Scribd Logo
Upload

Welcome to Scribd!

  • Phishing

    Uploaded by

    Akhilendra
    14 views5 pages
    Phishing

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Phishing

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    14 views5 pages

    Phishing

    Uploaded by

    Akhilendra
    Phishing

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    Phishing

    Phishing email will direct the user to visit a website where they are asked to update personal
    information, such as a password, credit card, social security, or bank account numbers, that
    the legitimate organization already has. The website, however, is bogus and set up only to
    steal the information the user enters on the page.
    Purpose of Phishing:

    Stealing login credentials


    Stealing credit card details
    Stealing identity theft
    Extending botnets and DDoS agents
    Attack propagation

    Imapacts of Phishing

    Direct Financial losses


    Erosion of public trust in internet and e-commerce
    Difficulties in law enforcement investigations

    Anti-phishing toolbars
    Some plug-ins and toolbars that can be integrated into web browsers provide protection
    against phishing attacks.
    The toolbars can indicate us using some signs, when we reach a phishing website. We can
    also report phishing websites through toolbar options. These toolbars and plug-ins function
    by referencing a database of known FQDNs and IP addresses that have been reported as
    phishing sites. Some of them also check certain heuristics (for example if the server ip
    belongs to a different country than the user) that usually indicate that a site is legitimate or
    not.
    Some of the popular anti phishing toolbars are as follow:

    EarthLink Toolbar

    Fig 1. EarthLink Anti-Phishing Toolbar

    Snorkel Anti-Phishing Toolbar

    Fig 2. Snorkel Anti-Phishing Toolbar

    Geotrust TrustWatch Toolbar

    Fig 3. Geotrust TrustWatch Anti-Phishing Toolbar

    Netcraft Anti-Phishing Toolbar

    Fig 4. Netcraft Anti-Phishing Toolbar

    Cloud Mark Toolbar

    Fig 5. Cloud Mark Anti-Phishing Toolbar

    Netcraft Anti-Phishing Toolbar:


    The Netcraft Anti-Phishing Toolbar, shown in Figure 4, uses several methods to determine
    the legitimacy of a given web site. The Netcraft web site explains that the toolbar traps
    suspicious URLs containing characters which have no common purpose other than to
    deceive, enforces display of browser navigation controls (toolbar & address bar) in all
    windows, to defend against pop up windows which attempt to hide the navigational controls,
    and clearly displays sites hosting location, including country helping you to evaluate
    fraudulent URLs (e.g. the real Citibank.com or Barclays.co.uk sites are unlikely to be hosted
    in the former Soviet Union). The Netcraft toolbar also uses a blacklist, which consists of
    fraudulent sites identified by Netcraft as well as sites submitted by users and verified by the
    company. When a user attempts to access a site that is on the blacklist, a pop-up warning
    recommends that the access be cancelled, but provides an override option. The toolbar also
    displays a risk rating between one and ten as well as the hosting location of the site (gleaned
    from the registration information for the IP address). Users can also use the toolbar to access
    a more detailed report on a web site. The Netcraft Anti-Phishing Toolbar runs on chrome and
    on Microsoft Internet Explorer under Windows 2000/XP.

    Features of Netcraft Toolbar

    Extensive Automation and Preparation

    Netcrafts countermeasures are extensively automated, with local language translations


    available for every country that has hosted more than five phishing sites in the last six months

    and an extensive database of contacts at hosting companies, DNS providers, registrars and
    ISPs set up such that effective countermeasures can be started within seconds of a report
    being verified. Additionally, Netcraft continues to monitor a phishing URL after it becomes
    unavailable, and if it reappears, perhaps because the host is compromised and the fraudster is
    able to replace the phishing content after the site owner removes it, then the countermeasures
    are restarted.

    Hosting Company and Registrar Interaction

    Netcraft will identify, contact and liaise with the company responsible for hosting the
    fraudulent content. Netcraft enjoys excellent relations with the hosting community, and many
    of the worlds largest hosting companies and domain registrars are Netcraft customers.
    Netcraft can exercise its existing relationships with these companies to provide a swift and
    smooth response to the detection of the site. If the hosting company is reputable, this may be
    sufficient to ensure a prompt end to the fraudulent activity.

    Upstream Bandwidth Providers

    Netcrafts geographically-distributed performance collectors can trace multiple routes to the


    server hosting the fraudulent content. This allows the upstream bandwidth providers to be
    identified and notified. If the upstream connectivity providers perceive that their business
    may be damaged through being identified as providing connectivity for a fraud site or larger
    fraud hosting operation, they may black hole the individual site, or withdraw their services
    from the hosting location.

    Local Law Enforcement Agency

    Netcraft will identify, contact and liaise with the law enforcement agency in the hosting
    companys local jurisdiction.

    Fraudsters Infrastructure

    Netcraft can also report back IP addresses which are under the control of the fraudster. This
    can be used to lock accounts accessed from those IP addresses, and to block further access
    from the fraudsters machines once identified.
    Netcraft also engages with hosting companies to preserve & retrieve any data files, logs or
    other information left by the fraudster. Information identifying affected customers is very
    useful in mitigating the impact of the attack, and minimising monetary loss.

    Transparent Progress Reporting

    The takedown process is easy to follow for clients, who can track progress by web, electronic
    mail or RSS feed. The availability of the phishing site is monitored and graphed and new
    attacks are notified via mail, SMS and optionally SMS-to-voice.

    Breakdown of the Chrome Netcraft Extension Toolbar

    Following figure shows the procedure of adding of the Netcraft Toolbar

    Working of Netcraft toolbar:

    Fig: Block the phishing URL by Netcraft

    The Netcraft Extensions also:

    Traps suspicious URLs containing characters which have no common purpose


    other than to deceive.

    Enforces display of browser navigational controls (toolbar & address bar) in all
    windows, to defend against pop up windows which attempt to hide the navigational
    controls (Firefox only).

    Clearly displays sites' hosting location, including country, helping you to


    evaluate fraudulent urls (e.g. the real citibank.com or barclays.co.uk sites are
    unlikely to be hosted in the former Soviet Union).

    You might also like