SlideShare ist ein Scribd-Unternehmen logo

Advanced Phishing The Art of Stealing

Avinash Sinha
Avinash Sinha

In this article we will be the focusing on all the aspects of Phishing attacks including the technological advancements, exploitation, post exploitation techniques and the countermeasures techniques against Advanced Phishing” The Art of Stealing” . We will also learn about payloads , Web Application attacks and Network Attacks and how they contribute to advanced phishing attacks.

Software
1 von 13
Downloaden Sie, um offline zu lesen
INTERNATIONAL JOURNAL OF COMPUTER SCIENCE International Journal of Computer science and Engineering Research and Development (IJCSERD), ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014) ENGINEERING RESEARCH AND DEVELOPMENT ISSN 2248 – 9363(Print) ISSN 2248 – 9371(Online), Volume 4, Number 2, April- June (2014), pp: 41-53 © PRJ Publication, http://www.prjpublication.com/ 41 IJCSERD © PRJ PUBLICATION (IJCSERD) ADVANCED PHISHING - THE ART OF STEALING Avinash R Sinha Amruta S Moon Security Consultant Lecturer Company: Aujas College: GHRCE ABSTRACT Phishing is described as an art of stealing personal and business sensitive information using social engineering techniques. Personal sensitive information (PSI) includes your identification proof including your social security number, driving license, passport, email id and everything which defines who you are. Business sensitive information (BSI) includes your corporate details, usernames, passwords, financial corporate information, customer sensitive details and military information. Phishing scams has advanced tremendously .Phishing attacks were previously aimed at mostly individuals however now a days they are mostly aimed at corporate organizations, financial sectors, defense industry, government and last but not the least country .One thing is clear that phishing has evolved from targeting individuals and grown to target at a much bigger scale. Now-a –days when we hear Phishing it’s about companies losing millions of dollars and their Brand Value. Phishing in the past didn’t required much technical knowledge and was easier to accomplish however there has been enormous technical advancement in the way phishing techniques are used in present days. This is result of educating users and counter measures of phishing. In this article we will be the focusing on all the aspects of Phishing attacks including the technological advancements, exploitation, post exploitation techniques and the countermeasures techniques against Advanced Phishing” The Art of Stealing” . We will also learn about payloads and Web Application attacks and how they contribute to advanced phishing attacks. BACKGROUND Phishing has been popular these days as it’s highly used in Advanced Persistent threat (APT) attacks to deliver malware which is being used to compromise the security of entire infrastructure of country mainly targeted at organizations, political leaders and Executives
International Journal of Computer science and Engineering Research and Development (IJCSERD), ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014) from financial, economic and military sectors. Phishing scams have progressed drastically and they are not restricted to common phishing attacks in which the victim is sent a spoofed email and lured to provide PSI and BSI. Traditional techniques used by Phishers involved use of the following techniques:- 42 1. Spoofed emails asking for PSI BSI 2. Obfuscation techniques 3. Webchat/Chat Rooms 4. Compromising a Web server and hosting a phish link. Traditionally Phishers used Sensitive personal information for committing high value crimes such as Identity theft and electronic fraud. These were targeted at individuals .Victim receives an email and in the spoofed email content generally gives a very legitimate sounding reason along with a sense of 1.Hope, 2.Urgency, 3.PSI, 4.Highly confidential info, 5.Threat and fear. As phishing is combined with human emotions it is has been also termed as “Social Engineering –Attacking the Human element or The Art of Human Exploitation.” An example of Spoofed email: Fig: Cursor placed on top of email id gives the actual email-id Fig: Spoofed email asking for PSI
International Journal of Computer science and Engineering Research and Development (IJCSERD), ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014) Spear Phishing: - This is the most popular attack as it is highly used in APT attacks. The term Spear Phishing is coined as it’s a much focused attack on a particular individual/organization/sector fetching detailed information .Spear Phishers uses social engineering techniques to get detailed information about you including your likes and dislikes. Using your presence on web (Facebook/LinkedIn/Company/twitter) a detailed profile is created and phishing attacks are crafted combined with this information which is much more convincing as it ensures to come from a legitimate source and the content is highly designed to lure the victim to share PSI and BSI. Also what makes it more powerful is that it’s combined with advanced malwares which are designed for very specific purpose ranging from session control, data theft to compromising the whole system. Whaling-It is a type of phishing attack in which spear phishing techniques are used but are targeted only at high ranking officers/government officials, Political leaders, and industrialist both in Private and Military sectors 43 Advanced Techniques used by Phishers:- Fig: Spoofed email from attacker asking to click on link Vishing-Victim will receive a phone call and asked for SPI and BSI. Few examples:- • Receiving a call from Bank to change your password for extra security. • A call from Credit card companies asking yourself to confirm your identity or your account will be closed immediately or in next 24 hrs .Similarly asking victim to enroll for Credit card services with lots of good benefits (Free movie tickets/50% off on hotel bill or reward points) and share all his details in form of online scanned documents are few good tricks. • Even highly qualified employees fall prey to a phishing attack as when you receive a call on your office landline number most of them never bother to ask why or who is calling .Identifying yourself as a helpdesk spoc person and asking the employees to change their password to your choice or asking them to perform a specific action of your choice (Running an exe or clicking on a link).This may jeopardize security of the Org. As the threats are both internal and external, one should always be careful.
International Journal of Computer science and Engineering Research and Development (IJCSERD), ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014) Smishing:-Sending specially crafted text messages asking to click on links send via mobile messages or share their SPI or spreading false information. Few example of smashing are given below 44 1. Victim receives a sms that he has won 10000 $ to transfer click on link. 2. Victim receives a sms to download an app for free. The app may be a spoofed version of any popular game, social network app like Wechat, Whatsapp or bank. As most of the mobiles are android based most of the apps are available for free .Also many of these apps are combined with malwares specifically designed to read ,modify and delete any data present in your phone’s memory and memory card. These apps can read your sms or delete any content present on your phones memory. By installing such app you also agree to share your OTP as well. Fig: Spoofed SMS from attacker Obfuscation Techniques:- Obfuscation technique comes into picture when the Phishers want to disguise the evil website link, which is to be sent to victim so that the victim falls for it. Obfuscation means hiding of intended meaning in communication. Obfuscation techniques include using Dword/HEX/Octal representation of an Ip address of any website. Example: - www.google.com .Ip Address of Google.com is - 173.194.38.166 • Dword Obfuscation:- http://2915182246 • Hex Obfuscation:- http://0xADC226A6 • Octal Obfuscation:- http://0255.0302.046.0246 • Few other techniques are to encode the URL using different forms Conversion tools are available for free over the internet which can help the attacker to craft his attacks viciously. Observe that in the above obfuscated URL it is not possible to know what will happen after you click on the URL. Curiosity is a human factor that encourages most of us to explore things and in this case if you click on the above link, you may be directed to a Malware site easily.
International Journal of Computer science and Engineering Research and Development (IJCSERD), ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014) 45 Now as we know about various Phishing techniques, let’s think how we can use these techniques combined with the following:- 1. Web Application Vulnerabilities 2. Network Vulnerabilities 3. Advanced tools /kits 4. Exploits Phishing techniques combined with Vulnerabilities, Advanced phishing kits/tools and Exploits are so much powerful that they can compromise security of your entire IT-infrastructure. Application and Network based Vulnerabilities:- Few examples of Web Application based vulnerabilities are as follows:- 1. Cross-Site Scripting 2. Frame Injection 3. Link Injections 4. Session hijacking 5. Open Redirection 6. Hidden Element-Web 7. Embedded Objects and links in documents like doc ,images and pdf 8. File uploads-Advanced Malwares etc These Application related vulnerabilities and many more makes a Phishing attack powerful. Now let’s look at few Network Vulnerabilities which boost’s phishing attacks:- 1. Compromised DNS -DNS Cache Snooping/poisoning Vulnerability 2. SMTP Open Mail Relay’s/User enumeration etc Attack amplification:- To increase the attack surface, hackers use the following techniques:- 1. Posting a phish link on a forums /blogs/group chats to get the max victims 2. Mass emails 3. Mass Mobile messages 4. Spoofed Apps(Games/Social chat) Thus we complete phase-I i.e. “The Art “involved in phishing Now that everything is known about the” the Art “, let’s start” Stealing Phase –II Begins - Attacking the Human Element Before we begin please note the below points:- “Targeting any individual/Organization with any kind of phishing attack or in any way which can harm an individual or organization without prior written confirmation/consent from right authority will certainly put you into a lot of trouble. Please note that it is a “Crime” and is against the law .So please do not perform the below steps or use any tool/kits until it’s a pentest with proper approvals from the right authority.” Information shared within this article is only for educational purpose and is shared for spreading awareness about phishing attacks and how to secure yourself as an individual/Organization .Please do not misuse it. Author of this document/article is not responsible for misuse of the information contained within this article. Let’s begin with Offensive security professional’s favorite SET- “Social Engineering Toolkit “which is an open source toolkit.
International Journal of Computer ISSN 2248- 9363 (Print), ISSN- 2248 science and Engineering Research and Development (IJCSERD), 2248-9371 (Online) Volume 4, Number 2, April-June (2014) As we can see it has the Fig: SET Overview most advanced ways for Phishing ranging from Phishing email to Third Party Module are listed and each and every module is combined with numerous methods Let’s take a quick look into how the attack can be crafted you can see in the below screenshot achieve via any of the listed methods. Above attacks can be used dig login credent browser exploitation to root level access. We have another most popular tool called as “Phishnix” methods. As Phishnix is a social engineering solution that assess and trains employees on the risks of phishing. Phishnix develops organization. This scenario will be sent out to employees and Phishnix will track how the 46 hird using these methods the attack depends upon what the attacker is trying to Fig: Attack Methods credentials of any victims via session hijacking, a phishing scenario that is realistic and relative to your
International Journal of Computer science and Engineering Research and Development (IJCSERD), ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014) employees respond. This provides organizations with a view of their human firewall and insight into where the vulnerabilities exist within the human firewall. Phishnix further leverages the teaching moment created based on the user's response and generate an action plan that can be implemented to avoid future pitfalls. Phishnix helps your organization to build the first line of defense by increasing an employee's awareness to phishing; thus Phishnix plays a vital role in an organization's anti-phishing strategy 47 We can use phishnix to deliver specially crafted spoofed email to be sent to the victims. Also the best part of this tool is that it will analyze the data and provide information about how many employees were victims of the attack. Also it is capable of collecting data from users if required to be presented in an audit session. Exploitation and Post Exploitation:- Now that we know about attack methods ,lets dig the third bit Exploits and Exploitation. Advanced URL Obfuscation techniques: - 1. Use Clone page attack to get the same page as hosted by a live server 2. Use any of the Obfuscation techniques mentioned above and combine as per your needs. 3. Use URL Shorter service (Google URL shortner/tiny URL) which is freely available and shorten your URL .Now you are ready for a real world attack. 4. Send the phish link to the victim. Credential Harvesting Attack via Web attack vectors:- The below yahoo.com webpage was opened by clicking on a malicious link by victim which was sent to him by an attacker using Credential Harvester attack. If you observe the URL closely, the Ip address using which the link was opened doesn’t belong to yahoo.com. This IP belongs to an attacker on which the website is hosted.
International Journal of Computer ISSN 2248- 9363 (Print), ISSN- 2248 science and Engineering Research and Development (IJCSERD), 2248-9371 (Online) Volume 4, Number 2, April-June (2014) Fig: Victim tricked to click and login into Evil Page Fig: Session established from Attacker system to victim’s session Fig: Login Credentials output Using Credential Harvester attack 48
International Journal of Computer science and Engineering Research and Development (IJCSERD), ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014) Once the data attacker needs is collected, they can have all the data built into form of a report which will contain your username and password as well. Similar process can be used to craft credential harvesting attacks for various different websites as and when required. Phase III- Gaining Root Access-(Victim Pawned) via Phishing Attack Few Exploits and their descriptions are as follows which can be used to gain system level / Root Level Access 49 Gaining Root Access 1) Windows Shell Reverse_TCP Spawn a command shell on victim and send back to attacker 2) Windows Reverse_TCP Meterpreter Spawn a meterpreter shell on victim and send back to attacker 3) Windows Reverse_TCP VNC DLL Spawn a VNC server on victim and send back to attacker 4) Windows Bind Shell Execute payload and create an accepting port on remote system 5) PyInjector Shellcode Injection This will drop a meterpreter payload through PyInjector There are more than 300+ exploits available on the internet each pertaining to different products (Software’s/Browsers/Document/OS/System level). Steps for gaining root access 1. Choose any one of the above exploits and run 2. Share the evil link with the victim, 3. Backdoor will be installed, as soon as victim clicks on evil link. 4. And the session is established Fig: Using Aurora exploit for taking root access
International Journal of Computer ISSN 2248- 9363 (Print), ISSN- 2248 science and Engineering Research and Development (IJCSERD), 2248-9371 (Online) Volume 4, Number 2, April-June (2014) Steps to follow after using any of the exploits and gaining system level access/root level access:- 1. Take control of user’s session 2. Create a user with privilege 3. Try to gather as much information as you can as required as a part of your Advanced Persistent threat exercise 4. The main aim as a part of this APT Phishing exercise should be compromised one system, look for another system attached/ connected to it until you find a system with Active Directory and try to compromise the same by dumping as much data as required . 5. Install few more backdoor’s and c nerated exercise. Fig: Gained Root access to victim’s system Fig: Dump Phase IV -Securing the Human Element Following are the Counter measures Don’ts Do not click on any links which seems suspicious. Don’t open any documents, images or pdf file users, they may trigger unwanted actions. Don't put too much information (SPI) about yourself on the internet (LinkedIn/Facebook/twitter) exam Don’t share any information with email address which uses real organization name but incorrect email/domain address. Example microsoft@gmail.com Don’t click on links in e-mails especially any that are requesting priva Attackers use URL shortner for hiding the intent hidden with the evil link. Don’t click on tiny (bitly/adsfly) URL or URL which have no meaning or sense 50 fter session. privileged access-hidden mode and dump the hashes. once you have nstall clear all the logs generated as a part of this exercise hashes from victim’s system r Against Advanced Phishing:- which comes as attachment from unknown /example your DOB or social security number private te information. e.g. http://bit.ly/1dUdYId
International Journal of Computer science and Engineering Research and Development (IJCSERD), ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014) *You may get an email from your friend/relative does not mean they have sent it. Your friend/relative computer may have been infected or their account may have been compromised. If you have a suspicious email from a trusted friend or colleague, call them to confirm that they sent it. Use a telephone number that you already know or can independently verify, not one that was included in the message to verify Don’t share any usernames, passwords or transfer money urgently without verifying. Don’t plug any pen-drives, SD cards and other memory chips you find in your lying on ground or in your company campus to your company’s laptop/desktop, you may compromise security of entire company. Those days are gone when you used to get phishing emails with bad grammar and lousy spelling mistakes. Now-a-days Phishing emails look more authentic than the original emails. Do’s Check the grammar or spelling mistakes. Use common sense, if an email/call seems too good to be true, it is most likely an attack. Verify this every time while sharing any PSI or BSI over email. Use good Antivirus which has Web protections set to on while you are browsing. For Corporate/Business Use an updated anti-virus program that can scans e-mail and has Anti- Spam Filter enabled. Few of them also get coupled with browser to show site rating and risk. Also use Anti Trojan and Anti-Spyware to get rid of any harmful malwares. Always type a website URL manually for any Banking transactions, financial transactions or even for social websites like Facebook if you want to be secure. Use Open VPN for connecting and browsing on internet. Most of them are available for free. Please observe the”https://” and a lock icon in the address bar before entering any private information. Ensure all Financial Banking and social networking websites are on secured channel and has a valid SSL Certificate before performing login and performing any transactions. If you put your mouse Cursor over the link, your browser or security software will share the actual email id/URL Request for sharing PSI and BSI are a clear sign of an attack .Never share your PSI, BSI over emails from free email service providers like hacker@gmail.com, @yahoo.com,@rediffmail.com Set Internet Explorer as your default browser. Always use Mozilla Firefox in private browsing mode or Google Chrome in incognito mode for performing any financial transaction or logging into a Social Networking Website .Always remember to close your browser after use. Be aware of any email that requires quick attention or creates a sense of urgency so that you rush to click on it without thinking. Always use the preview method provided by email service providers to view the attachments that come via emails. Avoid tiny URLs .Use service such as Long URL to view the complete URL. These services also give you a preview of the URL which helps you to determine whether they are of malicious nature or not. Enable One Time Password functionality on Gmail, Yahoo, Facebook and other websites which you browse regularly and use to transfer SPI. Disable your Mobile’s internet connection while performing any transaction that involves use of OTP-One Time Password. Always dump suspicious emails in trash or marking it spam. Marking spam only once for one type of email helps your anti spam service to analyze its content and the signature including 51
International Journal of Computer science and Engineering Research and Development (IJCSERD), ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014) email-id and host ip details from which the email was received which in turn helps to ensure that you don’t receive any malicious emails in future. Download Software Products only from authentic sources or for business purposes from companies own software store and keep them updated with latest versions and patches. Use Mobile Device Management solutions if you permit your employees to use Smart Phones to connect to company’s network or storing companies BSI. Download only those apps from android market which have been downloaded by at least 100000+ users. This doesn’t guarantee but would limit the possibility of you falling for a Smishing attack. Never speak of company’s secrets, SPI or BSI in public places. Example: Discussing Network diagram of your company over a cup of tea with anonymous people in public places. Spread and share awareness about phishing attacks and prevention. If you find any pen drives lying anonymously and if you are greedy enough to own it. Use it in own your home laptop and make sure you are not connected to internet. Also scan Pen drive for malware, Trojans and spyware. Make sure you open it on a VM. Make use of paper shredder in your organization and install it next to printers. Dispose of any confidential information using it. Ask the employees to collect their prints within 15 minutes from the time of print action. Never share your debit/credit cards at ATM centers. If you are not able to use it, request the concerned security personal present at ATM center for help and not to ask to person standing next to you. Always press cancel button two times once your transaction is complete. Conduct Phishing exercise within your company to analyze how vulnerable are your employees. Arrange a session for your friends and employees to generate awareness against phishing. If you come across any phishing website, please submit it at www.phishtank.com. Use https://www.virustotal.com and scan any suspicious URL before browsing it. Also send a Phishing Awareness email monthly once to your employees. So that they will be prepared for the worst and this exercise would definitely stop and limit any kind of phishing activity within your network. 52 Financial Losses via Phishing Attacks Fig: Financial Loss from Phishing Attacks
International Journal of Computer science and Engineering Research and Development (IJCSERD), ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014) 53 Financial loss from phishing occurs in Millions of dollars. India ranks third in the world which is prone to phishing attacks. Last year financial loss was 28.8 million dollars. “Don’t have false assumptions that you will never be targeted. Beware you may be Next.” REFERENCES 1. Technical Trends in Phishing Attacks by Jason Milletary-CERT Coordination Center 2. Phishing Awareness –by Navy Information Operations Command (NIOC) Norfolk 3. https://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201302_en.pdf 4. http://www.moneycontrol.com/news/features/phishing-for trouble_648789.html ABOUT AUTHOR Avinash Sinha is a Security Consultant working with Aujas. Previously he has worked with IBM India Pvt Ltd as an Application Security Consultant for 2.8 Yrs. His key area of interests include Vulnerability assessments, Secure Code review, Security research, Penetration testing and professional interest focuses on network infrastructure protection. Amruta Moon is working as a faculty at G.H Raisoni College of engineering. She has completed her M.Tech in Software Engineering from Sagar institute. Her keen area of interest includes security research, image analysis and programming.

Empfohlen

EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
IJNSA Journal
 
IRJET- Phishing Web Site
IRJET- Phishing Web SiteIRJET- Phishing Web Site
IRJET- Phishing Web Site
IRJET Journal
 
Phishing detection in ims using domain ontology and cba an innovative rule ...
Phishing detection in ims using domain ontology and cba an innovative rule ...Phishing detection in ims using domain ontology and cba an innovative rule ...
Phishing detection in ims using domain ontology and cba an innovative rule ...
ijistjournal
 
Detecting malicious URLs using binary classification through ada boost algori...
Detecting malicious URLs using binary classification through ada boost algori...Detecting malicious URLs using binary classification through ada boost algori...
Detecting malicious URLs using binary classification through ada boost algori...
IJECEIAES
 
IRJET- A Survey on Automatic Phishing Email Detection using Natural Langu...
IRJET- A Survey on Automatic Phishing Email Detection using Natural Langu...IRJET- A Survey on Automatic Phishing Email Detection using Natural Langu...
IRJET- A Survey on Automatic Phishing Email Detection using Natural Langu...
IRJET Journal
 
Aa4502172179
Aa4502172179Aa4502172179
Aa4502172179
IJERA Editor
 
2 phishing
2 phishing2 phishing
2 phishing
Yadavalli Thripura
 
What are the possible damages of phishing and spoofing mail attacks part 2#...
What are the possible damages of phishing and spoofing mail attacks part 2#...What are the possible damages of phishing and spoofing mail attacks part 2#...
What are the possible damages of phishing and spoofing mail attacks part 2#...
Eyal Doron
 

Empfohlen

EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
IJNSA Journal
 
IRJET- Phishing Web Site
IRJET- Phishing Web SiteIRJET- Phishing Web Site
IRJET- Phishing Web Site
IRJET Journal
 
Phishing detection in ims using domain ontology and cba an innovative rule ...
Phishing detection in ims using domain ontology and cba an innovative rule ...Phishing detection in ims using domain ontology and cba an innovative rule ...
Phishing detection in ims using domain ontology and cba an innovative rule ...
ijistjournal
 
Detecting malicious URLs using binary classification through ada boost algori...
Detecting malicious URLs using binary classification through ada boost algori...Detecting malicious URLs using binary classification through ada boost algori...
Detecting malicious URLs using binary classification through ada boost algori...
IJECEIAES
 
IRJET- A Survey on Automatic Phishing Email Detection using Natural Langu...
IRJET- A Survey on Automatic Phishing Email Detection using Natural Langu...IRJET- A Survey on Automatic Phishing Email Detection using Natural Langu...
IRJET- A Survey on Automatic Phishing Email Detection using Natural Langu...
IRJET Journal
 
Aa4502172179
Aa4502172179Aa4502172179
Aa4502172179
IJERA Editor
 
2 phishing
2 phishing2 phishing
2 phishing
Yadavalli Thripura
 
What are the possible damages of phishing and spoofing mail attacks part 2#...
What are the possible damages of phishing and spoofing mail attacks part 2#...What are the possible damages of phishing and spoofing mail attacks part 2#...
What are the possible damages of phishing and spoofing mail attacks part 2#...
Eyal Doron
 
IRJET- A Novel Survey on DOS Attacks
IRJET- A Novel Survey on DOS AttacksIRJET- A Novel Survey on DOS Attacks
IRJET- A Novel Survey on DOS Attacks
IRJET Journal
 
Topsec email security 2016
Topsec email security 2016Topsec email security 2016
Topsec email security 2016
Nathan CAVRIL
 
Teaching Your Staff About Phishing
Teaching Your Staff About PhishingTeaching Your Staff About Phishing
Teaching Your Staff About Phishing
Legal Services National Technology Assistance Project (LSNTAP)
 
A novel way of integrating voice recognition and one time passwords to preven...
A novel way of integrating voice recognition and one time passwords to preven...A novel way of integrating voice recognition and one time passwords to preven...
A novel way of integrating voice recognition and one time passwords to preven...
ijdpsjournal
 
CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016
Bolaji James Bankole CCSS,CEH,MCSA,MCSE,MCP,CCNA,
 
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissanceCe hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Mehrdad Jingoism
 
IRJET- Detecting the Phishing Websites using Enhance Secure Algorithm
IRJET- Detecting the Phishing Websites using Enhance Secure AlgorithmIRJET- Detecting the Phishing Websites using Enhance Secure Algorithm
IRJET- Detecting the Phishing Websites using Enhance Secure Algorithm
IRJET Journal
 
Symantec Cyber Security Intelligence Report
Symantec Cyber Security Intelligence ReportSymantec Cyber Security Intelligence Report
Symantec Cyber Security Intelligence Report
Symantec
 
A survey on detection of website phishing using mcac technique
A survey on detection of website phishing using mcac techniqueA survey on detection of website phishing using mcac technique
A survey on detection of website phishing using mcac technique
bhas_ani
 
PHISHING DETECTION
PHISHING DETECTIONPHISHING DETECTION
PHISHING DETECTION
umme ayesha
 
End end-security
End end-securityEnd end-security
End end-security
Patatino Melis
 
INTRODUCTION OF CYBER CRIME AND ITS TYPE
INTRODUCTION OF CYBER CRIME AND ITS TYPEINTRODUCTION OF CYBER CRIME AND ITS TYPE
INTRODUCTION OF CYBER CRIME AND ITS TYPE
AM Publications
 
Phishing
PhishingPhishing
Phishing
Maheshwar Singh
 
A Novel Approach for Phishing Emails Real Time Classification Using K-Means A...
A Novel Approach for Phishing Emails Real Time Classification Using K-Means A...A Novel Approach for Phishing Emails Real Time Classification Using K-Means A...
A Novel Approach for Phishing Emails Real Time Classification Using K-Means A...
IJECEIAES
 
V01 i010413
V01 i010413V01 i010413
V01 i010413
IJARBEST JOURNAL
 
Security Awareness Training from KnowBe4
Security Awareness Training from KnowBe4Security Awareness Training from KnowBe4
Security Awareness Training from KnowBe4
Carol Montgomery Adams
 
IRJET - Secure Banking Application with Image and GPS Location
IRJET - Secure Banking Application with Image and GPS LocationIRJET - Secure Banking Application with Image and GPS Location
IRJET - Secure Banking Application with Image and GPS Location
IRJET Journal
 
Security_prediction_2014
Security_prediction_2014Security_prediction_2014
Security_prediction_2014
Truong Minh Yen
 
Advanced phishing the art of stealing
Advanced phishing the art of stealingAdvanced phishing the art of stealing
Advanced phishing the art of stealing
prj_publication
 
Advanced phishing the art of stealing
Advanced phishing the art of stealingAdvanced phishing the art of stealing
Advanced phishing the art of stealing
prj_publication
 
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
IRJET Journal
 
Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing Tools
IRJET Journal
 

Weitere ähnliche Inhalte

Was ist angesagt?

Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissanceCe hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Mehrdad Jingoism
 
Symantec Cyber Security Intelligence Report
Symantec Cyber Security Intelligence ReportSymantec Cyber Security Intelligence Report
Symantec Cyber Security Intelligence Report
Symantec
 
A survey on detection of website phishing using mcac technique
A survey on detection of website phishing using mcac techniqueA survey on detection of website phishing using mcac technique
A survey on detection of website phishing using mcac technique
bhas_ani
 
PHISHING DETECTION
PHISHING DETECTIONPHISHING DETECTION
PHISHING DETECTION
umme ayesha
 
A Novel Approach for Phishing Emails Real Time Classification Using K-Means A...
A Novel Approach for Phishing Emails Real Time Classification Using K-Means A...A Novel Approach for Phishing Emails Real Time Classification Using K-Means A...
A Novel Approach for Phishing Emails Real Time Classification Using K-Means A...
IJECEIAES
 
Security_prediction_2014
Security_prediction_2014Security_prediction_2014
Security_prediction_2014
Truong Minh Yen
 

Was ist angesagt? (18)

IRJET- A Novel Survey on DOS Attacks
IRJET- A Novel Survey on DOS AttacksIRJET- A Novel Survey on DOS Attacks
IRJET- A Novel Survey on DOS Attacks
 
Topsec email security 2016
Topsec email security 2016Topsec email security 2016
Topsec email security 2016
 
Teaching Your Staff About Phishing
Teaching Your Staff About PhishingTeaching Your Staff About Phishing
Teaching Your Staff About Phishing
 
A novel way of integrating voice recognition and one time passwords to preven...
A novel way of integrating voice recognition and one time passwords to preven...A novel way of integrating voice recognition and one time passwords to preven...
A novel way of integrating voice recognition and one time passwords to preven...
 
CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016
 
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissanceCe hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
 
IRJET- Detecting the Phishing Websites using Enhance Secure Algorithm
IRJET- Detecting the Phishing Websites using Enhance Secure AlgorithmIRJET- Detecting the Phishing Websites using Enhance Secure Algorithm
IRJET- Detecting the Phishing Websites using Enhance Secure Algorithm
 
Symantec Cyber Security Intelligence Report
Symantec Cyber Security Intelligence ReportSymantec Cyber Security Intelligence Report
Symantec Cyber Security Intelligence Report
 
A survey on detection of website phishing using mcac technique
A survey on detection of website phishing using mcac techniqueA survey on detection of website phishing using mcac technique
A survey on detection of website phishing using mcac technique
 
PHISHING DETECTION
PHISHING DETECTIONPHISHING DETECTION
PHISHING DETECTION
 
End end-security
End end-securityEnd end-security
End end-security
 
INTRODUCTION OF CYBER CRIME AND ITS TYPE
INTRODUCTION OF CYBER CRIME AND ITS TYPEINTRODUCTION OF CYBER CRIME AND ITS TYPE
INTRODUCTION OF CYBER CRIME AND ITS TYPE
 
Phishing
PhishingPhishing
Phishing
 
A Novel Approach for Phishing Emails Real Time Classification Using K-Means A...
A Novel Approach for Phishing Emails Real Time Classification Using K-Means A...A Novel Approach for Phishing Emails Real Time Classification Using K-Means A...
A Novel Approach for Phishing Emails Real Time Classification Using K-Means A...
 
V01 i010413
V01 i010413V01 i010413
V01 i010413
 
Security Awareness Training from KnowBe4
Security Awareness Training from KnowBe4Security Awareness Training from KnowBe4
Security Awareness Training from KnowBe4
 
IRJET - Secure Banking Application with Image and GPS Location
IRJET - Secure Banking Application with Image and GPS LocationIRJET - Secure Banking Application with Image and GPS Location
IRJET - Secure Banking Application with Image and GPS Location
 
Security_prediction_2014
Security_prediction_2014Security_prediction_2014
Security_prediction_2014
 

Ähnlich wie Advanced Phishing The Art of Stealing

E Mail Phishing Prevention and Detection
E Mail Phishing Prevention and DetectionE Mail Phishing Prevention and Detection
E Mail Phishing Prevention and Detection
ijtsrd
 
Credential Harvesting Using Man in the Middle Attack via Social Engineering
Credential Harvesting Using Man in the Middle Attack via Social EngineeringCredential Harvesting Using Man in the Middle Attack via Social Engineering
Credential Harvesting Using Man in the Middle Attack via Social Engineering
ijtsrd
 
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
IJNSA Journal
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
ijtsrd
 
A FRAMEWORK FOR SECURING EMAIL ENTRANCES AND MITIGATING PHISHING IMPERSONATIO...
A FRAMEWORK FOR SECURING EMAIL ENTRANCES AND MITIGATING PHISHING IMPERSONATIO...A FRAMEWORK FOR SECURING EMAIL ENTRANCES AND MITIGATING PHISHING IMPERSONATIO...
A FRAMEWORK FOR SECURING EMAIL ENTRANCES AND MITIGATING PHISHING IMPERSONATIO...
IJNSA Journal
 

Ähnlich wie Advanced Phishing The Art of Stealing (20)

Advanced phishing the art of stealing
Advanced phishing the art of stealingAdvanced phishing the art of stealing
Advanced phishing the art of stealing
 
Advanced phishing the art of stealing
Advanced phishing the art of stealingAdvanced phishing the art of stealing
Advanced phishing the art of stealing
 
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
 
Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing Tools
 
E Mail Phishing Prevention and Detection
E Mail Phishing Prevention and DetectionE Mail Phishing Prevention and Detection
E Mail Phishing Prevention and Detection
 
Cyber security.docx
Cyber security.docxCyber security.docx
Cyber security.docx
 
IRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing Techniques
 
50120130405019
5012013040501950120130405019
50120130405019
 
50120130405019
5012013040501950120130405019
50120130405019
 
Credential Harvesting Using Man in the Middle Attack via Social Engineering
Credential Harvesting Using Man in the Middle Attack via Social EngineeringCredential Harvesting Using Man in the Middle Attack via Social Engineering
Credential Harvesting Using Man in the Middle Attack via Social Engineering
 
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Spear Phishing
Spear PhishingSpear Phishing
Spear Phishing
 
Understanding the Impact of Cyber Security in Health Care
Understanding the Impact of Cyber Security in Health CareUnderstanding the Impact of Cyber Security in Health Care
Understanding the Impact of Cyber Security in Health Care
 
Cisco cybersecurity essentials chapter 3
Cisco cybersecurity essentials chapter 3Cisco cybersecurity essentials chapter 3
Cisco cybersecurity essentials chapter 3
 
CERT STRATEGY TO DEAL WITH PHISHING ATTACKS
CERT STRATEGY TO DEAL WITH PHISHING ATTACKSCERT STRATEGY TO DEAL WITH PHISHING ATTACKS
CERT STRATEGY TO DEAL WITH PHISHING ATTACKS
 
Phishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresPhishing: Analysis and Countermeasures
Phishing: Analysis and Countermeasures
 
A FRAMEWORK FOR SECURING EMAIL ENTRANCES AND MITIGATING PHISHING IMPERSONATIO...
A FRAMEWORK FOR SECURING EMAIL ENTRANCES AND MITIGATING PHISHING IMPERSONATIO...A FRAMEWORK FOR SECURING EMAIL ENTRANCES AND MITIGATING PHISHING IMPERSONATIO...
A FRAMEWORK FOR SECURING EMAIL ENTRANCES AND MITIGATING PHISHING IMPERSONATIO...
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber security
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 

Kürzlich hochgeladen

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
masabamasaba
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
masabamasaba
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
OnePlan Solutions
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
panagenda
 

Kürzlich hochgeladen (20)

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare
 

Advanced Phishing The Art of Stealing

  • 1. INTERNATIONAL JOURNAL OF COMPUTER SCIENCE International Journal of Computer science and Engineering Research and Development (IJCSERD), ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014) ENGINEERING RESEARCH AND DEVELOPMENT ISSN 2248 – 9363(Print) ISSN 2248 – 9371(Online), Volume 4, Number 2, April- June (2014), pp: 41-53 © PRJ Publication, http://www.prjpublication.com/ 41 IJCSERD © PRJ PUBLICATION (IJCSERD) ADVANCED PHISHING - THE ART OF STEALING Avinash R Sinha Amruta S Moon Security Consultant Lecturer Company: Aujas College: GHRCE ABSTRACT Phishing is described as an art of stealing personal and business sensitive information using social engineering techniques. Personal sensitive information (PSI) includes your identification proof including your social security number, driving license, passport, email id and everything which defines who you are. Business sensitive information (BSI) includes your corporate details, usernames, passwords, financial corporate information, customer sensitive details and military information. Phishing scams has advanced tremendously .Phishing attacks were previously aimed at mostly individuals however now a days they are mostly aimed at corporate organizations, financial sectors, defense industry, government and last but not the least country .One thing is clear that phishing has evolved from targeting individuals and grown to target at a much bigger scale. Now-a –days when we hear Phishing it’s about companies losing millions of dollars and their Brand Value. Phishing in the past didn’t required much technical knowledge and was easier to accomplish however there has been enormous technical advancement in the way phishing techniques are used in present days. This is result of educating users and counter measures of phishing. In this article we will be the focusing on all the aspects of Phishing attacks including the technological advancements, exploitation, post exploitation techniques and the countermeasures techniques against Advanced Phishing” The Art of Stealing” . We will also learn about payloads and Web Application attacks and how they contribute to advanced phishing attacks. BACKGROUND Phishing has been popular these days as it’s highly used in Advanced Persistent threat (APT) attacks to deliver malware which is being used to compromise the security of entire infrastructure of country mainly targeted at organizations, political leaders and Executives
  • 2. International Journal of Computer science and Engineering Research and Development (IJCSERD), ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014) from financial, economic and military sectors. Phishing scams have progressed drastically and they are not restricted to common phishing attacks in which the victim is sent a spoofed email and lured to provide PSI and BSI. Traditional techniques used by Phishers involved use of the following techniques:- 42 1. Spoofed emails asking for PSI BSI 2. Obfuscation techniques 3. Webchat/Chat Rooms 4. Compromising a Web server and hosting a phish link. Traditionally Phishers used Sensitive personal information for committing high value crimes such as Identity theft and electronic fraud. These were targeted at individuals .Victim receives an email and in the spoofed email content generally gives a very legitimate sounding reason along with a sense of 1.Hope, 2.Urgency, 3.PSI, 4.Highly confidential info, 5.Threat and fear. As phishing is combined with human emotions it is has been also termed as “Social Engineering –Attacking the Human element or The Art of Human Exploitation.” An example of Spoofed email: Fig: Cursor placed on top of email id gives the actual email-id Fig: Spoofed email asking for PSI
  • 3. International Journal of Computer science and Engineering Research and Development (IJCSERD), ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014) Spear Phishing: - This is the most popular attack as it is highly used in APT attacks. The term Spear Phishing is coined as it’s a much focused attack on a particular individual/organization/sector fetching detailed information .Spear Phishers uses social engineering techniques to get detailed information about you including your likes and dislikes. Using your presence on web (Facebook/LinkedIn/Company/twitter) a detailed profile is created and phishing attacks are crafted combined with this information which is much more convincing as it ensures to come from a legitimate source and the content is highly designed to lure the victim to share PSI and BSI. Also what makes it more powerful is that it’s combined with advanced malwares which are designed for very specific purpose ranging from session control, data theft to compromising the whole system. Whaling-It is a type of phishing attack in which spear phishing techniques are used but are targeted only at high ranking officers/government officials, Political leaders, and industrialist both in Private and Military sectors 43 Advanced Techniques used by Phishers:- Fig: Spoofed email from attacker asking to click on link Vishing-Victim will receive a phone call and asked for SPI and BSI. Few examples:- • Receiving a call from Bank to change your password for extra security. • A call from Credit card companies asking yourself to confirm your identity or your account will be closed immediately or in next 24 hrs .Similarly asking victim to enroll for Credit card services with lots of good benefits (Free movie tickets/50% off on hotel bill or reward points) and share all his details in form of online scanned documents are few good tricks. • Even highly qualified employees fall prey to a phishing attack as when you receive a call on your office landline number most of them never bother to ask why or who is calling .Identifying yourself as a helpdesk spoc person and asking the employees to change their password to your choice or asking them to perform a specific action of your choice (Running an exe or clicking on a link).This may jeopardize security of the Org. As the threats are both internal and external, one should always be careful.
  • 4. International Journal of Computer science and Engineering Research and Development (IJCSERD), ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014) Smishing:-Sending specially crafted text messages asking to click on links send via mobile messages or share their SPI or spreading false information. Few example of smashing are given below 44 1. Victim receives a sms that he has won 10000 $ to transfer click on link. 2. Victim receives a sms to download an app for free. The app may be a spoofed version of any popular game, social network app like Wechat, Whatsapp or bank. As most of the mobiles are android based most of the apps are available for free .Also many of these apps are combined with malwares specifically designed to read ,modify and delete any data present in your phone’s memory and memory card. These apps can read your sms or delete any content present on your phones memory. By installing such app you also agree to share your OTP as well. Fig: Spoofed SMS from attacker Obfuscation Techniques:- Obfuscation technique comes into picture when the Phishers want to disguise the evil website link, which is to be sent to victim so that the victim falls for it. Obfuscation means hiding of intended meaning in communication. Obfuscation techniques include using Dword/HEX/Octal representation of an Ip address of any website. Example: - www.google.com .Ip Address of Google.com is - 173.194.38.166 • Dword Obfuscation:- http://2915182246 • Hex Obfuscation:- http://0xADC226A6 • Octal Obfuscation:- http://0255.0302.046.0246 • Few other techniques are to encode the URL using different forms Conversion tools are available for free over the internet which can help the attacker to craft his attacks viciously. Observe that in the above obfuscated URL it is not possible to know what will happen after you click on the URL. Curiosity is a human factor that encourages most of us to explore things and in this case if you click on the above link, you may be directed to a Malware site easily.
  • 5. International Journal of Computer science and Engineering Research and Development (IJCSERD), ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014) 45 Now as we know about various Phishing techniques, let’s think how we can use these techniques combined with the following:- 1. Web Application Vulnerabilities 2. Network Vulnerabilities 3. Advanced tools /kits 4. Exploits Phishing techniques combined with Vulnerabilities, Advanced phishing kits/tools and Exploits are so much powerful that they can compromise security of your entire IT-infrastructure. Application and Network based Vulnerabilities:- Few examples of Web Application based vulnerabilities are as follows:- 1. Cross-Site Scripting 2. Frame Injection 3. Link Injections 4. Session hijacking 5. Open Redirection 6. Hidden Element-Web 7. Embedded Objects and links in documents like doc ,images and pdf 8. File uploads-Advanced Malwares etc These Application related vulnerabilities and many more makes a Phishing attack powerful. Now let’s look at few Network Vulnerabilities which boost’s phishing attacks:- 1. Compromised DNS -DNS Cache Snooping/poisoning Vulnerability 2. SMTP Open Mail Relay’s/User enumeration etc Attack amplification:- To increase the attack surface, hackers use the following techniques:- 1. Posting a phish link on a forums /blogs/group chats to get the max victims 2. Mass emails 3. Mass Mobile messages 4. Spoofed Apps(Games/Social chat) Thus we complete phase-I i.e. “The Art “involved in phishing Now that everything is known about the” the Art “, let’s start” Stealing Phase –II Begins - Attacking the Human Element Before we begin please note the below points:- “Targeting any individual/Organization with any kind of phishing attack or in any way which can harm an individual or organization without prior written confirmation/consent from right authority will certainly put you into a lot of trouble. Please note that it is a “Crime” and is against the law .So please do not perform the below steps or use any tool/kits until it’s a pentest with proper approvals from the right authority.” Information shared within this article is only for educational purpose and is shared for spreading awareness about phishing attacks and how to secure yourself as an individual/Organization .Please do not misuse it. Author of this document/article is not responsible for misuse of the information contained within this article. Let’s begin with Offensive security professional’s favorite SET- “Social Engineering Toolkit “which is an open source toolkit.
  • 6. International Journal of Computer ISSN 2248- 9363 (Print), ISSN- 2248 science and Engineering Research and Development (IJCSERD), 2248-9371 (Online) Volume 4, Number 2, April-June (2014) As we can see it has the Fig: SET Overview most advanced ways for Phishing ranging from Phishing email to Third Party Module are listed and each and every module is combined with numerous methods Let’s take a quick look into how the attack can be crafted you can see in the below screenshot achieve via any of the listed methods. Above attacks can be used dig login credent browser exploitation to root level access. We have another most popular tool called as “Phishnix” methods. As Phishnix is a social engineering solution that assess and trains employees on the risks of phishing. Phishnix develops organization. This scenario will be sent out to employees and Phishnix will track how the 46 hird using these methods the attack depends upon what the attacker is trying to Fig: Attack Methods credentials of any victims via session hijacking, a phishing scenario that is realistic and relative to your
  • 7. International Journal of Computer science and Engineering Research and Development (IJCSERD), ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014) employees respond. This provides organizations with a view of their human firewall and insight into where the vulnerabilities exist within the human firewall. Phishnix further leverages the teaching moment created based on the user's response and generate an action plan that can be implemented to avoid future pitfalls. Phishnix helps your organization to build the first line of defense by increasing an employee's awareness to phishing; thus Phishnix plays a vital role in an organization's anti-phishing strategy 47 We can use phishnix to deliver specially crafted spoofed email to be sent to the victims. Also the best part of this tool is that it will analyze the data and provide information about how many employees were victims of the attack. Also it is capable of collecting data from users if required to be presented in an audit session. Exploitation and Post Exploitation:- Now that we know about attack methods ,lets dig the third bit Exploits and Exploitation. Advanced URL Obfuscation techniques: - 1. Use Clone page attack to get the same page as hosted by a live server 2. Use any of the Obfuscation techniques mentioned above and combine as per your needs. 3. Use URL Shorter service (Google URL shortner/tiny URL) which is freely available and shorten your URL .Now you are ready for a real world attack. 4. Send the phish link to the victim. Credential Harvesting Attack via Web attack vectors:- The below yahoo.com webpage was opened by clicking on a malicious link by victim which was sent to him by an attacker using Credential Harvester attack. If you observe the URL closely, the Ip address using which the link was opened doesn’t belong to yahoo.com. This IP belongs to an attacker on which the website is hosted.
  • 8. International Journal of Computer ISSN 2248- 9363 (Print), ISSN- 2248 science and Engineering Research and Development (IJCSERD), 2248-9371 (Online) Volume 4, Number 2, April-June (2014) Fig: Victim tricked to click and login into Evil Page Fig: Session established from Attacker system to victim’s session Fig: Login Credentials output Using Credential Harvester attack 48
  • 9. International Journal of Computer science and Engineering Research and Development (IJCSERD), ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014) Once the data attacker needs is collected, they can have all the data built into form of a report which will contain your username and password as well. Similar process can be used to craft credential harvesting attacks for various different websites as and when required. Phase III- Gaining Root Access-(Victim Pawned) via Phishing Attack Few Exploits and their descriptions are as follows which can be used to gain system level / Root Level Access 49 Gaining Root Access 1) Windows Shell Reverse_TCP Spawn a command shell on victim and send back to attacker 2) Windows Reverse_TCP Meterpreter Spawn a meterpreter shell on victim and send back to attacker 3) Windows Reverse_TCP VNC DLL Spawn a VNC server on victim and send back to attacker 4) Windows Bind Shell Execute payload and create an accepting port on remote system 5) PyInjector Shellcode Injection This will drop a meterpreter payload through PyInjector There are more than 300+ exploits available on the internet each pertaining to different products (Software’s/Browsers/Document/OS/System level). Steps for gaining root access 1. Choose any one of the above exploits and run 2. Share the evil link with the victim, 3. Backdoor will be installed, as soon as victim clicks on evil link. 4. And the session is established Fig: Using Aurora exploit for taking root access
  • 10. International Journal of Computer ISSN 2248- 9363 (Print), ISSN- 2248 science and Engineering Research and Development (IJCSERD), 2248-9371 (Online) Volume 4, Number 2, April-June (2014) Steps to follow after using any of the exploits and gaining system level access/root level access:- 1. Take control of user’s session 2. Create a user with privilege 3. Try to gather as much information as you can as required as a part of your Advanced Persistent threat exercise 4. The main aim as a part of this APT Phishing exercise should be compromised one system, look for another system attached/ connected to it until you find a system with Active Directory and try to compromise the same by dumping as much data as required . 5. Install few more backdoor’s and c nerated exercise. Fig: Gained Root access to victim’s system Fig: Dump Phase IV -Securing the Human Element Following are the Counter measures Don’ts Do not click on any links which seems suspicious. Don’t open any documents, images or pdf file users, they may trigger unwanted actions. Don't put too much information (SPI) about yourself on the internet (LinkedIn/Facebook/twitter) exam Don’t share any information with email address which uses real organization name but incorrect email/domain address. Example microsoft@gmail.com Don’t click on links in e-mails especially any that are requesting priva Attackers use URL shortner for hiding the intent hidden with the evil link. Don’t click on tiny (bitly/adsfly) URL or URL which have no meaning or sense 50 fter session. privileged access-hidden mode and dump the hashes. once you have nstall clear all the logs generated as a part of this exercise hashes from victim’s system r Against Advanced Phishing:- which comes as attachment from unknown /example your DOB or social security number private te information. e.g. http://bit.ly/1dUdYId
  • 11. International Journal of Computer science and Engineering Research and Development (IJCSERD), ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014) *You may get an email from your friend/relative does not mean they have sent it. Your friend/relative computer may have been infected or their account may have been compromised. If you have a suspicious email from a trusted friend or colleague, call them to confirm that they sent it. Use a telephone number that you already know or can independently verify, not one that was included in the message to verify Don’t share any usernames, passwords or transfer money urgently without verifying. Don’t plug any pen-drives, SD cards and other memory chips you find in your lying on ground or in your company campus to your company’s laptop/desktop, you may compromise security of entire company. Those days are gone when you used to get phishing emails with bad grammar and lousy spelling mistakes. Now-a-days Phishing emails look more authentic than the original emails. Do’s Check the grammar or spelling mistakes. Use common sense, if an email/call seems too good to be true, it is most likely an attack. Verify this every time while sharing any PSI or BSI over email. Use good Antivirus which has Web protections set to on while you are browsing. For Corporate/Business Use an updated anti-virus program that can scans e-mail and has Anti- Spam Filter enabled. Few of them also get coupled with browser to show site rating and risk. Also use Anti Trojan and Anti-Spyware to get rid of any harmful malwares. Always type a website URL manually for any Banking transactions, financial transactions or even for social websites like Facebook if you want to be secure. Use Open VPN for connecting and browsing on internet. Most of them are available for free. Please observe the”https://” and a lock icon in the address bar before entering any private information. Ensure all Financial Banking and social networking websites are on secured channel and has a valid SSL Certificate before performing login and performing any transactions. If you put your mouse Cursor over the link, your browser or security software will share the actual email id/URL Request for sharing PSI and BSI are a clear sign of an attack .Never share your PSI, BSI over emails from free email service providers like hacker@gmail.com, @yahoo.com,@rediffmail.com Set Internet Explorer as your default browser. Always use Mozilla Firefox in private browsing mode or Google Chrome in incognito mode for performing any financial transaction or logging into a Social Networking Website .Always remember to close your browser after use. Be aware of any email that requires quick attention or creates a sense of urgency so that you rush to click on it without thinking. Always use the preview method provided by email service providers to view the attachments that come via emails. Avoid tiny URLs .Use service such as Long URL to view the complete URL. These services also give you a preview of the URL which helps you to determine whether they are of malicious nature or not. Enable One Time Password functionality on Gmail, Yahoo, Facebook and other websites which you browse regularly and use to transfer SPI. Disable your Mobile’s internet connection while performing any transaction that involves use of OTP-One Time Password. Always dump suspicious emails in trash or marking it spam. Marking spam only once for one type of email helps your anti spam service to analyze its content and the signature including 51
  • 12. International Journal of Computer science and Engineering Research and Development (IJCSERD), ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014) email-id and host ip details from which the email was received which in turn helps to ensure that you don’t receive any malicious emails in future. Download Software Products only from authentic sources or for business purposes from companies own software store and keep them updated with latest versions and patches. Use Mobile Device Management solutions if you permit your employees to use Smart Phones to connect to company’s network or storing companies BSI. Download only those apps from android market which have been downloaded by at least 100000+ users. This doesn’t guarantee but would limit the possibility of you falling for a Smishing attack. Never speak of company’s secrets, SPI or BSI in public places. Example: Discussing Network diagram of your company over a cup of tea with anonymous people in public places. Spread and share awareness about phishing attacks and prevention. If you find any pen drives lying anonymously and if you are greedy enough to own it. Use it in own your home laptop and make sure you are not connected to internet. Also scan Pen drive for malware, Trojans and spyware. Make sure you open it on a VM. Make use of paper shredder in your organization and install it next to printers. Dispose of any confidential information using it. Ask the employees to collect their prints within 15 minutes from the time of print action. Never share your debit/credit cards at ATM centers. If you are not able to use it, request the concerned security personal present at ATM center for help and not to ask to person standing next to you. Always press cancel button two times once your transaction is complete. Conduct Phishing exercise within your company to analyze how vulnerable are your employees. Arrange a session for your friends and employees to generate awareness against phishing. If you come across any phishing website, please submit it at www.phishtank.com. Use https://www.virustotal.com and scan any suspicious URL before browsing it. Also send a Phishing Awareness email monthly once to your employees. So that they will be prepared for the worst and this exercise would definitely stop and limit any kind of phishing activity within your network. 52 Financial Losses via Phishing Attacks Fig: Financial Loss from Phishing Attacks
  • 13. International Journal of Computer science and Engineering Research and Development (IJCSERD), ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014) 53 Financial loss from phishing occurs in Millions of dollars. India ranks third in the world which is prone to phishing attacks. Last year financial loss was 28.8 million dollars. “Don’t have false assumptions that you will never be targeted. Beware you may be Next.” REFERENCES 1. Technical Trends in Phishing Attacks by Jason Milletary-CERT Coordination Center 2. Phishing Awareness –by Navy Information Operations Command (NIOC) Norfolk 3. https://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201302_en.pdf 4. http://www.moneycontrol.com/news/features/phishing-for trouble_648789.html ABOUT AUTHOR Avinash Sinha is a Security Consultant working with Aujas. Previously he has worked with IBM India Pvt Ltd as an Application Security Consultant for 2.8 Yrs. His key area of interests include Vulnerability assessments, Secure Code review, Security research, Penetration testing and professional interest focuses on network infrastructure protection. Amruta Moon is working as a faculty at G.H Raisoni College of engineering. She has completed her M.Tech in Software Engineering from Sagar institute. Her keen area of interest includes security research, image analysis and programming.