-A THREAT TO NETWORK SECURITY

PHISHING

Prasad V.Potluri Siddhartha Institute of Technology

Department of Electronics and Communication Engineering

Presented by:

1. Lalitha Kumari.J III/Iv B.tech Mail id:lalitha.jetti@gmail.com 2. Pujitha.D III/IV B.tech Mail id:pujita.devarapalli@gmail.com 3. Teja Lakshmi.A III/IV B.tech Mail id:teja24.adusumilli@gmail.com

ABSTRACT
Give a man a fish," goes an old adage," and you feed him for a day. Teach a man to fish, and you feed him for life." In Internet parlance, Teach a man to phish, and he can feast on caviar for the rest of his life." It is becoming increasingly common to tune in to the news or load your favorite news Web site and read about yet another Internet e-mail scam. An e-mail scam is a fraudulent email that appears to be from a legitimate Internet address with a justifiable request usually to verify your personal information or account details. One example would be if you received an e-mail that appears to be from your bank requesting you click a hyperlink in the E-mail and verify your online banking information. Usually there will be a repercussion stated in the email for not following the link, such as "your account will be closed or suspended".

The goal of the sender is for you to disclose personal and account related information. This paper presents one of the 21st centurys identity theft web crimes known as phishing. Phishing is also referred to as brand spoofing or carding and is a variation on "fishing," the idea being that bait is thrown out with the hopes that while most will ignore the bait, some will be empted into biting. It is a type of fraud unique to the Internet. Hackers challenge network security through phishing. Phishers use both linguistic and technical ploys to steal sensitive data. The term phishing" was coined in 1996 and refers to email that directs users to counterfeit websites. The goal is to collect personal and final information, which can then be used to make unauthorized purchases, steal identities, or sell sensitive information to identify theft things. In a typical phishing e-mail, the users are directed to a proxy site that looks just like the original one but however the proxy

site might ask for additional detailed data ( like bank account numbers, social security number, mother's maiden name, credit/debit card numbers, or the highly confidential CVV2 in the case of a proxy bank email). It is not unusual, however, for the link to be dead, as phishing requires a very tight timeline due to more effective detection tools. Phishing is an example of social engineering techniques used to fool users. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical measures. Our paper briefly gives the history of phishing and explains the various methods of message delivery which includes delivery with email, instant message delivery, and web based delivery, and trojoned host. In addition to these, it describes the various phishing attack vectors. Phishing attacks include man in middle attacks, confusing URL attacks, hidden attacks, and confusing host names. Our paper also gives information about various defence mechanisms. Defence mechanisms is deployed in three layers client, server, enterprise which help to implemented to guard oneself from the crippling effects of phishing.

The process of tricking or socially engineering organizations customers into imparting their confidential information is called phishing. Organizational size doesnt matter; the equality of the personal information reaped from the attack has a value all in itself to the criminals. Hidden away amongst the mounds of electronic junk mail, and bypassing many of todays best anti-Spam filters, a new attack vector lies in wait to steal confidential personal Information. Such mails lure victims into traps specifically designed to steal their electronic identity. 1.2 HISTORY OF PHISHING: The word phishing originally comes from the analogy that early Internet criminals used email lures to phish (FISH) for passwords and financial data from sea of Internet users. The term Phishing covers not only obtaining user account details, but now includes access to all personal and financial data.

2. PHISHING MESSAGE DELIVERY:

Phishing attacks rely upon a mix of technical deceit and social engineering practices. In the majority of cases the Phisher must persuade the victim to intentionally perform a Series of confidential information. Communication channels such as email, web-pages, IRC and instant messaging services are popular.

1. INTRODUCTION:
1.1 WHAT IS PHISHING?

2.1 E MAIL:
Phishing attacks initiated by email are the most common. As almost all the net users

use Emails Phisher find it easy to do identity theft. Techniques used within Phishing emails: Official looking and sounding emails Copies of legitimate corporate emails with Minor URL changes. HTML based email used to obfuscate target URL information Standard virus/worm attachments to email 2.2 WEB BASD DELIVERY: An increasingly popular method of conducting phishing attacks is through malicious web-site content. This content may be included within a web-site operated by the Phisher, or a third-party site hosting some embedded content. Web-based delivery techniques include: The inclusion of HTML disguised links (such as the one presented in the above email Example). Within popular web-sites, message boards. The use of third-party supplied, or fake, banner advertising graphics to lure customers to the Phishers web-site. The use of web-bugs (hidden items within the page such as a zero-sized graphic) to track a potential customer in preparation for a phishing attack. The use of pop-up or frameless windows to disguise the true source of the Phishers message. 2.3 IRC AND INSTANT MESSAGING: IRC and Instant Messaging (IM) forums are likely to become a popular phishing

ground. As these communication channels become more popular with home users, and more functionality is included within the software, specialist phishing attacks will increase. As many IRC and IM clients allow for embedded dynamic content (e.g. graphics, URLs, multimedia includes, etc.) to be sent by channel participants, it is a trivial task to employ many of the phishing techniques used in standard web-based attacks. The common usage of Bots (automated programs that listen and participate in group discussions) in many of the popular channels, means that it is very easy for a Phisher to anonymously send semi relevant links and fake information to the victims. 2.4 TROJONED HOSTS: While the delivery medium for the phishing attack may be varied, the delivery source is increasingly becoming home PCs that have been previously compromised. As part of this compromise, a Trojan horse program has been installed which allows Phishers to use the PC as a message propagator. In fact, to harvest the confidential information of several thousand customers simultaneously, Phishers use information specific Trojans.

3. PHISHING ATTACK VECTORS: For a Phishing attack to be

successful, it must use a number of methods to trick the Customer into doing something with their server and/or supplied page content .The most common methods are: 3.1 MAN IN MIDDLE ATTACKS:

In this class of attacks, the attackers situate themselves between the customer and the real web-based application, and proxies all communications between the systems.

3.2 CONFUSING URL ATTACKS: The secret for many phishing attacks is to get the message recipient to follow a hyperlink (URL) to the attackers server, without them realizing that they have been duped. The most common methods of URL obfuscation include: Bad domain names-which look similar to original domain names but actually link to phishers server. Friendly login URLs-Many common web browser implementations allow for complex URLs that can include Authentication information such as a Login name and password which trick many customers into thinking that they are actually visiting the target organization. 3.3 CONFUSING HOST NAMES: Most Internet users are familiar with navigating to sites and services using a fully qualified domain name, such as www.site.com. For a web browser to communicate over the Internet, this address

must to be resolved to an IP address, such as 209.134.161.35 for www.site.com. This resolution of IP address to host name is achieved through domain name servers. 3.4 HIDDEN ATTACKS: An attacker may make use of HTML, DHTML and other scriptable code that can be interpreted by the customers web browser and used to manipulate the display of the rendered information. In many instances the attacker will use these techniques to disguise fake content as coming from the real site whether this is a man-in-the-middle attack, or a fake copy of the site hosted on the attackers own systems. The most common vectors include: Hidden Frames Overriding Page Content Graphical Substitution

4. DEFENCE MECHANISM:
The Phisher has a large number of methods at their disposal consequently there is no single solution capable of combating all these different attack vectors. However, it is possible to prevent current and future Phishing attacks by utilizing a mix of information security technologies and techniques. For best protection, these security technologies and techniques must be deployed at three Logical layers: The Client-side this includes the users PC.The Server-side this includes the businesses, Internet visible systems and custom applications. Enterprise Level distributed technologies and third-party management services 4.1 CLIENT SIDE:

Client side is a representation of forefront of anti-phishing security. At this side protection against phishing can be done by: Desktop protection technologies Email sophistication Browser capabilities Customer vigilance 4.1.1 Desktop protection technologies: By using anti-viruses, anti-spy wares, personal firewall etc, which have the ability to detect and block the installation of malicious software like Trojans, spy wares. 4.1.2 Email Sophistication: Many of the attacks are successful due to HTML-based email Functionality as Explained above. HTML functionality must be disabled in all email client applications capable of accepting or sending Internet emails. Instead plain-text email representation should be used, and ideally the chosen font should be fixed-with such as Courier. Email applications capable of blocking dangerous attachments and preventing users from quickly executing or viewing attached content should be used whenever possible. 4.1.3 Browser Capabilities: The common web browser may be used as a defense against phishing attacks if it is configured securely. Customers and businesses must make a move to use a web browser that is appropriate for the task at hand. To help prevent many Phishing attack vectors, web browser users should: Disable all window pop-up functionality.

Disable Java runtime support. Disable ActiveX support. Disable all multimedia and auto-play/autoexecute extensions. Prevent the storage of non-secure cookies. Ensure that any downloads cannot be automatically run from the browser, and must Instead be downloaded into a directory for anti- Virus inspection. 4.1.4 Customer Vigilance: Customers may take a number of steps to avoid becoming a victim of a phishing attack that involve inspecting content that is presented to them carefully. Some measures that should be taken by the customer are: If a customer gets an email that warns he/she, with little or no notice that their account will be shut down unless they reconfirm billing information, they should not reply or click on the link in the email. Instead, they should contact the company cited in the email using a telephone number or Web site address that is known to be genuine. Customer should never respond to HTML email with embedded submission forms. Any information submitted via the email (even if it is legitimate) will be sent in clear text that could be observed. Users should avoid emailing personal and financial information. Before submitting financial information through a Web site, the "lock" icon on the browser's status bar should be observed .It signals that information is secure during transmission.

 Credit card and bank account statements are to be reviewed as soon as they are received to determine whether there are any unauthorized charges. If the statement is late by more than a couple of days, a call to Credit Card Company or bank must be made to confirm billing address and account balances. 4.2 SERVER SIDE: By implementing intelligent anti-phishing techniques into the organizations web application security, developing internal processes to combat phishing vectors and educating customers it is possible to take an active role in protecting customers from future attack. At the server-side, protection against Phishing can be done by: 1. Improving customer awareness 2. Host and Linking conventions 3. Enterprise Level

numerously with the growth of use of Internet. The points raised within this paper, and the solutions proposed, represent key steps in securing online services from fraudulent phishing attacks and also go a long way in protecting against many other popular hacking or criminal attack vectors.

6. REFERENCES:
Proposed Solutions to Address the Threat of Email Spoofing Scams, the AntiPhishing Working Group Anti-Phishing: Best Practices for Institutions and Consumers, McAfee. Phishing Victims Likely Will Suffer Identity Theft Fraud, Gartner Research Note, A. Litan.

5. CONCLUSION:
Phishing, which started off being part of popular hacking culture, has now increased