Tuesday, February 3, 2009

Phishing: Examples and Prevention Method



Nowadays people are relying more and more on the usage of internet for business, investment, and personal trading; internet fraud becomes increasingly a threat or harm for users. There are various types of fraud on internet, one interesting and fast-growing is phishing. This method attacks user by sending email or creating website that falsely claimed to be an established legitimate organization in order to scam the particular user into disclosing personal, financial, or computer account information.

One example of famous and the very first phising case reported on March 9, 2004 is the attack to ebay customers. The perpetrator sends emails to targeted customers stating that the customers’ information was invalid and correction is necessary to prevent interruption of services and keep their ebay account active. The other page requires user to key in their credit card number, contact information, social security number and ebay username and password. The perpetrator had formed a mental model in user mind that is: ebay is requesting for information update.

Phising can be appear in many forms. Besides in email, it can be appear in your social networking Web sites, on a fake Web site that accepts donations for charity, on a website with almost the same web site name hoping you would not notice it, in your instant messaging programs- Msn and yahoo messenger. There are many types of scam too. Below are some examples:
a. Verify your account- usually happen when involving banks and trading websites asking you to update your credit card information.
b. You have won a lottery- I believe most of us had received this kind of mail or messages before. In order to bait the user to believe the message, the perpetrator will usually use big companies like Microsoft or oversea countries celebrating their 30th year of establishment and had randomly picked your hand phone numbers as the winner!
c. Your account will be closed if you do not response within 24 hour- this message conveys a sense of urgency to get user in no time to think properly.


Some of the method to prevent phising:




1. detecting the fake registered domain names- perpetrator have to set up a website name that is similar to the original organization’s name to get users fooled. If we are careful enough to see the website name it usually got extra words or less. For example, www.publicbanks.com or www.yahooo.com . This method of detection is not always useful because of different reasons. First - Even though it is easy to track new registrations of GLTD-generic top-level-domain like .com and .net, it is not true for CCTLD -country specific top-level-domains like .cn(China) or .kr(Korea) where many phishing sites are registered. Second - attackers may choose not to register a domain name and operate the website using just IP address.




2. Detecting looked-alike webpage- when creating a false website, the perpetrator might just copy and paste some image or logo from the original website. If we insert something like JavaScript into the original website (which alerts us when run under any URL other than the authentic) we can get alerted of any of those phishing attacks.




3. Detecting the email sent to users- Once the phishing site is set up, perpetrator sends emails to hundreds of users, who are the potential victims. As expected, many of these emails would bounce as the TO: address is incorrect. To increase credibility of the mail perpetrator would keep the “From: address of the mail” as something like admin@xyzbank.com. This user id will be non-existent on the real xyzbank.com email server. Otherwise the mails which bounce will get into the mailbox of a user, if the admin@xyzbank.com is a valid email id. If this is a valid email address, attackers would keep the “from address” as something like admin1@xyzbank.com.
The mails with wrong “To: addresses” will be all returned to the xyzbank.com SMTP server. The SMTP server looks at the “From: address admin1@xyzbank.com “and finds whether it exist or not. If “From: address” and “To: address” are both wrong, this is called a double-bounce mail.
Bounced mails are common but double bounced mails are not. It is highly likely that double bounce mails are phishing mails targeting abcbank.com.




4. Always use email verification- with this double confirmation phishing is less likely to occur since email address and password is only known to one person. PayPal, a world welknown business website is now having “iconix eMail ID” function to offer extra measure of phishing protection.



No comments:

Post a Comment