The analysis paper was created as a course work of Master of Science at the University of Illinois at Springfield. The paper gives an overview of a cybercrime investigation carried out by FBI famously known by its sobriquet PHISH PHRY that dealt with one of the most notorious phishing scams of recent times.
1. Vulnerability Analysis Paper 1
PHISH PHRY
Joydeep Banerjee, M.S.
University of Illinois at Springfield
Author Note
Contact: Email-jbane2@uis.edu
2. Vulnerability Analysis Paper 2
Table of Contents
Preface................................................................................................................................ 3
Phishing.............................................................................................................................. 4
Introduction to Phishing............................................................................................. 4
Phishing Techniques .................................................................................................... 4
Case in Point: - Phish Phry ......................................................................................... 6
Modus Operandi .......................................................................................................... 6
Egypt Chapter.......................................................................................................... 6
United States Chapter............................................................................................. 6
Mitigation Techniques ................................................................................................. 6
Current Status of the Attack.................................................................................... 7
Word of Caution from Ground Zero...................................................................... 7
References.......................................................................................................................... 8
Acknowledgement............................................................................................................. 9
3. Vulnerability Analysis Paper 3
Preface
This analysis paper essentially covers the fundamentals of Phishing and the techniques
employed for its accomplishment in real time scenarios. Phishing is one of the very
common ways applied by the cyber criminals and hackers to bait the users into sharing
confidential data and information. The data or information, so gathered, is used to
perform nefarious activities often leading to huge financial loses, bankruptcy and identity
theft. The paper also discusses on one of most notorious phishing scams of the decade
Phish Phry which amounted to a loss of 1 million dollars and compromising confidential
data of thousands of customers of two very reputed banks of the USA. The scam finally
got busted in the year 2011 convicting 47 people in the federal court. Like many
security experts of the world today, Dave Jevans, an industry expert, exclaimed, “As far
as a dent in the number of phishers out there and the phishing gangs, it's probably not
significant.”
4. Vulnerability Analysis Paper 4
Phishing
Introduction to Phishing
Phishing is a kind of social engineering technique often used to steal personal and
private information of users. The attacker masquerades as a popular or trusted or reputed
entity or a person and tries to deceive the user by maintaining a very convincing
approach. The hacker dupes a user into clicking on a link or press a button or open a
certain webpage that leads to installation of malware or revelation of confidential data
and information.
Phishing Techniques
Phishing can be accomplished using mediums like social websites, banks, email,
messenger applications and auction websites. Mentioned below are a few techniques of
performing a phishing attack:
Email
Email Phishing is one of the most common phishing techniques where the scammers
broadcast the same email to millions of users. The users are usually asked to provide
personal information and often their financial information as well. The scammers often
create a sense of urgency or emergency in the minds of the users to persuade them to
fill in the information. The gathered information is generally sold or used for nefarious
activities.
Link Manipulation
Link Manipulation Phishing is a technique where a scammer sends or broadcasts a
hyperlink to user(s) using instant messaging and manipulates them to click on that link.
As the user opens the link, it directs him to a fake website which has a look and feel
of an authentic website. The user might put in his credentials which in turn reaches the
hands of the phishers.
Web Based Delivery
Web Based Delivery Phishing is a technique where a phisher plays as the man-in-the-
middle between a website and the system. The phisher collects information passed on by
the user keeping the user completely in the dark.
Trojan horse
Trojans are malwares that are installed in the users’ machines without their knowledge or
consent to gather information from their machines.
5. Vulnerability Analysis Paper 5
Key Loggers
Key Loggers are also malware programs that records the keyboard inputs and sends the
information to the phisher. The information then can be used to break passcodes or other
confidential information.
Session Hacking
Session Hacking is a way where the hacker uses a sniffer to access information illegally
from a webserver.
Phone Phishing
Phone phishing is a kind of phishing where the hacker calls the user over phone and
asks for confidential information impersonating themselves as someone from a recognized
organization like banks, credit card companies etc.
Content Injection
Content Injection is a type of phishing where the phisher doctors a page in an authentic
website to deceive the users and lead them to fake pages where they are asked to enter
confidential information.
System Reconfiguration
Hackers often message a user to change the settings of the computer. The message
generally is sent from a web address that looks like an authentic site.
Search Engine Phishing
Search Engine is a technique where users are taken or lured to websites where products
are sold at cheaper prices. These sites are used to gather credit card or net banking
details of the users.
Phishers have been attacking bank customers and online payment service users to usurp
their financial information. Earlier the attacks used to be indiscriminate with a hope that
few might fall for the trap. With the advent of sophisticated techniques like data mining
and data analytics and illegal practices like insider trading and selling of data, attackers
are now able to perform targeted phishing. The phishing mails are sent to classified,
highly potential victims and the hit rate has increased considerably in the recent times.
This has culminated to large scale identity thefts and huge financial losses like in one of
the most notorious phishing cases of all times - Phish Phry.
6. Vulnerability Analysis Paper 6
Case in Point: - Phish Phry
Phish Phry is one of the largest phishing cases till date that has entailed almost 100
people charged in the US and Egypt. The criminals primarily targeted U.S. banks,
namely Wells Fargo and Bank of America, and as many as thousands of customers by
stealing and misusing their financial data and confidential information to transfer almost
$1.5 million to their own fake accounts. The fraudsters are indicted for computer fraud,
identity theft, conspiracy to commit bank fraud and money laundering.
Modus Operandi
Attackers or Phishers used to contact the customers by sending them fake emails that
seemed like official ones from banks or credit card companies. The emails then used to
take the victims to fake websites with a real look and feel. The users then would enter
account details, passcodes and confidential identification information.
Egypt Chapter
In Egypt the financial information collected from the fake website were used to hack
into the bank accounts. Then, the hackers and their handlers used to inform their
counterparts in U.S. through text messages or phone calls or online messengers. The
U.S. handlers would then facilitate the transferring of the money from the victims’
accounts to the freshly created fake accounts.
United States Chapter
The U.S. chapter of the scam was looked after by:
1. Nichole Michelle Merzi, 25, of Oceanside, CA;
2. Kenneth Joseph Lucas, 26, of Los Angeles, CA; and
3. Jonathan Preston Clark, 26, of Los Angeles, CA.
These 3 scamsters ordered recruitments to open bank accounts to transfer the stolen
money. Then an agreed portion of the money used to be withdrawn and wired to the
Egyptian handlers.
Mitigation Techniques
Phishing attack Phish Phry could have been detected and neutralized had the affected
users performed the following preventive actions :
Using caution when checking emails or clicking any link in the email without
verifying the authenticity of the source. Never falling prey to the scare tactics or
sense of urgency created by attackers to get confidential or private information
7. Vulnerability Analysis Paper 7
Setting Spam filters to high will keep the inbox free from spam mailers
Using right anti-virus program will help in detecting and neutralizing the
unwanted programs or viruses or malwares
Checking website URLs carefully to avoid visiting look-alike spoofed versions of
websites with almost similar URLs
Avoiding to chat with any stranger over internet and giving out any private
information or changing any privacy settings on being asked or advised
Raising awareness and educating peers to maintain precaution as stated above.
Current Status of the Attack
The attack has been contained and the customers are compensated by both the banks for
the loses. Both Wells Fargo and Bank of America have increased their awareness
campaigns and customer education in a bid to combat phishing practices. Wells Fargo
has an emergency dial and mail address to report suspicious mails or messages. Bank of
America, too, has an emergency mail address to flag phishing attempts. Efforts are on in
full swing to educate the customers but at the end of the day it’s the customers whose
caution can save themselves from being victimized.
Word of Caution from Ground Zero
“Cybercrime might not seem real until it hits you,” Mueller said. “But every personal,
academic, corporate, and government network plays a role in national security.” The
Bureau wants the law enforcement and intelligence agencies to work hand-in-hand to
fight against cybercrimes like phishing. Even though the government is working hard to
keep high standards and building partnerships, Mueller added, “we are still outnumbered
by cyber criminals.” His piece of advice for the users using smart devices to use
firewalls, antiviruses and maintain a strong password policy or practice. “We all have a
responsibility to protect the infrastructure that protects the world,” Mueller said.
9. Vulnerability Analysis Paper 9
Acknowledgement
Before I conclude I would like to take this opportunity to express my sincere gratitude
to the Department of Computer Science, University of Illinois at Springfield, for
providing me the scope to engage myself into research based learning. I owe my deep
regards to Professor Mark Huson for being the guide and the torchbearer during the
course of writing this paper.
I thank my family and my God for being a constant source of inspiration for me. I
hope I have been able to deliver to the best of my abilities to prepare this paper in its
present shape. Thank you so much. Cheers!