SlideShare a Scribd company logo

Phishing attack types and mitigation strategies

S
Sarim Khawaja

A brief paper about phishing and its variants.

Technology
1 of 7
Download to read offline
PHISHING ATTACK TYPES & MITIGATION STRATEGIES SARIM KHAWAJA VERSION 1.1 27 OCTOBER 2013
1 1 INTRODUCTION Phishing, otherwise known as carding or brand spoofing [1], is a malicious attempt to acquire personal information from a user. The personal information sought may include, but is not limited to usernames, passwords and bank account/credit card details. Since the user is more likely to respond to someone known to them, the attacker may pose as the user’s bank, email provider, company IT ad- ministrator, or social networking website. The term phishing may originate from the phrase ‘password harvesting fishing’ [2], or may be an adaptation of the term ‘phreak’/’phone freak’ [3]. The word is analo- gous to ‘fishing’ as the attacker uses an email as bait to ‘catch’ usernames and passwords. In the traditional model, an attacker sends an authentic-looking email to thousands of ad- dresses. The PCs of the small percentage of users that act on the email by downloading the attachment are then infected with a Tro- jan or other malware. Phishing is a serious threat to consumers as well as to organizations. Industry sectors most targeted for phishing attacks in the first quarter of 2013 were payment services (45.48%), financial (23.95%), retail/service (9.84%), ISP (8.52%), and gaming (5.66%), and the top country hosting phishing sites was the U.S [4]. According to estimates, 5% of adults in the U.S fall prey to phishing every year [5], and with total damages of $3.2 billion in 2007 alone [6]. The brand and reputation of a business is damaged by its customers becoming targets of phishing scams. The experience can make users wary of fraud, making them less likely to do business online, which in turn means loss of revenue for the company. New types and techniques of phishing attacks are continuously being developed and uti- lized. Businesses must be proactive in defend- ing against such attacks. New types and techniques of phishing attacks are continuously being developed and uti- lized. Businesses must be proactive in defend- ing against such attacks. 2 PHISHING IN THE GULF REGION According to Symantec, Saudi Arabia and the UAE are the most vulnerable to phishing at- tacks in the Gulf region [7]. In 2010, Infor- mation Security Solution Provider IT Matrix detected 1145 unique phishing attacks in the UAE, while the occurrence in Saudi Arabia was the highest of the region for 2007 and 2008 [8]. Following a phishing attack on Saudi Aramco in August 2012, more than 30000 computers were compromised [9]. Saudi Arabia also faces the highest risk of pri- vacy exposure due to malicious Android app usage [10]. A conference paper examined susceptibility of 200 undergraduate students in Saudi Ara- bia to phishing [11]. They were divided ran- domly into two groups of click-a-link emails (after which the user was sent to a login page) and reply-directly emails. A total of 14 stu- dents fell victim to the emails, 12 of which had responded to the click-a-link email. 3 TYPES OF PHISHING Since the first incident of phishing in 1996 [3], phishing has evolved and now has several dif- ferent classifications. 3.1 SPEAR PHISH This variation of phishing involves some re- connaissance, planning and information- gathering in advance of ‘casting the bait’, and is so called because it is more specific than spam phishing. The information may be pub- lically available from social networking sites, or may be obtained by methods of social en- gineering. This information is then used to
2 craft a specific email the content of which ei- ther appeals to the interests of the particular user or seems to be genuinely addressed to them, making them more likely to fall for the deception. 3.2 ROCK PHISH Rock-phishing involves purchasing several domains which are a random mixture of al- phanumeric characters. All of these domains are used to make URLs with unique identifi- ers, and these URLs resolve the single IP ad- dress of a compromised machine. When that machine is removed, the DNS is adjusted to another machine in the botnet. ‘Rock Phish’ was also the name of a phishing gang. On av- erage, Rock Phish sites stay live for longer than typical ones [12]. 3.3 FAST-FLUX Fast flux types are related to Rock Phish at- tacks in that they also generally use botnets of compromised machines, which act a proxy servers so as to hide the actual location of the attacker. There are however multiple simulta- neous IP addresses in use, and these fluctuate after a regular interval of time [12]. 3.4 TILDE PHISH Tilde Phish use a new style of multiple URLs that point to websites on several domains, when in reality they send the user to one same phishing website. This method uses the fact that some web servers are configured to all al- low file path viewing on any virtual domain hosted on that server. The URLs contain a tilde (~), hence the name [13]. 3.5 WATER-HOLING This technique involves locating an online re- source or website that is frequently visited by a target audience, compromising it, and ex- ploiting vulnerabilities in visitors’ browsers extract credentials and install malware. 3.6 PHARMING (DNS-BASED PHISHING) This term refers to any sort of phishing attack that abuses the DNS lookup process for a par- ticular domain name. This can either be done by redirecting the user’s DNS to a malicious server, hacking an existing, legitimate DNS server, or by changing the PCs hosts file through malware. 3.7 WHALING When top-level executives or high-value tar- gets are the victims, phishing becomes whal- ing. This technique is homonymous with ‘whaling’, the hunting of whales, which are large fish. 4 TOOLS &TECHNIQUES 4.1 SPAM (CLASSIC PHISHING) An official-looking email, professing to be from an organization such as a bank, payment or money transfer business, or a coworker ei- ther requires the user to confirm their ac- count, or claims that the user has been se- lected for a prize. Some variations involve em- bedded links to fake webpages while others involve attachments containing Trojans and malware. On the fake webpages, the user may be required to enter details for their email or bank accounts, which are then transferred to the proponent of the phishing scam. Almost all of these emails have an underlying sense of urgency, such as this offer expires in 24 hours or if you do not respond to this email within 24 hours, your account will be closed. The ad- dresses from which these email originate are sometimes a slight variation of the original entity’s domain (abc@citybank.com vs. abc@citibank.com) known as fuzzy domains
3 or look-alike domains [1], however they may be a random selection of words and alphanu- meric characters. 4.2 INSTANT MESSAGING AND SOCIAL NETWORKING The same underlying principle as the email/spam technique can be used with In- stant Messaging or Social Networking ac- counts being used instead of email accounts. 4.3 SMS (SMISHING) This method uses SMS to deliver the bait. Typically, the user receives a text message in- forming them that their account has been compromised or deactivated. They are then directed to a spoofed website or Vishing line (see below) to recover the account, where they are asked for their credentials. 4.4 TABNABBING An apparently normal page has a script em- bedded in it which detects when the tab has lost focus for some time. Then favicon and ti- tle of the page as well as the page itself is re- placed by a page similar to an organization’s official login page. The user may think that they forgot to close that page, and possibly enter their credentials into it, thereby com- promising their account. 4.5 VISHING/PHONE PHISHING Phone phishers often use VoIP to set up a number which potential victims can call. These numbers may be advertised by means of email or by hacking a genuine website, and some may even spoof their caller ID to appear to be from a reputable organization. When called, these lines require the user to input their account details. 4.6 PHLASHING (FLASH-BASED PHISHING SITES) Since it is relatively easy to detect phishing sites that are copies of genuine sites through automated software, a new form of phishing which involves using flash-based sites emerged. Flash-based sites are not as easily recognized as HTML phishing sites by spe- cialized software. This breed of attacks was first seen in 2006 [14]. 4.7 TYPO SQUATTING The basic principle of this technique is regis- tering a domain name that a user may acci- dentally type instead of the original, and pos- sibly not notice. The fake site on that domain usually looks very similar to the genuine one, and a busy or novice user may not notice their typo and continue using the fake site. 4.8 URL MANIPULATION/MASQUERADING A hyperlink has two parts: the text visible to the user, and the underlying link, the two of which need not be the same. Masqueraded URLs leverage this discrepancy to make the user believe that clicking a certain link will take them to the official login page when in reality the link sends the user to the fake page. 4.9 SESSION HIJACKING This can be performed remotely through a man-in-the-middle attack (see below) or lo- cally using malware. Once the user has logged in with their credentials, the malware ‘hijacks’ the session and performs malicious actions which may include extracting credentials. 4.10 MAN-IN-THE-MIDDLE An attacker places himself between the user and a genuine website, most often using ARP spoofing. Any authentication requests are
4 sent through the attacker and can therefore be compromised. 4.11 EVIL TWINS Public places such as cafés and airport often have public Wi-Fi services. An attacker can easily set up their own Wi-Fi hotspot in this area with the same SSID and authentication (if present). Credentials of any users that con- nect to the network and visit certain websites can be sniffed. 4.12 BROWSER SPOOFING VULNERABILITIES As with any piece of software, browsers may also have vulnerabilities in their code, which can be exploited to obfuscate the address bar to look like the site is SSL authenticated, or to install malware on the victim’s PC. Although all the currently listed vulnerabilities already have security patches available [15], they can still be exploited in a machine that is not up- to-date on its patches. 4.13 BOTS/BOTNETS Botnets can be leveraged for phishing as the processing power, bandwidth, and disk space of the computers on which they reside can ex- tend the scope of the phishing attack. 5 MITIGATION TECHNIQUES 5.1 USER-DEPENDENT 5.1.1 TWO-FACTOR AUTHENTICATION This is a mechanism that requires proof of two out of the following three properties: what you have, what you know, and what you are. So apart from your account name and password (know), you may be required to un- dergo a fingerprint or retinal scan (are), or possess (have) a smartcard or hardware to- ken. Additionally this hardware token may generate a regularly varying component. Cer- tain banks have implemented a system whereby customers are given a number of Transaction Numbers (TANs) every month, to approve single transactions [15]. 5.1.2 BROWSER PLUGINS Certain anti-phishing browser plugins exist that use crowd-sourced and phishing black- list databases to determine that authenticity of a website, and warn users of potentially fake sites, or block them altogether. 5.1.3 ANTIVIRUS SOFTWARE WITH SPAM- FILTERING AND WEB PROTECTION Antivirus software has become much more than just a program that scans your files. Most modern day antivirus software contain web, email and spam protection, and these can be critical in preventing the user falling victim to phishing. However, these protection suites must be kept up to date or the PC is left vul- nerable to the latest variations of the attack. Some of the techniques used by this type of software are content blacklisting, blocking email from relays known to send out spam, and Bayesian spam filtering [15]. 5.1.4 END-USER AWARENESS AND EDUCATION Organizations can take a proactive approach to fraud by educating their employees, end- users and consumers about potential signs of fraud. In case of a specific phishing attack, alerts can be issued on official websites, in the news, and via email. The user can be educated to approach links in email with extreme cau- tion, to ensure SSL is being used (via the ad- dress bar), and to scrutinize the domain name. Although all of these can be spoofed to avoid suspicion [16], this at least provides an- other layer of protection against most ama- teur phishing attacks.
5 5.2 USER-INDEPENDENT 5.2.1 LEXICAL ANALYSIS Recognition of common word patterns and phrases in phishing messages is one of the earliest methods of spam and phishing detec- tion. 5.2.2 SENDER REPUTATION ANALYSIS Some phishing senders have a certain pattern to their domain names, and these may be blacklisted on well-known sites:  spamhaus.org/sbl  ers.trendmicro.com  mxtoolbox.com/blacklists.aspx Permutations of existing domains are also ideal candidates for phishing use. 5.2.3 ATTACHMENT SIGNATURE RECOGNITION Most email providers avail the services of se- curity companies that provide online scan- ning of all incoming and outgoing attach- ments. 5.2.4 SECURE SOCKETS LAYER (SSL) SSL is protocol that secures browsing by en- crypting transmission, while using certificate to ensure the identity of both sides. SSL uses HTTPS instead of HTTP. While not com- pletely foolproof on its own [17], this technol- ogy in combination with others can be one of the indications as to the authenticity of a website. When a website is detected to be SSL secured by a browser, a small padlock icon ap- pears in the address bar. 5.2.5 WEBSITE TAKEDOWN When a phishing website is detected, the DNS and hosting provider can be notified. After analyzing it themselves, they usually take down the website or remove the DNS records. 6 SUMMARY Phishing is an ever-increasing and evolving threat to businesses. It takes advantage of hu- man behaviors such as curiosity, trust or com- passion. As these attacks develop in complexity, the world is also taking positive steps in anti- phishing efforts. There are several organiza- tions committed to fighting online fraud such as the Internet Crime Complaint Center, Na- tional Cyber-Forensics and Training Alliance, and the Anti-Phishing Working Group. Although there isn’t an all-encompassing technology to stop phishing, a mixture of best practices, constant diligence, and correct ap- plication of the latest technologies can reduce the frequency of phishing attacks and the en- suing loss.
6 7 REFERENCES [1] L. James, Phishing Exposed, Syngress Publishing, Inc., 2005. [2] A. V. Mahajan, "Phishing and Man-in-the-Middle Attacks," University of Southern California. [3] A. S. Martino and X. Perramon, "Phishing Secrets: History, Effects, and Countermeasures," International Journal of Network Security, vol. 11, no. 3, p. 163–171, 2010. [4] Anti-Phishing Working Group (APWG), "Phishing Activity Trends Report," 1st Quarter 2013. [5] The Anti-Phishing Group at Indiana University, "Stopphishing.com - Protect the Public," 2006. [Online]. Available: indiana.edu/~phishing/?prot_public. [Accessed 20 October 2013]. [6] A. Bergholz, J. D. Beer, S. Glahn, M.-F. Moens, G. Paaß and S. Strobel, "New Filtering Approaches for Phishing Email," International Journal of Computer Trends and Technology (IJCTT), vol. 4, no. 6, June 2013. [7] "Saudi Arabia, UAE rank high for phishing attacks: Symantec," Arab News, 30 November 2011. [Online]. Available: arabnews.com/node/399661. [Accessed 20 October 2013]. [8] G. Enzer, "UAE hit hard by increasing phishing," ITP.net, 26 April 2011. [Online]. Available: itp.net/584599-uae-hit-hard-by-increasing- phishing. [Accessed 20 October 2013]. [9] W. Mahdi, "Saudi Arabia Says Aramco Cyberattack Came From Foreign States," Bloomberg.com, 9 December 2012. [Online]. Available: bloomberg.com/news/2012-12- 09/saudi-arabia-says-aramco-cyberattack-came- from-foreign-states.html. [Accessed 20 October 2013]. [10] K. Kanchi, "Fake applications, phishing sites hit smartphone users," The Hindu Business Line, 23 May 2013. [Online]. Available: thehindubusinessline.com/industry-and- economy/info-tech/fake-applications-phishing- sites-hit-smartphone-users/article4742336.ece. [Accessed 20 October 2013]. [11] I. Alseadoon, T. Chan, E. Foo and J. G. Nieto, "Who is more susceptible to phishing emails?: A Saudi Arabian study," in 23rd Australasian Conference on Information Systems, 2012. [12] T. Moore and R. Clayton, "The Impact of Incentives on Notice and Take-down," in Managing Information Risk and the Economics of Security, Springer US, 2009, pp. 199-223. [13] B. Gyawali, T. Solorio, M. Montes-y-Gómez, B. Wardman and G. Warner, "Evaluating a Semisupervised Approach to Phishing URL Identification in a Realistic Scenario," Department of Computer and Information Sciences, University of Alabama at Birmingham. [14] R. Miller, "Phishing Attacks Continue to Grow in Sophistication," Netcraft, 15 January 2007. [Online]. Available: http://news.netcraft.com/archives/2007/01/15/p hishing_attacks_continue_to_grow_in_sophistic ation.html. [Accessed 20 October 2013]. [15] J. Milletary, "Technical Trends in Phishing Attacks," US-CERT, 2005. [16] A. Emigh, "Online Identity Theft: Phishing Technology, Chokepoints and Countermeasures," ITTC Report on Online Identity Theft Technology and Countermeasures, 2005. [17] R. Lininger and R. D. Vines, Phishing: Cutting the Identity Theft Line, Wiley Publishing, Inc., 2005. [18] G. Enzer, "UAE hit hard by increasing phishing," ITP.net, 26 April 2011. [Online]. Available: itp.net/584599-uae-hit-hard-by-increasing- phishing. [Accessed 20 October 2013].

Recommended

Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing Tools
IRJET Journal
 
A novel way of integrating voice recognition and one time passwords to preven...
A novel way of integrating voice recognition and one time passwords to preven...A novel way of integrating voice recognition and one time passwords to preven...
A novel way of integrating voice recognition and one time passwords to preven...
ijdpsjournal
 
A Review on Antiphishing Framework
A Review on Antiphishing FrameworkA Review on Antiphishing Framework
A Review on Antiphishing Framework
IJAEMSJORNAL
 
A Survey Paper on Identity Theft in the Internet
A Survey Paper on Identity Theft in the InternetA Survey Paper on Identity Theft in the Internet
A Survey Paper on Identity Theft in the Internet
ijtsrd
 
The Evolution of Phising Attacks
The Evolution of Phising AttacksThe Evolution of Phising Attacks
The Evolution of Phising Attacks
Bee_Ware
 
Web phish detection (an evolutionary approach)
Web phish detection (an evolutionary approach)Web phish detection (an evolutionary approach)
Web phish detection (an evolutionary approach)
eSAT Publishing House
 
Web phish detection (an evolutionary approach)
Web phish detection (an evolutionary approach)Web phish detection (an evolutionary approach)
Web phish detection (an evolutionary approach)
eSAT Journals
 
2 phishing
2 phishing2 phishing
2 phishing
Yadavalli Thripura
 

Recommended

Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing Tools
IRJET Journal
 
A novel way of integrating voice recognition and one time passwords to preven...
A novel way of integrating voice recognition and one time passwords to preven...A novel way of integrating voice recognition and one time passwords to preven...
A novel way of integrating voice recognition and one time passwords to preven...
ijdpsjournal
 
A Review on Antiphishing Framework
A Review on Antiphishing FrameworkA Review on Antiphishing Framework
A Review on Antiphishing Framework
IJAEMSJORNAL
 
A Survey Paper on Identity Theft in the Internet
A Survey Paper on Identity Theft in the InternetA Survey Paper on Identity Theft in the Internet
A Survey Paper on Identity Theft in the Internet
ijtsrd
 
The Evolution of Phising Attacks
The Evolution of Phising AttacksThe Evolution of Phising Attacks
The Evolution of Phising Attacks
Bee_Ware
 
Web phish detection (an evolutionary approach)
Web phish detection (an evolutionary approach)Web phish detection (an evolutionary approach)
Web phish detection (an evolutionary approach)
eSAT Publishing House
 
Web phish detection (an evolutionary approach)
Web phish detection (an evolutionary approach)Web phish detection (an evolutionary approach)
Web phish detection (an evolutionary approach)
eSAT Journals
 
2 phishing
2 phishing2 phishing
2 phishing
Yadavalli Thripura
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Security
anjuselina
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
chiewmingli
 
New Malicious Attacks on Mobile Banking Applications
New Malicious Attacks on Mobile Banking ApplicationsNew Malicious Attacks on Mobile Banking Applications
New Malicious Attacks on Mobile Banking Applications
DR.P.S.JAGADEESH KUMAR
 
Phishing
PhishingPhishing
Phishing
defquon
 
Intro phishing
Intro phishingIntro phishing
Intro phishing
Sayali Dayama
 
Android mobile platform security and malware
Android mobile platform security and malwareAndroid mobile platform security and malware
Android mobile platform security and malware
eSAT Publishing House
 
Tittl e
Tittl eTittl e
Tittl e
KayhellKecoh
 
Safeguarding PeopleSoft Against Direct Deposit Theft
Safeguarding PeopleSoft Against Direct Deposit TheftSafeguarding PeopleSoft Against Direct Deposit Theft
Safeguarding PeopleSoft Against Direct Deposit Theft
Appsian
 
ICT-phishing
ICT-phishingICT-phishing
ICT-phishing
MH BS
 
An overview study on cyber crimes in internet
An overview study on cyber crimes in internetAn overview study on cyber crimes in internet
An overview study on cyber crimes in internet
Alexander Decker
 
Improving Phishing URL Detection Using Fuzzy Association Mining
Improving Phishing URL Detection Using Fuzzy Association MiningImproving Phishing URL Detection Using Fuzzy Association Mining
Improving Phishing URL Detection Using Fuzzy Association Mining
theijes
 
Seminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII SemSeminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII Sem
Narendra Singh
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
temi
 
Phishing
PhishingPhishing
Phishing
Syahida
 
When developers api simplify user mode rootkits development – part ii
When developers api simplify user mode rootkits development – part iiWhen developers api simplify user mode rootkits development – part ii
When developers api simplify user mode rootkits development – part ii
Yury Chemerkin
 
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...
IJCSEA Journal
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?
Quick Heal Technologies Ltd.
 
Phishing
PhishingPhishing
Phishing
Esraa Yaseen
 
Intelligent Phishing Website Detection and Prevention System by Using Link Gu...
Intelligent Phishing Website Detection and Prevention System by Using Link Gu...Intelligent Phishing Website Detection and Prevention System by Using Link Gu...
Intelligent Phishing Website Detection and Prevention System by Using Link Gu...
IOSR Journals
 
Customer Involvement in Phishing Defence
Customer Involvement in Phishing DefenceCustomer Involvement in Phishing Defence
Customer Involvement in Phishing Defence
Jordan Schroeder
 
need help with a term paper 8 pages Write a term paper that discusse.pdf
need help with a term paper 8 pages Write a term paper that discusse.pdfneed help with a term paper 8 pages Write a term paper that discusse.pdf
need help with a term paper 8 pages Write a term paper that discusse.pdf
anjandavid
 
E Mail Phishing Prevention and Detection
E Mail Phishing Prevention and DetectionE Mail Phishing Prevention and Detection
E Mail Phishing Prevention and Detection
ijtsrd
 

More Related Content

What's hot

ICT-phishing
ICT-phishingICT-phishing
ICT-phishing
MH BS
 
An overview study on cyber crimes in internet
An overview study on cyber crimes in internetAn overview study on cyber crimes in internet
An overview study on cyber crimes in internet
Alexander Decker
 
Improving Phishing URL Detection Using Fuzzy Association Mining
Improving Phishing URL Detection Using Fuzzy Association MiningImproving Phishing URL Detection Using Fuzzy Association Mining
Improving Phishing URL Detection Using Fuzzy Association Mining
theijes
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
temi
 
Phishing
PhishingPhishing
Phishing
Syahida
 
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...
IJCSEA Journal
 
Customer Involvement in Phishing Defence
Customer Involvement in Phishing DefenceCustomer Involvement in Phishing Defence
Customer Involvement in Phishing Defence
Jordan Schroeder
 

What's hot (20)

Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Security
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
 
New Malicious Attacks on Mobile Banking Applications
New Malicious Attacks on Mobile Banking ApplicationsNew Malicious Attacks on Mobile Banking Applications
New Malicious Attacks on Mobile Banking Applications
 
Phishing
PhishingPhishing
Phishing
 
Intro phishing
Intro phishingIntro phishing
Intro phishing
 
Android mobile platform security and malware
Android mobile platform security and malwareAndroid mobile platform security and malware
Android mobile platform security and malware
 
Tittl e
Tittl eTittl e
Tittl e
 
Safeguarding PeopleSoft Against Direct Deposit Theft
Safeguarding PeopleSoft Against Direct Deposit TheftSafeguarding PeopleSoft Against Direct Deposit Theft
Safeguarding PeopleSoft Against Direct Deposit Theft
 
ICT-phishing
ICT-phishingICT-phishing
ICT-phishing
 
An overview study on cyber crimes in internet
An overview study on cyber crimes in internetAn overview study on cyber crimes in internet
An overview study on cyber crimes in internet
 
Improving Phishing URL Detection Using Fuzzy Association Mining
Improving Phishing URL Detection Using Fuzzy Association MiningImproving Phishing URL Detection Using Fuzzy Association Mining
Improving Phishing URL Detection Using Fuzzy Association Mining
 
Seminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII SemSeminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII Sem
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
 
Phishing
PhishingPhishing
Phishing
 
When developers api simplify user mode rootkits development – part ii
When developers api simplify user mode rootkits development – part iiWhen developers api simplify user mode rootkits development – part ii
When developers api simplify user mode rootkits development – part ii
 
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?
 
Phishing
PhishingPhishing
Phishing
 
Intelligent Phishing Website Detection and Prevention System by Using Link Gu...
Intelligent Phishing Website Detection and Prevention System by Using Link Gu...Intelligent Phishing Website Detection and Prevention System by Using Link Gu...
Intelligent Phishing Website Detection and Prevention System by Using Link Gu...
 
Customer Involvement in Phishing Defence
Customer Involvement in Phishing DefenceCustomer Involvement in Phishing Defence
Customer Involvement in Phishing Defence
 

Similar to Phishing attack types and mitigation strategies

need help with a term paper 8 pages Write a term paper that discusse.pdf
need help with a term paper 8 pages Write a term paper that discusse.pdfneed help with a term paper 8 pages Write a term paper that discusse.pdf
need help with a term paper 8 pages Write a term paper that discusse.pdf
anjandavid
 
E Mail Phishing Prevention and Detection
E Mail Phishing Prevention and DetectionE Mail Phishing Prevention and Detection
E Mail Phishing Prevention and Detection
ijtsrd
 
December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10
seadeloitte
 
Sip 140208055023-phpapp02
Sip 140208055023-phpapp02Sip 140208055023-phpapp02
Sip 140208055023-phpapp02
mark scott
 
Detecting malicious URLs using binary classification through ada boost algori...
Detecting malicious URLs using binary classification through ada boost algori...Detecting malicious URLs using binary classification through ada boost algori...
Detecting malicious URLs using binary classification through ada boost algori...
IJECEIAES
 

Similar to Phishing attack types and mitigation strategies (20)

need help with a term paper 8 pages Write a term paper that discusse.pdf
need help with a term paper 8 pages Write a term paper that discusse.pdfneed help with a term paper 8 pages Write a term paper that discusse.pdf
need help with a term paper 8 pages Write a term paper that discusse.pdf
 
E Mail Phishing Prevention and Detection
E Mail Phishing Prevention and DetectionE Mail Phishing Prevention and Detection
E Mail Phishing Prevention and Detection
 
Phishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresPhishing: Analysis and Countermeasures
Phishing: Analysis and Countermeasures
 
Internet threats and defence mechanism
Internet threats and defence mechanismInternet threats and defence mechanism
Internet threats and defence mechanism
 
Phishing Attacks: A Challenge Ahead
Phishing Attacks: A Challenge AheadPhishing Attacks: A Challenge Ahead
Phishing Attacks: A Challenge Ahead
 
December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10
 
IRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing Techniques
 
Cyber security
Cyber securityCyber security
Cyber security
 
Phishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresPhishing: Analysis and Countermeasures
Phishing: Analysis and Countermeasures
 
Email threat detection and mitigation
Email threat detection and mitigationEmail threat detection and mitigation
Email threat detection and mitigation
 
Strategies to handle Phishing attacks
Strategies to handle Phishing attacksStrategies to handle Phishing attacks
Strategies to handle Phishing attacks
 
10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf
10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf
10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf
 
internet security
internet securityinternet security
internet security
 
Ethical Hacking and Cyber Security
Ethical Hacking and Cyber SecurityEthical Hacking and Cyber Security
Ethical Hacking and Cyber Security
 
Sip 140208055023-phpapp02
Sip 140208055023-phpapp02Sip 140208055023-phpapp02
Sip 140208055023-phpapp02
 
Exploring And Investigating New Dimensions In Phishing
Exploring And Investigating New Dimensions In PhishingExploring And Investigating New Dimensions In Phishing
Exploring And Investigating New Dimensions In Phishing
 
Spear Phishing
Spear PhishingSpear Phishing
Spear Phishing
 
Phishing.pdf
Phishing.pdfPhishing.pdf
Phishing.pdf
 
Common Security Issues on the Internet
Common Security Issues on the InternetCommon Security Issues on the Internet
Common Security Issues on the Internet
 
Detecting malicious URLs using binary classification through ada boost algori...
Detecting malicious URLs using binary classification through ada boost algori...Detecting malicious URLs using binary classification through ada boost algori...
Detecting malicious URLs using binary classification through ada boost algori...
 

Recently uploaded

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 

Recently uploaded (20)

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 

Phishing attack types and mitigation strategies

  • 1. PHISHING ATTACK TYPES & MITIGATION STRATEGIES SARIM KHAWAJA VERSION 1.1 27 OCTOBER 2013
  • 2. 1 1 INTRODUCTION Phishing, otherwise known as carding or brand spoofing [1], is a malicious attempt to acquire personal information from a user. The personal information sought may include, but is not limited to usernames, passwords and bank account/credit card details. Since the user is more likely to respond to someone known to them, the attacker may pose as the user’s bank, email provider, company IT ad- ministrator, or social networking website. The term phishing may originate from the phrase ‘password harvesting fishing’ [2], or may be an adaptation of the term ‘phreak’/’phone freak’ [3]. The word is analo- gous to ‘fishing’ as the attacker uses an email as bait to ‘catch’ usernames and passwords. In the traditional model, an attacker sends an authentic-looking email to thousands of ad- dresses. The PCs of the small percentage of users that act on the email by downloading the attachment are then infected with a Tro- jan or other malware. Phishing is a serious threat to consumers as well as to organizations. Industry sectors most targeted for phishing attacks in the first quarter of 2013 were payment services (45.48%), financial (23.95%), retail/service (9.84%), ISP (8.52%), and gaming (5.66%), and the top country hosting phishing sites was the U.S [4]. According to estimates, 5% of adults in the U.S fall prey to phishing every year [5], and with total damages of $3.2 billion in 2007 alone [6]. The brand and reputation of a business is damaged by its customers becoming targets of phishing scams. The experience can make users wary of fraud, making them less likely to do business online, which in turn means loss of revenue for the company. New types and techniques of phishing attacks are continuously being developed and uti- lized. Businesses must be proactive in defend- ing against such attacks. New types and techniques of phishing attacks are continuously being developed and uti- lized. Businesses must be proactive in defend- ing against such attacks. 2 PHISHING IN THE GULF REGION According to Symantec, Saudi Arabia and the UAE are the most vulnerable to phishing at- tacks in the Gulf region [7]. In 2010, Infor- mation Security Solution Provider IT Matrix detected 1145 unique phishing attacks in the UAE, while the occurrence in Saudi Arabia was the highest of the region for 2007 and 2008 [8]. Following a phishing attack on Saudi Aramco in August 2012, more than 30000 computers were compromised [9]. Saudi Arabia also faces the highest risk of pri- vacy exposure due to malicious Android app usage [10]. A conference paper examined susceptibility of 200 undergraduate students in Saudi Ara- bia to phishing [11]. They were divided ran- domly into two groups of click-a-link emails (after which the user was sent to a login page) and reply-directly emails. A total of 14 stu- dents fell victim to the emails, 12 of which had responded to the click-a-link email. 3 TYPES OF PHISHING Since the first incident of phishing in 1996 [3], phishing has evolved and now has several dif- ferent classifications. 3.1 SPEAR PHISH This variation of phishing involves some re- connaissance, planning and information- gathering in advance of ‘casting the bait’, and is so called because it is more specific than spam phishing. The information may be pub- lically available from social networking sites, or may be obtained by methods of social en- gineering. This information is then used to
  • 3. 2 craft a specific email the content of which ei- ther appeals to the interests of the particular user or seems to be genuinely addressed to them, making them more likely to fall for the deception. 3.2 ROCK PHISH Rock-phishing involves purchasing several domains which are a random mixture of al- phanumeric characters. All of these domains are used to make URLs with unique identifi- ers, and these URLs resolve the single IP ad- dress of a compromised machine. When that machine is removed, the DNS is adjusted to another machine in the botnet. ‘Rock Phish’ was also the name of a phishing gang. On av- erage, Rock Phish sites stay live for longer than typical ones [12]. 3.3 FAST-FLUX Fast flux types are related to Rock Phish at- tacks in that they also generally use botnets of compromised machines, which act a proxy servers so as to hide the actual location of the attacker. There are however multiple simulta- neous IP addresses in use, and these fluctuate after a regular interval of time [12]. 3.4 TILDE PHISH Tilde Phish use a new style of multiple URLs that point to websites on several domains, when in reality they send the user to one same phishing website. This method uses the fact that some web servers are configured to all al- low file path viewing on any virtual domain hosted on that server. The URLs contain a tilde (~), hence the name [13]. 3.5 WATER-HOLING This technique involves locating an online re- source or website that is frequently visited by a target audience, compromising it, and ex- ploiting vulnerabilities in visitors’ browsers extract credentials and install malware. 3.6 PHARMING (DNS-BASED PHISHING) This term refers to any sort of phishing attack that abuses the DNS lookup process for a par- ticular domain name. This can either be done by redirecting the user’s DNS to a malicious server, hacking an existing, legitimate DNS server, or by changing the PCs hosts file through malware. 3.7 WHALING When top-level executives or high-value tar- gets are the victims, phishing becomes whal- ing. This technique is homonymous with ‘whaling’, the hunting of whales, which are large fish. 4 TOOLS &TECHNIQUES 4.1 SPAM (CLASSIC PHISHING) An official-looking email, professing to be from an organization such as a bank, payment or money transfer business, or a coworker ei- ther requires the user to confirm their ac- count, or claims that the user has been se- lected for a prize. Some variations involve em- bedded links to fake webpages while others involve attachments containing Trojans and malware. On the fake webpages, the user may be required to enter details for their email or bank accounts, which are then transferred to the proponent of the phishing scam. Almost all of these emails have an underlying sense of urgency, such as this offer expires in 24 hours or if you do not respond to this email within 24 hours, your account will be closed. The ad- dresses from which these email originate are sometimes a slight variation of the original entity’s domain (abc@citybank.com vs. abc@citibank.com) known as fuzzy domains
  • 4. 3 or look-alike domains [1], however they may be a random selection of words and alphanu- meric characters. 4.2 INSTANT MESSAGING AND SOCIAL NETWORKING The same underlying principle as the email/spam technique can be used with In- stant Messaging or Social Networking ac- counts being used instead of email accounts. 4.3 SMS (SMISHING) This method uses SMS to deliver the bait. Typically, the user receives a text message in- forming them that their account has been compromised or deactivated. They are then directed to a spoofed website or Vishing line (see below) to recover the account, where they are asked for their credentials. 4.4 TABNABBING An apparently normal page has a script em- bedded in it which detects when the tab has lost focus for some time. Then favicon and ti- tle of the page as well as the page itself is re- placed by a page similar to an organization’s official login page. The user may think that they forgot to close that page, and possibly enter their credentials into it, thereby com- promising their account. 4.5 VISHING/PHONE PHISHING Phone phishers often use VoIP to set up a number which potential victims can call. These numbers may be advertised by means of email or by hacking a genuine website, and some may even spoof their caller ID to appear to be from a reputable organization. When called, these lines require the user to input their account details. 4.6 PHLASHING (FLASH-BASED PHISHING SITES) Since it is relatively easy to detect phishing sites that are copies of genuine sites through automated software, a new form of phishing which involves using flash-based sites emerged. Flash-based sites are not as easily recognized as HTML phishing sites by spe- cialized software. This breed of attacks was first seen in 2006 [14]. 4.7 TYPO SQUATTING The basic principle of this technique is regis- tering a domain name that a user may acci- dentally type instead of the original, and pos- sibly not notice. The fake site on that domain usually looks very similar to the genuine one, and a busy or novice user may not notice their typo and continue using the fake site. 4.8 URL MANIPULATION/MASQUERADING A hyperlink has two parts: the text visible to the user, and the underlying link, the two of which need not be the same. Masqueraded URLs leverage this discrepancy to make the user believe that clicking a certain link will take them to the official login page when in reality the link sends the user to the fake page. 4.9 SESSION HIJACKING This can be performed remotely through a man-in-the-middle attack (see below) or lo- cally using malware. Once the user has logged in with their credentials, the malware ‘hijacks’ the session and performs malicious actions which may include extracting credentials. 4.10 MAN-IN-THE-MIDDLE An attacker places himself between the user and a genuine website, most often using ARP spoofing. Any authentication requests are
  • 5. 4 sent through the attacker and can therefore be compromised. 4.11 EVIL TWINS Public places such as cafés and airport often have public Wi-Fi services. An attacker can easily set up their own Wi-Fi hotspot in this area with the same SSID and authentication (if present). Credentials of any users that con- nect to the network and visit certain websites can be sniffed. 4.12 BROWSER SPOOFING VULNERABILITIES As with any piece of software, browsers may also have vulnerabilities in their code, which can be exploited to obfuscate the address bar to look like the site is SSL authenticated, or to install malware on the victim’s PC. Although all the currently listed vulnerabilities already have security patches available [15], they can still be exploited in a machine that is not up- to-date on its patches. 4.13 BOTS/BOTNETS Botnets can be leveraged for phishing as the processing power, bandwidth, and disk space of the computers on which they reside can ex- tend the scope of the phishing attack. 5 MITIGATION TECHNIQUES 5.1 USER-DEPENDENT 5.1.1 TWO-FACTOR AUTHENTICATION This is a mechanism that requires proof of two out of the following three properties: what you have, what you know, and what you are. So apart from your account name and password (know), you may be required to un- dergo a fingerprint or retinal scan (are), or possess (have) a smartcard or hardware to- ken. Additionally this hardware token may generate a regularly varying component. Cer- tain banks have implemented a system whereby customers are given a number of Transaction Numbers (TANs) every month, to approve single transactions [15]. 5.1.2 BROWSER PLUGINS Certain anti-phishing browser plugins exist that use crowd-sourced and phishing black- list databases to determine that authenticity of a website, and warn users of potentially fake sites, or block them altogether. 5.1.3 ANTIVIRUS SOFTWARE WITH SPAM- FILTERING AND WEB PROTECTION Antivirus software has become much more than just a program that scans your files. Most modern day antivirus software contain web, email and spam protection, and these can be critical in preventing the user falling victim to phishing. However, these protection suites must be kept up to date or the PC is left vul- nerable to the latest variations of the attack. Some of the techniques used by this type of software are content blacklisting, blocking email from relays known to send out spam, and Bayesian spam filtering [15]. 5.1.4 END-USER AWARENESS AND EDUCATION Organizations can take a proactive approach to fraud by educating their employees, end- users and consumers about potential signs of fraud. In case of a specific phishing attack, alerts can be issued on official websites, in the news, and via email. The user can be educated to approach links in email with extreme cau- tion, to ensure SSL is being used (via the ad- dress bar), and to scrutinize the domain name. Although all of these can be spoofed to avoid suspicion [16], this at least provides an- other layer of protection against most ama- teur phishing attacks.
  • 6. 5 5.2 USER-INDEPENDENT 5.2.1 LEXICAL ANALYSIS Recognition of common word patterns and phrases in phishing messages is one of the earliest methods of spam and phishing detec- tion. 5.2.2 SENDER REPUTATION ANALYSIS Some phishing senders have a certain pattern to their domain names, and these may be blacklisted on well-known sites:  spamhaus.org/sbl  ers.trendmicro.com  mxtoolbox.com/blacklists.aspx Permutations of existing domains are also ideal candidates for phishing use. 5.2.3 ATTACHMENT SIGNATURE RECOGNITION Most email providers avail the services of se- curity companies that provide online scan- ning of all incoming and outgoing attach- ments. 5.2.4 SECURE SOCKETS LAYER (SSL) SSL is protocol that secures browsing by en- crypting transmission, while using certificate to ensure the identity of both sides. SSL uses HTTPS instead of HTTP. While not com- pletely foolproof on its own [17], this technol- ogy in combination with others can be one of the indications as to the authenticity of a website. When a website is detected to be SSL secured by a browser, a small padlock icon ap- pears in the address bar. 5.2.5 WEBSITE TAKEDOWN When a phishing website is detected, the DNS and hosting provider can be notified. After analyzing it themselves, they usually take down the website or remove the DNS records. 6 SUMMARY Phishing is an ever-increasing and evolving threat to businesses. It takes advantage of hu- man behaviors such as curiosity, trust or com- passion. As these attacks develop in complexity, the world is also taking positive steps in anti- phishing efforts. There are several organiza- tions committed to fighting online fraud such as the Internet Crime Complaint Center, Na- tional Cyber-Forensics and Training Alliance, and the Anti-Phishing Working Group. Although there isn’t an all-encompassing technology to stop phishing, a mixture of best practices, constant diligence, and correct ap- plication of the latest technologies can reduce the frequency of phishing attacks and the en- suing loss.
  • 7. 6 7 REFERENCES [1] L. James, Phishing Exposed, Syngress Publishing, Inc., 2005. [2] A. V. Mahajan, "Phishing and Man-in-the-Middle Attacks," University of Southern California. [3] A. S. Martino and X. Perramon, "Phishing Secrets: History, Effects, and Countermeasures," International Journal of Network Security, vol. 11, no. 3, p. 163–171, 2010. [4] Anti-Phishing Working Group (APWG), "Phishing Activity Trends Report," 1st Quarter 2013. [5] The Anti-Phishing Group at Indiana University, "Stopphishing.com - Protect the Public," 2006. [Online]. Available: indiana.edu/~phishing/?prot_public. [Accessed 20 October 2013]. [6] A. Bergholz, J. D. Beer, S. Glahn, M.-F. Moens, G. Paaß and S. Strobel, "New Filtering Approaches for Phishing Email," International Journal of Computer Trends and Technology (IJCTT), vol. 4, no. 6, June 2013. [7] "Saudi Arabia, UAE rank high for phishing attacks: Symantec," Arab News, 30 November 2011. [Online]. Available: arabnews.com/node/399661. [Accessed 20 October 2013]. [8] G. Enzer, "UAE hit hard by increasing phishing," ITP.net, 26 April 2011. [Online]. Available: itp.net/584599-uae-hit-hard-by-increasing- phishing. [Accessed 20 October 2013]. [9] W. Mahdi, "Saudi Arabia Says Aramco Cyberattack Came From Foreign States," Bloomberg.com, 9 December 2012. [Online]. Available: bloomberg.com/news/2012-12- 09/saudi-arabia-says-aramco-cyberattack-came- from-foreign-states.html. [Accessed 20 October 2013]. [10] K. Kanchi, "Fake applications, phishing sites hit smartphone users," The Hindu Business Line, 23 May 2013. [Online]. Available: thehindubusinessline.com/industry-and- economy/info-tech/fake-applications-phishing- sites-hit-smartphone-users/article4742336.ece. [Accessed 20 October 2013]. [11] I. Alseadoon, T. Chan, E. Foo and J. G. Nieto, "Who is more susceptible to phishing emails?: A Saudi Arabian study," in 23rd Australasian Conference on Information Systems, 2012. [12] T. Moore and R. Clayton, "The Impact of Incentives on Notice and Take-down," in Managing Information Risk and the Economics of Security, Springer US, 2009, pp. 199-223. [13] B. Gyawali, T. Solorio, M. Montes-y-Gómez, B. Wardman and G. Warner, "Evaluating a Semisupervised Approach to Phishing URL Identification in a Realistic Scenario," Department of Computer and Information Sciences, University of Alabama at Birmingham. [14] R. Miller, "Phishing Attacks Continue to Grow in Sophistication," Netcraft, 15 January 2007. [Online]. Available: http://news.netcraft.com/archives/2007/01/15/p hishing_attacks_continue_to_grow_in_sophistic ation.html. [Accessed 20 October 2013]. [15] J. Milletary, "Technical Trends in Phishing Attacks," US-CERT, 2005. [16] A. Emigh, "Online Identity Theft: Phishing Technology, Chokepoints and Countermeasures," ITTC Report on Online Identity Theft Technology and Countermeasures, 2005. [17] R. Lininger and R. D. Vines, Phishing: Cutting the Identity Theft Line, Wiley Publishing, Inc., 2005. [18] G. Enzer, "UAE hit hard by increasing phishing," ITP.net, 26 April 2011. [Online]. Available: itp.net/584599-uae-hit-hard-by-increasing- phishing. [Accessed 20 October 2013].