ......

Words: 1046 - Pages: 5

A Hands on Intro to Hacking

...dumpster diving, dumping website databases, and social engineering, open source intelligence (or OSINT) is gathered from legal sources like public records and social media. The success of a pentest often depends on the results of the information-gathering phase, so in this section, we will look at a few tools to obtain interesting information from these public sources. Netcraft Sometimes the information that web servers and web-hosting companies gather and make publicly available can tell you a lot about a website. For instance, a company called Netcraft logs the uptime and makes queries about the underlying software. (This information is made publicly available at http://www.netcraft.com/.) Netcraft also provides other services, and their antiphishing offerings are of particular interest to information security. For example, Figure 5-1 shows the result when we query http://www​ .netcraft.com/ for http://www.bulbsecurity.com. As you can see, bulbsecurity.com was first seen in March 2012. It was registered through GoDaddy, has an IP address of 50.63.212.1, and is running Linux with an Apache web server. Armed with this information, when pentesting bulbsecurity.com, we could start by ruling out vulnerabilities that affect only Microsoft IIS servers. Or, if we wanted to try social engineering to get credentials to the website, we could write an email that appears to be from GoDaddy, asking the administrator to log in and check some security settings. 114   Chapter 5 Figure......

Words: 117203 - Pages: 469

Management Information System

...Manage internal information among employees, as well as among business partners and suppliers MWEB has moved forward in publicizing its plans for the South African Internet market. According to MWEB CEO Rudi Jansen, the company needs to improve the quality of their network, which is not only an MWEB problem, but also a Telkom network problem. Despite having a less-than-ideal network infrastructure, MWEB uses AVG Internet Security to offer its customers the best possible security while online. AVG Internet Security offers MWEB customers the following features: • Identity protection for safe banking and shopping • LinkScanner for safe surfing and searching • WebShield for safe social networking, chatting, and downloading • Antiphishing and antispam for a safe uncluttered inbox • High-speed antivirus/antispyware software with automatic updates • An enhanced firewall In addition, MWEB automatically protects customers against junk email and viruses that are sent via email. Its virus filter ensures that only virus-free email is delivered to clients’ inboxes by automatically cleaning e-mails from recognized malware sources. MWEB advises its customers to keep their ADSL connections safe from bandwidth theft and account abuse by blocking unsolicited incoming connections to network ports commonly used by hackers. Despite the multitude of security services offered by MWEB, a number of MWEB Business subscribers’ account details were compromised when their......

Words: 218843 - Pages: 876

Systems Analysis and Design

...entry. While this approach is efficient for the companies receiving data, it pushes the keying of that information to the user. Fortunately software is available to automate that process so users merely make a couple of clicks rather than typing in long strings of alphanumeric characters that make up IDs, passwords, and credit card numbers. On a PC, RoboForm by Siber Systems is a good alternative. On the Mac, 1Password by Agile Web Solutions appears to be the current leader. 1Password allows a user to automate logins, complete credit card information, fill in an identity complete with street address and email, and key secure notes. Like every good password program, 1Password includes important features such as strong password generators, antiphishing technology, and built-in protection from keyloggers. 1Password is also an app for the iPhone and a program for the Palm, so users can take their passwords with them. FIGURE 12.MAC 1Password from Agile Web Solutions. ©2006–09 Agile Web Solutions, all rights reserved. SUMMARY This chapter has covered elements of input design for forms, displays, and Web fill-in forms. Well-designed input should meet the goals of effectiveness, accuracy, ease of use, simplicity, consistency, and attractiveness. Knowledge of many different design elements will allow the systems analyst to reach these goals. The four guidelines for well-designed input forms are the following: (1) make forms easy to fill in, (2) ensure that forms meet the......

Words: 317454 - Pages: 1270