Free Essay

Phishing Attacks

In: Computers and Technology

Submitted By namdeepsingh
Words 1004
Pages 5
urweqpoiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiPhishing scams are usually fake email messages coming from what seems to look like a legit business. The messages mostly redirect you to a fake website which gets you to enter your private and personal information. These scammers then commit identity theft with all the information they can gather. The term phishing initially came from using email to fish for passwords and personal information from a sea of internet users. In the early days, phishing was stealing password or accounts online, now phishing has extended to stealing personal and financial data. In the 90’s phishing used emails, fooling internet users to reply giving there password and credit card information. Now phishing has grown to phony websites, or installation of Trojan horses by key loggers.
Types of Phishing Methods
Fake Website
A URL similar to a legit site is purchased and then designed to look like the legit website. The hacker then sends out messages to victims, which fools them to click a link, which redirects them to the fake website. The victim them logs on, which sends the information to the hacker.
Fake pop up
Addition to the fake websites is the fake pop up attacks. With this attack a link is sent, but rather than sending a fake website link, the link sent is the legit site. As soon as the website loads, a pop up comes which requires the user to enter all there info to login. The info is then sent to the hacker.
Fake website with validation
Another addition to the fake website, this attack verifies the information with the real website. The user would enter their information into the fake website and the website would send the information to the legit website and verify the information by trying to login with the username and password, this method saves the hackers time.
Social Networks
Social networks have helped people connect, but have also increased the attack angle for hackers.
Face book
Allowing application and messages have opened the gate to phishing. A user can receive a simple message to vote for something, when the user clicks the link the page is a replica of the Facebook login page. Confused the user enters there username and password which send the information to the hacker.
The friend search
Most of the social networks sites have a way to search for friends through you email. A hacker can have a pop up to find you friends, which requires the user to enter their email and password.
Twitter
Hackers use twitter but tweeting short URL replica versions of the twitter site, and the site then requires the user to log in again giving their login information to the hacker.

Phishing has caused allot of financial damage. During the time between May 2004 and May 2005, about 1.2 million computer users had experiences loss caused by phishing in the United States. The total damage was $929 million. In 2007, the attacks saw a huge increase to 3.6 million users and about $3.2 million lost. The three useful ways to protect against phishing are social responses, technical responses and legal responses. Social responses are done by the public and business. People can change the way they browse the internet. For example instead of clicking hyperlinks they can type the companies URL in the address bar. For business they should add a solution for users to authorize the email is legit. Technical response also plays a huge role in protecting against phishing. The most important is having a well recognized, good quality spyware, antivirus program. Also installing browser security updates helps to recognize unsafe links, and displaying a message when about to enter a hazardous site. Another way to reduce the risk is legal responses. The creation of the Anti-Phishing Act of 2005 enables the hackers to be charged if a website is created to gather information to be use in fraud of identity theft, or sending emails claiming to be a legit business.
Spear Phishing
Spear phishing targets a certain organization through email. These types of attacks are usually started by criminals that are looking for trade secrets, information about the military or financial gain. Spear phishing usually comes from a person with authority from the receivers company, unlike phishing messages which come from large and well known companies. These messages can come from either the companies help desk, its IT center, manager or CEO. Spear phishing has higher gain than phishing messages, such as company’s log in information or bank information, which can cause a huge problem for the company.
Zero Day
A zero day attack takes advantage of software problems that don’t currently have a solution. Once the software programmers are aware of the problem they will offer a patch, which is a piece of software to fix the problem. The attack will take advantage of the issue within the software before the patch is released or created. The attack usually happens before the users or the creators of the software find out about the threat. A hacker can find threats in the software and create a virus to ruin the computer systems. Not all threats are unknown to the creator, sometimes they find out ahead of time, but creating a patch to fix the problem can take some time. Even when the patch is released most users are still open to the threat, as many do not do regular updates. Two ways to protect against zero day attacks are, first having an antivirus program and doing regular scans to block virus and worms, a second way is to enable a firewall to protect against being open to harm online. 99% of the time, the threat is a programming mistake, which could have happened years ago, but no one was aware of it. Sometimes the good loyal guys will be aware of the threat before the hackers and they notify Microsoft so they can start working on patch at the same time keeping it a secret from the hackers.

Similar Documents

Free Essay

Phising and Hacking

...Content 1. Hacking & Phishing 2. What is hacking? 3. How hackers discover your PC’s address? 4. How does a firewall work? 5. What is Phishing? 5.1 Introduction 5.2 Types of Phishing 5.2.1 Clone Phishing 5.2.2 Spear Phishing 5.2.3 Phone Phishing 1. Hacking & Phishing No, we're not talking about baiting the hook while you have a bad cold. Hacking and Phishing are two very different types of computer security threats. Hacking is an extremely y high tech attack which requires you to take certain precautions to protect your computer and al l of the data which is stored in it. Phishing, on the other hand, i s decidedly low tech and just requires a dose of common sense to ward off the dangers. 2. What is hacking? Because the Internet is simply a network of computers that are al l tied together, every one of them (including yours) has the capability to "talk" to any other one. That means that a determined criminal can gain unauthorized zed entry to your PC once he knows your computer's "address". These criminal s are called "hackers". 3. How hackers discover your PC’s address? Your computer l eaves its address al l over the Internet whenever it visits a web site. The addresses can be found in the log files which are automatically generated by every web server among other pl aces. Some hackers use what is known as "port scanning" software which simply goes out on the Internet and el electronically knocks" on the door of every connected computer it can find to see if any will...

Words: 1233 - Pages: 5

Free Essay

Antiphishing

...Analysis of PHISHING By Prasath Manimaran ID: 20038303 Table of Contents Chapter One – Introduction 1. Research Questions and Objectives……………….…………………………………………….5 Chapter Two – Literature Review & Definition of Phishing 2.1. Literature Review…………………………………………………………………………………………..8 2.1.2. Definitions of Phishing……………………………………………………………………..8 2.1.3. Outcomes of this Study…………………………………………………………………….16 2.2. Research Details 2.2.1. Scope of the Research……………………………………………………………………….17 2.2.2. Research Methodology……………………………………………………………………..17 2.2.3Inductive versus Deductive Study……..………………………………………………..20 2.2.4. Qualitative versus Quantative……………………………………………………..20 Chapter Three – Phishing in a Banking Context 3.1. Confidence in Internet Banking……………………………………………………………………22 3.1.1. Security Requirements………………………………………………………………………23 3.2. Threat Models……………………………………………………………………………………………….25 3.2.1. The Internet Threat Model……………………………………………………..25 3.2.2. Thompson Threat Model……………………………………………………….26 3.2.3. Viral Threaet Model………………………………………………………………26 3.3. The Phishing Threat Model…………………………………………………………………………..26 3.3.1. Identification of Internet Banking Components………………………………..27 3.3.2. Identification of Phishing Threats………………………………………………29 Chapter 4 – Analysis of Current Phishing Techniques 4.1. Modus Operandi………………………………………………………………………………………….…36 4.2. Roles of Adversary in Phishing………………………………………………………………………...

Words: 15039 - Pages: 61

Free Essay

Vishing

...expose critical or confidential data to malicious attack from anywhere in the world. This paper is intended to discuss an emerging threat vector which combines social engineering and technology. Utilizing Voice over Internet Protocol (VoIP) convenience combined with electronic mail phishing techniques, Vishing has the potential to be a highly successful threat vector. Vishing victims face identity theft and/or financial fraud. An increased awareness about these attacks will provide an effective means for overcoming the security issues. INDEX 1. Introduction 1 2. What is Vishing? 1 3. How Vishing works? 2 4. The Problem of Trust 4 5. Vishing Characteristics 5 5.1. Type of data prone to attack 5 5.2. Data usage by the attacker 6 6. Other Attacks 6 6.1. Dumpster diving 6 6.2. Card Owner Validation 7 6.3. Handset Blackmail 7 6.4. Exploit payloads 7 7. Overcoming Vishing 7 8. Conclusion 8 References 9 1. Introduction: Many of today’s widespread threats rely heavily on social engineering techniques, which are used to manipulate people into performing actions or divulging confidential information to leverage and exploit technology weaknesses. Phishing is the most commonly exploited threat currently plaguing the Internet and its users. At one point, phishing referred exclusively to the use of e-mail to...

Words: 2502 - Pages: 11

Premium Essay

Techniques

...------------------------------------------------- Techniques and terms[edit] All social engineering techniques are based on specific attributes of human decision-making known as cognitive biases.[3] These biases, sometimes called "bugs in the human hardware," are exploited in various combinations to create attack techniques, some of which are listed here: Pretexting[edit] Pretexting (adj. pretextual), also known in the UK as blagging or bohoing, is the act of creating and using an invented scenario (the pretext) to engage a targeted victim in a manner that increases the chance the victim will divulge information or perform actions that would be unlikely in ordinary circumstances.[4] An elaborate lie, it most often involves some prior research or setup and the use of this information for impersonation (e.g., date of birth, Social Security number, last bill amount) to establish legitimacy in the mind of the target.[5] This technique can be used to fool a business into disclosing customer information as well as by private investigators to obtain telephone records, utility records, banking records and other information directly from company service representatives. The information can then be used to establish even greater legitimacy under tougher questioning with a manager, e.g., to make account changes, get specific balances, etc. Pretexting can also be used to impersonate co-workers, police, bank, tax authorities, clergy, insurance investigators — or any other individual...

Words: 9621 - Pages: 39

Premium Essay

Identifying Potential Malicious Attacks, Threats, and Vulnerabilities

...understanding of the situation in the network of the company I decided to start the analysis by the vulnerabilities that this one presents. Many of these vulnerabilities are the cause for different types of network attacks. It should be noted that while many of these vulnerabilities may be mitigated or eliminated the possibility of an attack always exists. The first vulnerability is the email server. Although very well controlled for been within the Demilitarized Zone (DMZ), this is always a vulnerability with which most companies have to deal with. This vulnerability opens the way for phishing attack. One way to mitigate this vulnerability is configuring the email server so that only authorized email may enter. This is difficult because our video game company has a large list of customers and suppliers that are in constant change. The best option is to alert users about the security measures and company policies regarding private and unknown emails. The Web and FTP server can be a not very alarming vulnerability. Because it is located in the DMZ and after the Intrusion Detection System (IDS), is unlikely to be corrupted without being detected. The location of the file servers in the network is totally unprotected against internal attacks. Any successful attack in the LAN would leave the data servers exposed. The establishment of a demilitarized zone with a completely different set of log on names and password than any other machines would give these servers better security...

Words: 1141 - Pages: 5

Free Essay

Network Based Threat Research

...the Department of Defense’s Joint Staff became the latest target in a spear phishing attack. For over two weeks more than 4,000 users on the Defense network have been shut down by this attack (Starr, 2015). Where are all these threats originating from? They are from every location on the universe within the United States, China, Russia and even our own allies (Starr, 2015). Provide a description of a few network based threats The recent attack on the Department of Defense was a spear phishing attack. These are attacks through emails sent to employees with hopes that they open the link. Once the link is opened they give up their network credentials and it allows an outside source into a network. Denial-of-servie (DoS) and distributed-denial-of-service (DDoS) are attacks from one or more devices that are targeted at a server that creates so much traffic or demands for services that the target cannot respond to legitimate requests (TechTarget, 2000-2015). Figure 1: In a DDoS attack, multiple devices (red) flood a server with requests, overwhelming the server and blocking legitimate users (green). Malware or malicious software is any software that is used with intentions to disrupt computer operations, gather information or gain access to private computers (Norton, 1995). For each threat, focus on describing how the threat exploits network vulnerabilities In the case of the Phishing attack on the Joint Staff, malicious emails are created that resemble legitimate emails...

Words: 810 - Pages: 4

Free Essay

Russian Hackers Attack the White House

...| Russian hackers attack the white house | | | Michae haven | 4/27/2015 | | On April 8, 2015 CNN did a report on a security breach involving the white house and the state department. This attack was done allegedly by Russian hackers in an attempt to gain states secrets. The hackers had gained access to the state departments computers via a phishing email attack. The attack was found out by suspicious activity that was happening on the white house computers. This attack allowed them full access to the state department’s computers and eventually they were able to convince someone to give them access to the white house’s non classified systems where sensitive information like the presidents non-published schedule and other information. The state department had been battling the hackers for months on trying to keep the hackers out but with no success at doing so. The systems were taken off line in an attempt to purge the mal-ware that was installed that gave the access to the systems and for new security measures to be put into place to help prevent future attacks on the systems. (Prokupecz, 2015) The attack was done by using a phishing scam. The way this works is first someone sends a message to a user, in this case it was by an email, trying to convince the user that they are someone from inside their work place, representing an event from the work place, or represents themselves as a trusted source. They then get the user to click on a web link that takes...

Words: 891 - Pages: 4

Free Essay

Small Business

...Small Business Paper 1 Over the last few years major retail companies have been hacked. Target, Sony and even Walmart, you may think that only big name companies get hacked. But to be honest small business are the major target of hackers because they do not have the resource or knowledge as the top dogs. According to Symantec Threat Report 82% of stolen information could have been protected if business had and follow a security plan. So what are some threats that small business face today, for example let’s take a look at a kiosk at a shopping center. Kiosk’s is an 8 billion dollar industry in the United States, the average mall has 20 kiosk and they sell apparel, cell phone and accessories all the way down to home décor. Why are kiosks at the mall so vulnerable to system threat? Because most of them us an iPad or computer to make their daily transactions. Let’s take a look at some of the threats a kiosk had to deal with. Number one since they use a computer or iPad that’s need to be connected to a network this alone is a huge threat because hackers can easily hack the network and get customers financial information. According to Symantec/Small Business Technology Institute Study 60% of small business have open wireless networks. This leads me to the second threat that a small business can get is a malicious code. Small businesses try to save money so they don’t really think about an anti-spyware program or anti-virus because of this the system is defenseless against a...

Words: 641 - Pages: 3

Free Essay

Assignment 2

...For each malicious attack and threat identified in Assignment 1, choose a strategy for dealing with the risk (i.e., risk mitigation, risk assignment, risk acceptance, or risk avoidance). Masquerading – An attacker impersonates an authorized user to capture authentication information for use at a later date, resulting in possible unauthorized access to the network. An impersonation attack may be a replay or may be some other type of attack. Risk mitigation would be the best strategy for dealing with a masquerading attack. As risk mitigation uses various controls to reduce risk. (Janssen, 2013) Social engineering – An attacker uses the weakest link (people) to gain access to secret information by simply asking. This can be done over the phone or email. Compromise of sensitive information is likely to occur. Social networking websites can reveal a large amount of personal information, including resumes, home addresses, phone numbers, employment information, work locations, family members, education and photos. Social media websites may share more personal information than users expect or need to keep in touch with friends making them vulnerable to identity theft or other crimes. Risk avoidance would be the best strategy for dealing with a social engineering attack. (Roman, 2013) Phishing – Attackers use email to trick an individual into giving up private information such as financial information through a link to a fake website. When a user logs onto the fake Web site, and...

Words: 622 - Pages: 3

Premium Essay

Mock Up for Vulnerability Testing

...C. Mock Up for Vulnerability Testing: Techniques to use: 1. Conduct an in-depth, physical inspection companywide - thoroughly analyze current company operations and methods; many checklists are available to follow for consistency and accountability purposes. Comb through the organization and document detailed findings on topics such as: * Controlled access procedures/requirements - locks used, required key cards, guard controlled entry, open access…? * Access ability evaluation for key department and employee workspace environments, examples include; HR, CEOs, CFOs, and Payroll. Is sensitive information properly stored with adequate security…? * Identity authentication, verification, and management - determine realistic methods and procedures commonly used. Identify management policies for ex-employees, lost identification, etc. * Network access vulnerability - note the state of unattended employee workstations - locked, sleeping/hibernating, wide-open…? Look out for USB devices, thumb drives, and random hardware and/or software allowing for possible intrusion * Data/information security and availability - are document handling policies in place…? Are methods in place for proper document disposal…? Are the employees operating under any sort of document handling policy…? 2. Telephone penetration - conduct random testing on all levels of employees using deceptive techniques in attempt to gain sensitive/key information. Some deception...

Words: 690 - Pages: 3

Premium Essay

Tft2 Task 4

...Bank, we were notified by several of our commercial customers of unauthorized wire transfers in an amount greater than $290,000. This is very concerning since we take pride in our information security. As soon as we were notified of the fraudulent transactions my security team, along with the network engineers, performed a thorough investigation of how such attack had occurred. Once we were able to view all logs and audit data it came to our attention that the data did not appear to be stolen from our network. All transactions performed were done so with the appropriate credentials. Once we determined that the data breach did not occur on our network we worked with the customers to check their personal computers. We discovered that all the information was gathered from the customers with a key-logging virus that collected the usernames, account numbers, passwords, personal identification numbers, URL addresses, and digital certificates used to access the VL Bank online banking site. Further investigation showed that there was not adequate virus protection on these PCs. The key-logging virus originated from a phishing email impersonating VL Bank and asking the customer to load the latest security software to protect from identity theft. The customers reported the fund transfer immediately (within 48 hours) and they are protected under the Electronic Fund Transfer Act (EFTA). This states that as long as the fraudulent wire transfer is reporting in a timely manner that the...

Words: 1403 - Pages: 6

Premium Essay

Phishing

...1. Phishing= phone+ fishing Definition: Phishing is the attempt to acquire sensitive information by using malware. Phishing is a homophone of fishing, which involves using lures to catch fish. Typically a victim receives a message that appears to have been sent by a known contact or organization. An attachment or links in the message may install malware on the user’s device or direct them to a malicious website set up to trick their personal information, such as password, account IDs or credit card details. To make phishing messages look like they are genuinely from a well-known company, they include logos and other identifying information taken directly from that company’s website. The malicious links within the body of the message are designed to make it appear that they go to the spoofed organization. The use of subdomains and misspelled URLs (typosquatting) are common tricks, as is homograph spoofing -- URLs created using different logical characters to read exactly like a trusted domain. Some phishing scams use JavaScript to place a picture of a legitimate URL over a browser’s address bar. the main reason for this is that it is more difficult to identify a phishing site on a mobile device than on a computer, due to page size and other hidden factors making it difficult to tell a site of this type from a clean one in a small 2. How phishing works: From beginning to end, the process involves: 1) Planning. Phishers decide which business to target and determine...

Words: 1870 - Pages: 8

Premium Essay

Cyber Security

...Introduction Pharming is defined as an attack in which a hacker installs malicious code on a personal computer or server, and redirects users from legitimate websites to fraudulent ones without their consent. It can also be called as “Phishing without a Lure.” Furthermore, it is among the most common computer security threats and even though it is a variant of phishing, it uses different techniques to achieve this. The first use of the word Phishing was in 1987 in a paper and presentation brought to the International HP users group. However, it didn’t really come out to the public until the American Online (AOL) accounts were stolen in 1996 by email. Since then, attempts have been made to target customers of banks and online payment services, making Social Networking sites the primary use for these attacks. On the other hand, Pharming was the evolution of phishing when it started to have low effects on users because the scams were easily identified and avoided. Panix was the first investigated case of this attack and in 2005 someone changed the DNS address, email direction, and ownership information of panix.com Pharming techniques are mainly based on deceiving not only the user but the computer as well, in order to change the real URLs to different IP numbers and consequently take the users to unwanted destinations. Moreover, pharming seeks to obtain personal or private information through domain spoofing. In other words, it poisons a DNS server by infusing...

Words: 279 - Pages: 2

Premium Essay

Phising and Online Bank Fraud

...PHISHING & ONLINE BANKING FRAUD By, Aditya Ravishankar 5-BBA-LLB ‘B’ 1216452 School Of Law, Christ University TABLE OF CONTENT 1. Abstract ...2 2. Introduction ...3 3. Statement of Problem ...3 4. Scope and Objective ...3 5. Fraud …4 6. Online Banking …5 7. Banking Fraud using Technology …6 8. Cyber Crime & Online Banking Fraud …6 9. Phishing …7 10. Classification of Phishing ...8 11. Indian Scenario …11 12. conclusion …12 Abstract Nowadays, almost every bank provides its clients with access to their accounts over the Internet Banks provide a different range of financial services through their Internet banking channels. Different financial Internet banking applications mostly contain money transferring services, investment services (stock, bond, and mutual funds) and currency exchange services. However, as new technologies upset traditional power balances and so does the Internet. The Internet empowers everyone including cybercriminals. Advancement of technology and rapid progression of the hackers’ ability to access various users’ systems maliciously altered their motivations from curiosity to financial motives. Thus Financial Fraud is on rampant increase. This paper focuses on Online Banking Fraud in a general perspective and also looks into...

Words: 3597 - Pages: 15

Premium Essay

Social Engineering

...attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and rely on the information from the first source to add to his or her credibility. In the past companies would assume if they setup authentication processes, firewalls, virtual private networks, and network-monitoring the software their network would be safe. Social Engineering bypasses the technical security measures and targets the human element in the organization. SOCIAL ENGINEERING ATTACK Social engineering attacks are personal. Hackers understand that employees are often the weakest link in a security system. One of the greatest dangers of social engineering is that attacks need not to work against everyone. A single successful victim can provide enough information to trigger an attack that can affect entire organization. There are numerous types of social engineering attacks including but not limited to Trojan and phishing email messages, impersonation, persuasion, bribery, shoulder surfing,...

Words: 948 - Pages: 4