1. “PHISHING”
-A THREAT TO NETWORK SECURITY
ABSTRACT brand spoofing or carding and is a variation
on"fishing," the idea being that bait is
“Give a man a fish," goes an old adage," thrown out with the hopes that while most
and you feed him for a day. Teach a man will ignorethe bait, some will be empted into
tofish, and you feed him for life." In Internet biting. It is a type of fraud unique to the
parlance, “Teach a man to phish, and he Internet.Hackers challenge networksecurity
canfeast on caviar for the rest of his life."It through ‗phishing‘. Phishers use both
is becoming increasingly common to tune in linguistic andtechnical ploys to steal
to the news or load your favorite newsWeb sensitive data. The term ―phishing" was
site and read about yet another Internet e- coined in 1996 and refersto email that
mail scam. An e-mail scam is a fraudulent directs users to counterfeit websites. The
emailthat appears to be from a legitimate goal is to collect personal and
Internet address with a justifiable request — finalinformation, which can then be used to
usually to verify your personal information make unauthorized purchases, steal
or account details. One example would be identities, orsell sensitive information to
ifyou received ane-mail that appears tobe identify theft things. In a typical phishing e-
fromyour bankrequesting you click a mail, the usersare directed to a proxy site
hyperlinkintheE-mail and verify your online that looks just like the original one but
banking information. Usually there will be however the proxy sitemight ask for
arepercussion stated in the e-mail for not additional detailed data ( like bank account
following the link, such as "your account numbers, social securitynumber, mother's
will beclosed or suspended". The goal of the maiden name, credit/debit card numbers, or
sender is for you to disclose personal and the highly confidentialCVV2 in the case of a
accountrelated information. proxy bank email). It is not unusual,
This paper presents one of the 21st century‘s however, for the link to bedead, as phishing
identity theft web crimes known requires a very tight timeline due to more
asphishing‘. Phishing is also referred to as effective detection tools.
2. Phishing is an example of social engineering value all in itself to thecriminals. Hidden
techniques used to fool users. Attempts away amongst the mounds of electronic junk
todeal with the growing number of reported mail, and bypassing manyof todays best
phishing incidents include legislation, anti-Spam filters, a new attack vector lies in
usertraining, public awareness, and technical wait to steal confidentialpersonal
measures. Information. Such mails lure victims into
Our paper briefly gives the history of traps specifically designed to steal
phishing and explains the various methods theirelectronic identity.
of message delivery which includes delivery 1.2 HISTORY OF PHISHING:
The word ―phishing‖ originally comes from
with email, instant message delivery,
the analogy that early Internet criminals
andweb based delivery, and trojoned host. In
usedemail lures to ―phish‖ (FISH) for
addition to these, it describes the
passwords and financial data from sea of
variousphishing attack vectors. Phishing
Internet users.The term Phishing covers not
attacks include man in middle attacks,
only obtaining user account details, but now
confusing URLattacks, hidden attacks, and
includes accessto allpersonal and financial
confusing host names. Our paper also gives
data.
informationabout various defence
mechanisms. Defence mechanisms is 2. PHISHING MESSAGE
DELIVERY:
deployed in three layersclient, server,
Phishing attacks rely upon a mix of
enterprise which help to implemented to
technical deceit and social engineering
guard oneself from the cripplingeffects of
practices.In the majority of cases the Phisher
phishing.
must persuade the victim to intentionally
1. INTRODUCTION: perform aSeries of confidential information.
Communication channels such as email,
1.1 WHAT IS PHISHING?
web-pages, IRCand instant messaging
The process of tricking or socially services are popular.
engineering organizations customers into
2.1 E MAIL:
impartingtheir confidential information is Phishing attacks initiated by email are the
called ‗phishing‘. Organizational size most common. As almost all the net users
doesn‘t matter; theequality of the personal useEmails Phisher find it easy to do identity
information reaped from the attack has a
3. theft. Techniques used within Phishing 2.3 IRC AND INSTANT MESSAGING:
emails: IRC and Instant Messaging (IM) forums are
• Official looking and sounding emails likely to become a popular phishingground.
• Copies of legitimate corporate emails with As these communication channels become
Minor URL changes. more popular with home users,
• HTML based email used to obfuscate andmorefunctionality is included within the
target URL information• Standard software, specialist phishing attacks will
virus/worm attachments to email increase.As many IRC and IM clients allow
for embedded dynamic content (e.g.
2.2 WEB BASD DELIVERY: graphics, URL‘s,multimedia includes, etc.)
to be sent by channel participants, it is a
An increasingly popular method of
trivial task to employmany of the phishing
conducting phishing attacks is through
techniques used in standard web-based
maliciousweb-site content. This content may
attacks. The common usage ofBots
be included within a web-site operated by
(automated programs that listen and
the Phisher,or a third-party site hosting some
participate in group discussions) in many of
embedded content.
thepopular channels, means that it is very
Web-based delivery techniques include:
easy for a Phisher to anonymously send
• The inclusion of HTML disguised links
semi relevantlinks and fake information to
(such as the one presented in the above
the victims.
emailExample). Within popular web-sites,
2.4 TROJONED HOSTS:
message boards.
While the delivery medium for the phishing
• The use of third-party supplied, or fake,
attack may be varied, the deliverysource is
banner advertising graphics to lure
increasingly becoming home PC‘s that have
customers to the Phisher‘s web-site.
been previously compromised. Aspart of this
• The use of web-bugs (hidden items within
compromise, a Trojan horse program has
the page – such as a zero-sized graphic)
been installed which allowsPhisher‘s to use
totrack a potential customer in preparation
the PC as a message propagator. In fact, to
for a phishing attack.
harvest the confidentialinformation of
• The use of pop-up or frameless windows to
several thousand customers simultaneously,
disguise the true source of the Phisher‘s
Phisher‘s use informationspecific Trojans.
message.
4. 3. PHISHING ATTACK • Friendly login URL‘s-Many common web
VECTORS:For a Phishing attack to be browser implementations allow for complex
URL‘s that can include Authentication
successful, it must use a number of methods
information such as a Login name
to trick theCustomer into doing something
andpassword which trick many customers
with their server and/or supplied page
into thinking that they are actually visiting
content .The most common methods are:
thetarget organization.
3.1 MAN IN MIDDLE ATTACKS:
3.3 CONFUSING HOST NAMES:
In this class of attacks, the attackers situate
Most Internet users are familiar with
themselves between the customer andthe
navigating to sites and services using afully
real web-based application, and proxies all
qualified domain name, such as
communications between the systems.
www.site.com. For a web browser to
communicateover the Internet, this address
must to be resolved to an IP address, such as
209.134.161.35for www.site.com. This
resolution of IP address to host name is
achieved through domainname servers.
3.4 HIDDEN ATTACKS:
An attacker may make use of HTML,
3.2 CONFUSING URL ATTACKS: DHTML and other scriptable codethat can
be interpreted by the customer‘s web
The secret for many phishing attacks is to
browser and used to manipulate the
get the message recipient to followa
displayof the rendered information. In many
hyperlink (URL) to the attacker‘s server,
instances the attacker will use these
without them realizing that they have
techniques todisguise fake content as
beenduped. The most common methods of
coming from the real site – whether this is a
URL obfuscation include:
man-in-the-middleattack, or a fake copy of
• Bad domain names-which look similar to
the site hosted on the attackers own systems.
original domain names but actually linkto
The most common vectors include:
phisher’s server.
• Hidden Frames • Overriding Page Content•
Graphical Substitution
5. 4. DEFENCE MECHANISM:The Many of the attacks are successful due to
Phisher has a large number of methods at HTML-based email Functionality as
their disposal consequently there is no Explained above.
singlesolution capable of combating all · HTML functionality must be disabled in all
these different attack vectors. However, it is email client applications capable
possible toprevent current and future ofaccepting or sending Internet emails.
Phishing attacks by utilizing a mix of Instead plain-text email representation
information securitytechnologies and should beused, and ideally the chosen
techniques.For best protection, these font should be fixed-with such as Courier.
security technologies and techniques must · Email applications capable of blocking
be deployed at three Logical layers: ―dangerous‖ attachments and preventing
The Client-side – this includes the user‘s users from quickly executing or viewing
PC.The Server-side – this includes the attached content should be used
businesses, Internet visible systems and wheneverpossible.
customapplications.Enterprise Level – 4.1.3 Browser Capabilities:
distributed technologies and third-party The common web browser may be used as a
management services defense against phishing attacks – if it
4.1 CLIENT SIDE: isconfigured securely. Customers and
Client side is a representation of forefront of businesses must make a move to use a web
anti-phishing security. At this side browserthat is appropriate for the task at
protection against phishing can be done by: hand. Tohelp prevent many Phishing attack
· Desktop protection technologies vectors, web browser users should:
· Email sophistication • Disable all window pop-up functionality.
· Browser capabilities • Disable Java runtime support.
· Customer vigilance • Disable ActiveX support.
4.1.1 Desktop protection technologies: • Disable all multimedia and auto-play/auto-
By using anti-viruses, anti-spy wares, execute extensions.
personal firewall etc, which have the • Prevent the storage of non-secure cookies.
abilityto detect and block the installation of •Ensure that any downloads cannot be
malicious software like Trojans, spy wares. automatically run from the browser, and
4.1.2 Email Sophistication:
6. mustInstead be downloaded into a directory arereceived to determine whether there are
for anti- Virus inspection. any unauthorized charges. If the statement
4.1.4 Customer Vigilance: islate by more than a couple of days, a call
Customers may take a number of steps to to Credit Card Company or bank must
avoid becoming a victim of a phishingattack bemade to confirm billing address and
that involve inspecting content that is account balances.
presented to them carefully. 4.2 SERVER SIDE:
Some measures that should be taken by the By implementing intelligent anti-phishing
customer are: techniques into the organizations
· If a customer gets an email that warns webapplication security, developing internal
he/she, with little or no notice that processes to combat phishing vectors
theiraccount will be shut down unless they andeducating customers – it is possible to
reconfirm billing information, they should take an active role in protecting customers
notreply or click on the link in the email. fromfuture attack. At the server-side,
Instead, they should contact the company protection against Phishing can be done by:
citedin the email using a telephone number 1. Improving customer awareness
or Web site address that is known to 2. Host and Linking conventions
begenuine. 3. Enterprise Level
· Customer should never respond to HTML 5. CONCLUSION:
email with embedded submission forms.Any Phishing, which started off being part of
information submitted via the email (even if popular hacking culture, has now
it is legitimate) will be sent in cleartext that increasednumerously with the growth of use
could be observed. of Internet.The points raised within this
· Users should avoid emailing personal and paper, and the solutions proposed, represent
financial information. Before key steps insecuring online services from
submittingfinancial information through a fraudulent phishing attacks – and also go a
Web site, the "lock" icon on the browser's long way inprotecting against many other
status barshould be observed .It signals that popular hacking or criminal attack vectors.
information is secure during transmission.
6. REFERENCES:
· Credit card and bank account statements
are to be reviewed as soon as they
7. · ―Proposed Solutions to Address the Threat
of Email Spoofing Scams‖, the Anti-
Phishing Working Group
· ―Anti-Phishing: Best Practices
forInstitutions and Consumers‖, McAfee.
―Phishing Victims Likely WillSuffer
Identity Theft Fraud‖, GartnerResearch
Note, A. Litan.