09-05-2011, 03:43 PM
[attachment=13480]
PHISHING ATTACK & COUNTER MEASURES
INTRODUCTION
Coined in 1996 by computer hackers.
Hackers use e-mail to fish the internet hoping to hook users into supplying them the logins, passwords and/or credit card information.
In a typical phishing attack a user will receive an e-mail message impersonated to be sent by a financial institution.
1%-20% users respond to such attacks.
PHISHING ATTACKS
Phishing attacks are combined with malicious code attacks such as Mimail, Bank Withdrawal Trojan, Mydoom.m worm etc
In such blended attacks these virus/worms carry the payloads which harness email addresses from the internet and affected systems and further launch phishing attacks.
PHISHING EXAMPLES Example 1.
Example 2.
PHISHING TRENDS
APWG is an industry association focused on eliminating the identity theft and fraud that result from phishing and email spoofing.
This group provides forums to discuss phishing issues, trials and evaluations of potential technology solutions.
Publish Phishing Attack Trends Report
TECHNOLOGICAL SOLUTIONS
Ultimate solution is training the end users not to reveal any sensitive information.
Basic approach for an effective anti-phishing effort includes detection, prevention and awareness.
Counter measures are in the form of technological solutions, policy guidelines and user awareness.
Anti-phishing solution includes:
Detection: scanning, flitering and alerting
Mail server authentication
Secure web-authentication
Digitally signed e-mail
Mail gateway filtering
Desktop filtering
Secure web-authentication
Digitally signed e-mail
Other counter-measures are:
Changes in policy of financial institutions
User awareness
Anti-phishing techniques
CONCLUSION
The phishing attacks are major threat to e-commerce and e-banking applications. The scammers are making huge losses by stealing financial data from the users. There is need for adoption of counter-measure steps by the financial institutions and individual customers for fighting phishing attacks. Digital signature usage should be promoted for secure mail transactions.
PHISHING ATTACK & COUNTER MEASURES
INTRODUCTION
Coined in 1996 by computer hackers.
Hackers use e-mail to fish the internet hoping to hook users into supplying them the logins, passwords and/or credit card information.
In a typical phishing attack a user will receive an e-mail message impersonated to be sent by a financial institution.
1%-20% users respond to such attacks.
PHISHING ATTACKS
Phishing attacks are combined with malicious code attacks such as Mimail, Bank Withdrawal Trojan, Mydoom.m worm etc
In such blended attacks these virus/worms carry the payloads which harness email addresses from the internet and affected systems and further launch phishing attacks.
PHISHING EXAMPLES Example 1.
Example 2.
PHISHING TRENDS
APWG is an industry association focused on eliminating the identity theft and fraud that result from phishing and email spoofing.
This group provides forums to discuss phishing issues, trials and evaluations of potential technology solutions.
Publish Phishing Attack Trends Report
TECHNOLOGICAL SOLUTIONS
Ultimate solution is training the end users not to reveal any sensitive information.
Basic approach for an effective anti-phishing effort includes detection, prevention and awareness.
Counter measures are in the form of technological solutions, policy guidelines and user awareness.
Anti-phishing solution includes:
Detection: scanning, flitering and alerting
Mail server authentication
Secure web-authentication
Digitally signed e-mail
Mail gateway filtering
Desktop filtering
Secure web-authentication
Digitally signed e-mail
Other counter-measures are:
Changes in policy of financial institutions
User awareness
Anti-phishing techniques
CONCLUSION
The phishing attacks are major threat to e-commerce and e-banking applications. The scammers are making huge losses by stealing financial data from the users. There is need for adoption of counter-measure steps by the financial institutions and individual customers for fighting phishing attacks. Digital signature usage should be promoted for secure mail transactions.