A PAPER PRESENTATION ON

“PHISHING”
-A THREAT TO NETWORK SECURITY

GODAVARI INSTITUTE OF
ENGINEERING AND TECHNOLOGY

Presented by:

N.SURAJ S.V.R.ADITYA

3RD BTECH IT 3RD BTECH IT

EMAIL_ID:suraj_2607 @ email_id:somisetty.aditya
Yahoo.com @gmail.com
PHONE:9948947026 PHONE:9704790680
ABSTRACT
“Give a man a fish," goes an old
adage," and you feed him for a day. Teach a
man to fish, and you feed him for life." In
Internet parlance, “Teach a man to phish,
and he can feast on caviar for the rest of his
life." It is becoming increasingly common to
tune in to the news or load your favorite
news Web site and read about yet another
Internet e-mail scam. An e-mail scam is a
fraudulent email that appears to be from a
legitimate Internet address with a justifiable
request —usually to verify your personal
information or account details. One example
would be if you received an e-mail that
appears to be from your bank requesting you
click a hyperlink in the E-mail and verify
your online banking information. Usually
there will be a repercussion stated in the e-
mail for not following the link, such as
"your account will be closed or suspended".
The goal of the sender is for you to disclose
personal and account related information.
This paper presents one of the 21st
century’s identity theft web crimes known as
phishing’. Phishing is also referred to as
brand spoofing or carding and is a variation
on "fishing," the idea being that bait is
thrown out with the hopes that while most
will ignore the bait, some will be empted
into biting. It is a type of fraud unique to the
Internet. Hackers challenge network security
through ‘phishing’. Phishers use both
linguistic and technical ploys to steal
sensitive data. The term “phishing" was
coined in 1996 and refers to email that
directs users to counterfeit websites. The
goal is to collect personal and final
information, which can then be used to make
unauthorized purchases, steal identities, or
sell sensitive information to identify theft
things. In a typical phishing e-mail, the users
are directed to a proxy site that looks just
like the original one but however the proxy
site might ask for additional detailed data
( like bank account numbers, social security
number, mother's maiden name, credit/debit
card numbers, or the highly confidential
CVV2 in the case of a proxy bank email). It
is not unusual, however, for the link to be
dead, as phishing requires a very tight
timeline due to more effective detection
tools.
Phishing is an example of social
engineering techniques used to fool users.
Attempts to deal with the growing number
of reported phishing incidents include
legislation, user training, public awareness,
and technical measures.
Our paper briefly gives the history of
phishing and explains the various methods
of message delivery which includes delivery
with email, instant message delivery, and
web based delivery, and trojoned host. In
addition to these, it describes the various
phishing attack vectors. Phishing attacks
include man in middle attacks, confusing
URL attacks, hidden attacks, and confusing
host names. Our paper also gives
information about various defence
mechanisms. Defence mechanisms is
deployed in three layers client, server,
enterprise which help to implemented to
guard oneself from the crippling effects of
phishing.
1. INTRODUCTION:
1.1 WHAT IS PHISHING?
The process of tricking or socially
engineering organizations customers into
imparting their confidential information is
called ‘phishing’. Organizational size
doesn’t matter; the equality of the personal
information reaped from the attack has a
value all in itself to the criminals. Hidden
away amongst the mounds of electronic junk
mail, and bypassing many of todays best
anti-Spam filters, a new attack vector lies in
wait to steal confidential personal
Information. Such mails lure victims into
traps specifically designed to steal their
electronic identity.
1.2 HISTORY OF PHISHING:
The word “phishing” originally comes
from the analogy that early Internet
criminals used email lures to “phish” (FISH)
for passwords and financial data from sea of
Internet users. The term Phishing covers not
only obtaining user account details, but now
includes access to all personal and financial
data.
2. PHISHING MESSAGE
DELIVERY:
Phishing attacks rely upon a mix of
technical deceit and social engineering
practices. In the majority of cases the
Phisher must persuade the victim to
intentionally perform a Series of
confidential information. Communication
channels such as email, web-pages, IRC and
instant messaging services are popular.
2.1 E MAIL:
 Phishing attacks initiated by email are the
most common. As almost all the net users
use Emails Phisher find it easy to do identity
theft. Techniques used within Phishing
emails:
• Official looking and sounding emails
• Copies of legitimate corporate emails with
Minor URL changes.
• HTML based email used to obfuscate
target URL information
• Standard virus/worm attachments to email
2.2 WEB BASD DELIVERY:
An increasingly popular method of
conducting phishing attacks is through
malicious web-site content. This content
may be included within a web-site operated
by the Phisher, or a third-party site hosting
some embedded content.
Web-based delivery techniques include:
• The inclusion of HTML disguised
links (such as the one presented in the above
email Example). Within popular web-sites,
message boards.
• The use of third-party supplied, or
fake, banner advertising graphics to lure
customers to the Phisher’s web-site.
• The use of web-bugs (hidden items
within the page – such as a zero-sized
graphic) to track a potential customer in
preparation for a phishing attack.
• The use of pop-up or frameless
windows to disguise the true source of the
Phisher’s message.
2.3 IRC AND INSTANT MESSAGING:
IRC and Instant Messaging (IM) forums
are likely to become a popular phishing
ground. As these communication channels
become more popular with home users, and
more functionality is included within the
software, specialist phishing attacks will
increase. As many IRC and IM clients allow
for embedded dynamic content (e.g.
graphics, URL’s, multimedia includes, etc.)
to be sent by channel participants, it is a
trivial task to employ many of the phishing
techniques used in standard web-based
attacks. The common usage of Bots
(automated programs that listen and
participate in group discussions) in many of
the popular channels, means that it is very
easy for a Phisher to anonymously send
semi relevant links and fake information to
the victims.
2.4 TROJONED HOSTS:
While the delivery medium for the
phishing attack may be varied, the delivery
source is increasingly becoming home PC’s
that have been previously compromised. As
part of this compromise, a Trojan horse
program has been installed which allows
Phisher’s to use the PC as a message
propagator. In fact, to harvest the
confidential information of several thousand
customers simultaneously, Phisher’s use
information specific Trojans.
3. PHISHING ATTACK
VECTORS: For a Phishing attack to be
successful, it must use a number of methods
to trick the Customer into doing something
with their server and/or supplied page
content .The most common methods are:
3.1 MAN IN MIDDLE ATTACKS:
In this class of attacks, the attackers situate
themselves between the customer and the
real web-based application, and proxies all
communications between the systems.
3.2 CONFUSING URL ATTACKS:
The secret for many phishing attacks is
to get the message recipient to follow a
hyperlink (URL) to the attacker’s server,
without them realizing that they have been
duped. The most common methods of URL
obfuscation include:
• Bad domain names-which look similar
to original domain names but actually link to
phisher’s server.
• Friendly login URL’s-Many common
web browser implementations allow for
complex URL’s that can include
Authentication information such as a Login
name and password which trick many
customers into thinking that they are
actually visiting the target organization.
3.3 CONFUSING HOST NAMES:
Most Internet users are familiar with
navigating to sites and services using a fully
qualified domain name, such as
www.site.com. For a web browser to
communicate over the Internet, this address
must to be resolved to an IP address, such as
209.134.161.35 for www.site.com. This
resolution of IP address to host name is
achieved through domain name servers.
3.4 HIDDEN ATTACKS:
An attacker may make use of HTML,
DHTML and other scriptable code that can
be interpreted by the customer’s web
browser and used to manipulate the display
of the rendered information. In many
instances the attacker will use these
techniques to disguise fake content as
coming from the real site – whether this is a
man-in-the-middle attack, or a fake copy of
the site hosted on the attackers own systems.
The most common vectors include:
• Hidden Frames • Overriding Page
Content • Graphical Substitution
4. DEFENCE MECHANISM:
The Phisher has a large number of methods
at their disposal consequently there is no
single solution capable of combating all
these different attack vectors. However, it is
possible to prevent current and future
Phishing attacks by utilizing a mix of
information security technologies and
techniques. For best protection, these
security technologies and techniques must
be deployed at three Logical layers:
The Client-side – this includes the user’s
PC.The Server-side – this includes the
businesses, Internet visible systems and
custom applications. Enterprise Level –
distributed technologies and third-party
management services
4.1 CLIENT SIDE:
Client side is a representation of forefront of
anti-phishing security. At this side
protection against phishing can be done by:
· Desktop protection technologies
· Email sophistication
· Browser capabilities
· Customer vigilance
4.1.1 Desktop protection technologies:
By using anti-viruses, anti-spy wares,
personal firewall etc, which have the ability
to detect and block the installation of
malicious software like Trojans, spy wares.
4.1.2 Email Sophistication:
Many of the attacks are successful due to
HTML-based email Functionality as
Explained above.
· HTML functionality must be disabled
in all email client applications capable of
accepting        or sending Internet emails.
Instead plain-text email representation
should be used, and        ideally the chosen
font should be fixed-with such as Courier.
· Email applications capable of blocking
“dangerous” attachments and preventing
users from quickly executing or viewing
attached content should be used whenever
possible.
4.1.3 Browser Capabilities:
The common web browser may be used as a
defense against phishing attacks – if it is
configured securely. Customers and
businesses must make a move to use a web
browser that is appropriate for the task at
hand. To help prevent many Phishing attack
vectors, web browser users should:
• Disable all window pop-up functionality.
• Disable Java runtime support.
• Disable ActiveX support.
• Disable all multimedia and auto-play/auto-
execute extensions.
• Prevent the storage of non-secure cookies.
•Ensure that any downloads cannot be
automatically run from the browser, and
must Instead be downloaded into a directory
for anti- Virus inspection.
4.1.4 Customer Vigilance:
Customers may take a number of steps to
avoid becoming a victim of a phishing
attack that involve inspecting content that is
presented to them carefully.
Some measures that should be taken by the
customer are:
· If a customer gets an email that warns
he/she, with little or no notice that their
account will be shut down unless they
reconfirm billing information, they should
not reply or click on the link in the email.
Instead, they should contact the company
cited in the email using a telephone number
or Web site address that is known to be
genuine.
· Customer should never respond to
HTML email with embedded submission
forms. Any information submitted via the
email (even if it is legitimate) will be sent in
clear text that could be observed.
· Users should avoid emailing personal
and financial information. Before submitting
financial information through a Web site,
the "lock" icon on the browser's status bar
should be observed .It signals that
information is secure during transmission.
· Credit card and bank account
statements are to be reviewed as soon as
they are received to determine whether there
are any unauthorized charges. If the
statement is late by more than a couple of
days, a call to Credit Card Company or bank
must be made to confirm billing address and
account balances.
4.2 SERVER SIDE:
By implementing intelligent anti-phishing
techniques into the organizations web
application security, developing internal
processes to combat phishing vectors and
educating customers – it is possible to take
an active role in protecting customers from
future attack. At the server-side, protection
against Phishing can be done by:
1. Improving customer awareness
2. Host and Linking conventions
3. Enterprise Level
5. CONCLUSION:
Phishing, which started off being part of
popular hacking culture, has now increased
numerously with the growth of use of
Internet. The points raised within this paper,
and the solutions proposed, represent key
steps in securing online services from
fraudulent phishing attacks – and also go a
long way in protecting against many other
popular hacking or criminal attack vectors.