Bhoj Reddy Engineering College for Women: Hyderabad

Department of Information Technology

IV B. Tech. II Sem. A Sec. Seminar Presentation
Academic year 2017-18 Date:22/02/2018

Phishing Technology
Presented
by

Anusha Maddireddy
(14321A1209)

Mr.T.Santosh Ms Tasneem Rahath Mr. M. Vinod

Seminar Guide Coordinator HOD-IT
PHISHING TECHNOLOGY
 Phishing Basics
• Pronounced "fishing“ The word has its
Origin from two words “Password
Harvesting ” or fishing for Passwords.
• Phishing is an online form of pretexting, a
kind of deception in which an attacker
pretends to be someone else in order to
obtain sensitive information from the
victim.
• Also known as "brand spoofing“.
• Phishers are phishing artists.
 Phishing
• Phishing is a way of fraudulently acquiring
sensitive information using social engineering
and technical subterfuge.
• It tries to trick users with official-looking
messages.
◦ Credit card
◦ Bank account
◦ eBay
◦ Paypal
• Some phishing e-mails also contain malicious or
unwanted software that can track your activities
or slow your computer.
 Existing Systems
1) Detect and block the phishing Web sites in
time.
2) Enhance the security of the web sites.
3) Block the phishing e-mails by various spam
filters.
4) Install online anti-phishing software in
user’s computers.
 Proposed System
i)Classification of the hyperlinks in the
phishing e-mails.
ii) Link guard algorithm.
Iii)Link guard implemented client.
Iv) Feasibility study.
Phishing Hosting Sites
 Types Of Phishing
• Deceptive phishing
• Malware-Based Phishing
• Keyloggers and Screenloggers
• Session Hijacking
• Web Trojans
• Hosts File Poisoning
• System Reconfiguration Attacks
• Data Theft
• DNS-Based Phishing ("Pharming").
• Content-Injection Phishing
• Man-in-the-Middle Phishing
• Search Engine Phishing
 Deceptive Phishing
1) The term "phishing" originally referred to
account theft using instant messaging but the most
common broadcast method today is a deceptive email
message.
2) Messages about the need to verify account
information, system failure requiring users to re-enter their
information, fictitious account charges, undesirable account
changes, new free services requiring quick action, and many
other scams are broadcast to a wide group of recipients
with the hope that the unwary will respond by clicking a link
to or signing onto a bogus site where their confidential
information can be collected.
 Malware-Based Phishing
1) Refers to scams that involve running malicious
software on users' PCs.
2) Malware can be introduced as an email
attachment, as a downloadable file from a web site, or by
exploiting known security vulnerabilities--a particular
issue for small and medium businesses (SMBs) who are
not always able to keep their software applications up to
date.
 Keyloggers and Screenloggers
1) Are particular varieties of malware that track
keyboard input and send relevant information to the
hacker via the Internet.
2) They can embed themselves into users' browsers as
small utility programs known as helper objects that run
automatically when the browser is started as well as into
system files as device drivers or screen monitors.
 Session Hijacking
1) Describes an attack where users' activities are
monitored until they sign in to a target account or
transaction and establish their bona fide credentials.
2) At that point the malicious software takes over
and can undertake unauthorized actions, such as
transferring funds, without the user's knowledge.
 Web Trojans
1) Pop up invisibly when users are
attempting to log in. They collect the user's
credentials locally and transmit them to the
phisher.
 Hosts File Poisoning
1) When a user types a URL to visit a website it
must first be translated into an IP address before it's
transmitted over the Internet.
2) The majority of SMB users' PCs running
a Microsoft Windowsoperating system first look up these
"host names" in their "hosts" file before undertaking a
Domain Name System (DNS) lookup.
3) By "poisoning" the hosts file, hackers have a
bogus address transmitted,taking the user unwittingly to
a fake "look alike" website where their information can be
stolen.
 System Reconfiguration Attack
1) Modify settings on a user's PC for malicious
purposes. For example: URLs in a favorites file might be
modified to direct users to look alike websites. For example: a
bank website URL may be changed from "bankofabc.com" to
"bancofabc.com".
 Data Theft
1) Unsecured PCs often contain subsets of
sensitive information stored elsewhere on secured
servers.
2) Certainly PCs are used to access such
servers and can be more easily compromised. Data
theft is a widely used approach to business espionage.
3) By stealing confidential communications,
design documents, legal opinions, employee related
records, etc., thieves profit from selling to those who
may want to embarrass or cause economic damage or
to competitors.
DNS-Based Phishing ("Pharming")
1) Pharming is the term given to hosts file
modification or Domain Name System (DNS)-based
phishing.
2) With a pharming scheme, hackers tamper with
a company's hosts files or domain name system so that
requests for URLs or name service return a bogus
address and subsequent communications are directed to
a fake site.
3) The result: users are unaware that the website
where they are entering confidential information is
controlled by hackers and is probably not even in the
same country as the legitimate website.
 Content-Injection Phishing
1) Describes the situation where hackers replace
part of the content of a legitimate site with false content
designed to mislead or misdirect the user into giving up
their confidential information to the hacker.
2) For example, hackers may insert malicious
code to log user's credentials or an overlay which can
secretly collect information and deliver it to the hacker's
phishing server.
 Man-in-the-Middle Phishing
1) Is harder to detect than many other forms
of phishing. In these attacks hackers position themselves
between the user and the legitimate website or system.
2) They record the information being entered
but continue to pass it on so that users' transactions are not
affected. Later they can sell or use the information or
credentials collected when the user is not active on the
system.
 Search Engine Phishing
1) Occurs when phishers create websites
with attractive (often too attractive) sounding offers
and have them indexed legitimately with search
engines.
2) Users find the sites in the normal course
of searching for products or services and are fooled
into giving up their information.
3) For example, scammers have set up false
banking sites offering lower credit costs or better
interest rates than other banks.
4) Victims who use these sites to save or
make more from interest charges are encouraged to
transfer existing accounts and deceived into giving up
their details.
The simplified flow of information in a
Phishing attack is:-
1.A deceptive message is sent from the Phishers to the
user.
2. A user provides confidential information to a Phishing
server (normally after some interaction with the
server).
3. The Phishers obtains the confidential information
from the server.
4. The confidential information is used to impersonate
the user.
5. The Phishers obtains illicit monetary gain.
 Phishing Techniques

• Link Manipulation
• Filter Evasion
• Website Forgery
• Phone Phishing
 Link Manipulation

 An old method of spoofing used links containing the '@'

symbol, originally intended as a way to include a
username and password. For example,
http://www.google.com@members.tripod.com/ might
deceive a casual observer into believing that it will open a
page on www.google.com, whereas it actually directs the
browser to a page on members.tripod.com, using a
username of www.google.com: the page opens normally,
regardless of the username supplied.
 Filter Evasion

1) Phishers have used images instead

of text to make it harder for anti-Phishing filters to
detect text commonly used in Phishing e-mails.
 Website Forgery

1) Once a victim visits the Phishing

website the deception is not over. Some Phishing
scams use JavaScript commands in order to alter
the address bar.
2) This is done either by
www.studymafia.org placing a picture of a
legitimate URL over the address bar, or by closing
the original address bar and opening a new one
with the legitimate URL.
 Phone Phishing

1) Messages that claimed to be from a

bank told users to dial a phone number regarding
problems with their bank accounts.
2) Once the phone number (owned by the
Phishers) was dialed, prompts told users to enter
their account numbers and PIN.
3) Vishing (voice Phishing) sometimes uses
fake caller-ID data to give the appearance that
calls come from a trusted organization
 Phishing Examples

• Paypal Phishing.
• Rapid Share Phishing.
 Paypal Phishing

1) In an example PayPal phish, spelling mistakes in

the e-mail and the presence of an IP address in the link are
both clues that this is a Phishing attempt.
2) Another giveaway is the lack of a personal
greeting, although the presence of personal details would
not be a guarantee of legitimacy.
3) A legitimate Paypal communication will always
greet the user with his or her real name, not just with a
generic greeting like, "Dear Accountholder." Other signs that
the message is a fraud are misspellings of simple words, bad
grammar and the threat of consequences such as account
suspension if the recipient fails to comply with the
message's requests.
 Rapid Share Phishing
1) On the RapidShare web host, Phishing is common
in order to get a premium account, which removes speed
caps on downloads, auto-removal of uploads, waits on
downloads, and cool down times between downloads.
2) If the victim selects free user, the Phishers just
passes them along to the real RapidShare site. But if they
select premium, then the Phishing site records their login
before passing them to the download. Thus, the Phishers has
lifted the premium account information from the victim.
 Reasons Of Phishing

1. Trust Of Authority.
2. Textual and Graphic Presentation Lacks
Traditional Clues Of Validity .
3. E-Mail and Web Pages Can Look Real.
 Trust Of Authority
1) When a Phishing email arrives marked as
“High Priority” that threatens to close our bank account
unless we update our data immediately, it engages the
same authority response mechanisms that we've obeyed for
millennia.
2) In our modern culture, the old markers of
authority – physical strength, aggressiveness, ruthlessness –
have largely given way to signs of economic power.
3) “He's richer than I am, so he must be a better
man”. If you equate market capitalization with GDP then
Bank of America is the 28th most powerful country in the
world. If you receive a personal email purported to come
from BOA questioning the validity of your account data, you
will have a strong compulsion to respond, and respond
quickly.
 Textual And Graphic Presentation
Lacks Traditional Clues Of Validity
1) Most people feel that they can tell an honest
man by looking him in the eye.
2) Without clues from the verbal and physical
realms, our ability to determine the validity of business
transactions is diminished.
3) This is a cornerstone of the direct mail
advertising business. If a piece of mail resembles some type
of official correspondence, you are much more likely to open
it.
 E-Mail And Web Pages Can Look Real
1) The use of symbols laden with familiarity and
repute lends legitimacy to information—whether accurate
or fraudulent—that is placed on the imitating page.
2) Deception is possible because the symbols that
represent a trusted company are no more 'real' than the
symbols that are reproduced for a fictitious company.
3) Certain elements of dynamic web content can be
difficult to copy directly but are often easy enough to fake,
especially when 100% accuracy is not required.
4)Hyperlinks are easily subverted since the visible tag
does not have to match the URL that your click will actually
redirect your browser to. The link can look like
• http://bankofamerica.com/login but the URL could actually
link to
• http://bankofcrime.com/got_your_login
 Damages Caused By Phishing
1) The damage caused by Phishing ranges from denial of
access to e-mail to substantial financial loss.
2) This style of identity theft is becoming more popular,
because of the readiness with which unsuspecting people
often divulge personal information to Phishers, including
credit card numbers, social security numbers.
3) There are also fears that identity thieves can add such
information to the knowledge they gain simply by accessing
public records.
4) Once this information is acquired, the Phishers may use
a person's details to create fake accounts in a victim's name.
5) It is estimated that between May 2004 and May 2005,
approximately 1.2 million computer users in the United
States suffered losses caused by Phishing.
 Anti-Phishing

1. Social Responses
2. Technical Responses
3. Legal Responses
 Social Responses
1) One strategy for combating Phishing is to train
people to recognize Phishing attempts, and to deal with
them. Education can be effective, especially where training
provides direct feedback.
2) One newer Phishing tactic, which uses Phishing e-
mails targeted at a specific company, known as Spear
Phishing, has been harnessed to train individuals at various
locations.
3) People can take steps to avoid Phishing attempts by
slightly modifying their browsing habits. When contacted
about an account needing to be "verified" , it is a sensible
precaution to contact the company from which the e-mail
apparently originates to check that the e-mail is legitimate.
 Technical Responses

1.Helping to identify legitimate sites:

1) Most Phishing websites are secure websites, meaning
that SSL with strong cryptography is used for server
authentication, where the website's URL is used as identifier.
2) The problem is that users often do not know or
recognize the URL of the legitimate sites they intend to
connect to, so that the authentication becomes
meaningless.
3) Simply displaying the domain name for the visited
website as some some anti-Phishing toolbars do is not
sufficient.
4) A better approach is the pet name extension for Firefox
which lets users type in their own labels for websites, so they
can later recognize when they have returned to the site.
2.Browsers alerting users to fraudulent websites:
1) Another popular approach to fighting
Phishing is to maintain a list of known Phishing sites and to
check websites against the list. Microsoft's IE7 browser, Mozilla
Firefox 2.0, and Opera all contain this type of anti-Phishing
measure. Firefox 2 uses Google anti-Phishing software.
2) To mitigate the problem of Phishing sites
impersonating a victim site by embedding its images , several
site owners have altered the images to send a message to the
visitor that a site may be fraudulent.
3) The image may be moved to a new filename
and the original permanently replaced, or a server can detect
that the image was not requested as part of normal browsing,
and instead send a warning image.
3.Augmenting password logins:
1) The Bank of America's website is one of
several that ask users to select a personal image, and display
this user-selected image with any forms that request a
password.
2) Users of the bank's online services are
instructed to enter a password only when they see the image
they selected. However, a recent study suggests few users refrain
from entering their password when images are absent.
3) Security skins are a related technique that
involves overlaying a user-selected image onto the login form as
a visual cue that the form is legitimate.
4.Eliminating Phishing mail:

1) Specialized spam filters can reduce the number of

Phishing e-mails that reach their addressees' inboxes. These
approaches rely on machine learning and natural language
processing approaches to classify Phishing e-mails.
5.Monitoring and takedown:

Several companies offer banks and other

organizations likely to suffer from Phishing scams round-the-
clock services to monitor, analyze and assist in shutting down
Phishing websites. Individuals can contribute by reporting
Phishing to both volunteer and industry groups, such as
PhishTank.
 Legal Resposes

1) On January 26, 2004, the U.S. Federal

Trade Commission filed the first lawsuit against a
suspected Phisher.
2) The defendant, a Californian teenager,
allegedly created a webpage designed to look like the
America Online website, and used it to steal credit card
information. In the United States, Senator Patrick Leahy
introduced the Anti-Phishing Act of 2005. Companies have
also joined the effort to crack down on Phishing.
SUPER PHISHER
My3gb.com
 The Real Process!!
The Hacker copies the URL (Uniform Resource Locator )
Of a website eg.www.gmail.co.in , www.yahoo.co.in
And puts it in the software Url space
Building New Page
Once the fake page is build , it appears in the folder
where the software is installed, or kept .
 Facebook Phisher Page
file:///C:/Users/pc/Desktop/usb%20webserver/root/fb/index.html
 G-Mail Phisher Page
file:///C:/Users/pc/Desktop/SUPER%20PHISHER/output/index.html
 How To Avoid Phishing
• DON’T CLICK THE LINK
◦ Type the site name in your browser (such as
www.paypal.com)
• Never send sensitive account information by e-mail.
◦ Account numbers, SSN, passwords
• Never give any password out to anyone. Verify any person
who contacts you (phone or email).
◦ If someone calls you on a sensitive topic, thank them,
hang up and call them back using a number that you know
is correct, like from your credit card or statement.
 Conclusion
• No single technology will completely stop phishing.
However, a combination of good organization and practice,
proper application of current technologies, and
improvements in security technology has the potential to
drastically reduce the prevalence of phishing and the losses
suffered from it. In particular:
• Email authentication technologies such as Sender-ID and
cryptographic signing, when widely deployed, have the
potential to prevent phishing emails from reaching users.
• Personally identifiable information should be included in all
email communications.
So better think twice before clicking on
a link!!