Professional Documents
Culture Documents
V. Vinod Kumar
[09BK1A0557] CSE Department St. Peters Engg college
What is Phishing?????
The word Phishing emerged in 1990s.
Phishing is a new word produced from `fishing', it refers to the act that the attacker allure users to visit a faked Web site by sending them faked e-mails (or instant messages) Phishing is a type of deception designed to steal your valuable personal data, such as credit card numbers, passwords, account data, or other information. Phishing is part of Social Engineering.
History of Phishing
Phreaking + Fishing = Phishing Phreaking = making phone calls for free back in 70s Fishing = Use bait to lure the target Phishing in 1995 Target: AOL users Purpose: getting account passwords for free time Threat level: low Techniques: Similar names (www.ao1.com for www.aol.com ), social engineering
Phishing in 2001
Phishing in 2007
Target: Paypal, banks, ebay Purpose: bank accounts Threat level: high Techniques: browser vulnerabilities, link obfuscation
1) Educate users to understand how phishing attacks work and be alert when
phishing-alike e-mails are received;
2) Use legal methods to punish phishing attackers; 3) Use technical methods to stop phishing attackers. In this paper, we only
focus on the third one.
Existing System
1) Detect and block the phishing Web sites in time
Proposed System
i) Classification of the hyperlinks in the phishing e-mails
ii) Link guard algorithm iii) Link guard implemented client iv) Feasibility study
Never give any password out to anyone Verify any person who contacts you (phone or email).
If someone calls you on a sensitive topic, thank them, hang up and call them back using a number that you know is correct, like from your credit card or statement.
Architecture of LinkGuard
Working is as follows
v_dns = GetDNSName(v_link); a_dns = GetDNSName(a_link); if ((v_dns and a_dns are not empty) and (v_dns != a_dns)) return PHISHING; if (a_dns is dotted decimal) return POSSIBLE_PHISHING; if(a_link or v_link is encoded) { v_link2 = decode (v_link); a_link2 = decode (a_link); return LinkGuard(v_link2, a_link2); } if(v_dns is NULL) return AnalyzeDNS(a_link); } if (actual_dns in blacklist) return PHISHING; if (actual_dns in whitelist return NOTPHISHING; return PatternMatching(actual_link)
Statistical Info
Example of Phishing
From: Customer Support [mailto:support@citibank.com] Sent: Thursday, October 07, 2004 7:53 PM To: Eilts Subject: NOTE! Citibank account suspend in process Dear Customer: Recently there have been a large number of cyber attacks pointing our database servers. In order to safeguard your account, we require you to sign on immediately. This personal check is requested of you as a precautionary measure and to ensure yourselves that everything is normal with your balance and personal information. This process is mandatory, and if you did not sign on within the nearest time your account may be subject to temporary suspension. Please make sure you have your Citibank(R) debit card number and your User ID and Password at hand. Please use our secure counter server to indicate that you have signed on, please click the link bellow: http://211.158.34.249/citifi/. Note that we have no particular indications that your details have been compromised in any way. Thank you for your prompt attention to this matter and thank you for using Citibank(R) Regards, Citibank(R) Card Department (C)2004 Citibank. Citibank, N.A., Citibank, F.S.B., Citibank (West), FSB. Member FDIC.Citibank and Arc
Conclusion
Phishing has becoming a serious network security problem, causing financial lose of billions of dollars to both consumers and e-commerce companies. Fundamentally, phishing has made e-commerce distrusted and less attractive to normal consumers.
We have discussed the characteristics of the hyperlinks that were embedded in phishing e-mails.
We have implemented LinkGuard for Windows XP. Our experiment showed that LinkGuard is light-weighted and can detect up to 96% unknown phishing attacks in real-time.