Ethical Hacking and Countermeasures v6 Exam 312-50 Certified Ethical Hacker Phishing Module XII Page | 1553 Ethical Hacking and Countermeasures v6 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Ethical Hacking and Countermeasures Version 6 Module XII Phishing Ethical Hacking and Countermeasures v6 Module XII: Phishing Exam 312-50 Ethical Hacking and Countermeasures v6 Exam 312-50 Certified Ethical Hacker Phishing Module XII Page | 1554 Ethical Hacking and Countermeasures v6 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News Source: http://cbs5.com/  News Nancy Chung Hooper got phished from her Internet provider. She gave her account email ID and password to the email, which said that the email account is going to be deleted if the ID and password were not provided. Everyone whose email addresses were present in Hooper’s address book, including her mother-in-law, got an email that Hooper is in Nigeria and needs money of $ 2,ooo as she will be going to jail. Phishers used her address book to send email to everyone. According to Hooper, it became a running joke for others, but it was not a joke for her because her email account, which was her lifeline and a link to so many different people, was basically sabotaged. Fred Felman of MarkMonitor said, “My company sees about 600 phishing attacks a day -- each one generating millions of emails. Scammers are raking in millions of dollars.” Ethical Hacking and Countermeasures v6 Exam 312-50 Certified Ethical Hacker Phishing Module XII Page | 1555 Ethical Hacking and Countermeasures v6 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Objective This module will familiarize you with: Introduction Reasons for Successful Phishing Phishing Methods Process of Phishing Types of Phishing Attacks Anti-phishing Tools Module Objective This module will familiarize you with:  Phishing  Reasons for Successful Phishing  Phishing Methods  Process of Phishing  Types of Phishing Attacks  Anti-Phishing Tools Ethical Hacking and Countermeasures v6 Exam 312-50 Certified Ethical Hacker Phishing Module XII Page | 1556 Ethical Hacking and Countermeasures v6 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Flow Introduction Phishing Methods Reasons for Successful Phishing Process of Phishing Types of Phishing Attacks Anti-phishing Tools Module Flow Ethical Hacking and Countermeasures v6 Exam 312-50 Certified Ethical Hacker Phishing Module XII Page | 1557 Ethical Hacking and Countermeasures v6 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Phishing- Introduction Ethical Hacking and Countermeasures v6 Exam 312-50 Certified Ethical Hacker Phishing Module XII Page | 1558 Ethical Hacking and Countermeasures v6 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News Source: http://www.zdnet.co.uk  News Phishers are using Storm botnets to implement phishing attacks that targeted the UK’s leading bank. RSA's Anti-Fraud Command Center (AFCC) Company reports that this attack gives rise to a new threat from storm botnet. UK’s financial institutions are the second most targeted ones that do accounting for 15 percent of global banking brands, behind the US, which constitutes 61 percent. Phishers use storm botnet as a fast flux-network by regularly rotating the IP address of the infected computers by sending phishing information. RSA analysts have alerted that the Storm botnet can be used as an infrastructure behind fast-flux phishing attacks. Ethical Hacking and Countermeasures v6 Exam 312-50 Certified Ethical Hacker Phishing Module XII Page | 1559 Ethical Hacking and Countermeasures v6 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Introduction Phishing is an Internet scam where the user is convinced to give valuable information Phishing will redirect the user to a different website through emails, instant messages, spywares etc. Phishers offer illegitimate websites to the user to fill personal information The main purpose of phishing is to get access to the customer’s bank accounts, passwords and other security information Phishing attacks can target the audience through mass- mailing millions of email addresses around the world  Introduction Phishing has emerged as an effective method to steal the personal and confidential data of users. It is an Internet scam that tricks users to divulge their personal and confidential information by making some interesting statements and offers. Phishers can attack the users by mass mailings to millions of email addresses across the world. The phishing attack is successfully carried out by deceiving and convincing the user with the fake technical content along with social engineering practices. The major task for the phishers is to make the victim’s believe in the phishing sites. The sources that can be impersonated include web pages, instant messaging, emails, and IRC. Most phishing attacks are done through emails, where the user gets an email which forces the user to follow the link given in the email navigating him/her to a phishing website. The email may contain a message stating that a particular amount of transaction has been done from the user’s account and a link is provided to check his/her balance, or may contain a link to perform security check for the user’s account. According to a study by Gartner, “57 million US Internet users have identified the receipt of email linked to phishing scams, and about 1.7 million of them are thought to have succumbed to the convincing attacks and tricked them into divulging personal information. Studies by the Anti Phishing Working Group (APWG) has concluded that Phishers are likely to succeed with as much as 5 percent of all message recipients.” Ethical Hacking and Countermeasures v6 Exam 312-50 Certified Ethical Hacker Phishing Module XII Page | 1560 Ethical Hacking and Countermeasures v6 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Reasons for Successful Phishing • Lack of computer system knowledge by the user (as how the emails and web works) can be exploited by the phishers to acquire sensitive information • Many users lack the knowledge of security and security indicators Lack of knowledge • Phishers can fool users by convincing them to get into a fake website with the domain name slightly different from the original website which is difficult to notice • They use the images of the legitimate hyperlink, which itself helps as a hyperlink to an unauthorized website • Phishers track the users by using the images in the content of a web page that looks like a browser window • Keeping an unauthorized browser window on top of, or next to a legitimate window having same looks, will make the user believe that they are from the same source • Setting the tone of the language same as the original website Visual deception EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Reasons for Successful Phishing (cont’d) • Users don’t give proper attention to read the warning messages or security indicators • In the absence of security indicators it will be easy to insert spoofed images which will go unidentified by the users Not giving attention to Security Indicators  Reasons for Successful Phishing The reasons behind successful phishing are: Lack of Computer System Knowledge: Many users lack the knowledge about different aspects of the system behavior, the applications, and Internet, and emails. If the users are not able to differentiate between legitimate and fraudulent emails, then the phishers can exploit these weaknesses of users. Visual Deception:  Visual Deception text: Deceiving the users by changing the domain names of the URL that are unnoticed or unrecognized by the users. For e.g., For a URL of www.myweb.com, the phisher may develop a new website called www.mywab.com which looks similar to the original URL.  Image masking underlying text: Using the image of a legitimate site in their fraudulent URL where the image acts as a hyperlink navigating the user to a fake website.  Images mimicking Windows: Using the images in the illegitimate web pages which look the same as the authorized web page, thus making the user to believe that it is a legitimate website. Ethical Hacking and Countermeasures v6 Exam 312-50 Certified Ethical Hacker Phishing Module XII Page | 1561 Ethical Hacking and Countermeasures v6 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.  Windows masking underlying windows: Keeping a fake browser window on the top or next to a legitimate window makes users think that the web pages are from the same source irrespective of the differences in the address and the security indicators.  Deceptive look and feel: The user identifies the website to be illegitimate by looking at the look and tone of the language for any misspellings or for any unprofessional design. If the original site is properly impersonated, the user fails to identify the fake website. Not giving attention to Security Indicators:  Lack of attention to security indicators: Users can be tricked if they do not realize the indicators or read the warning messages.  Lack of attention during the absence of security indicators: The user does not realize that the security indicators are not present, which may lead to a spoofed image being inserted. Ethical Hacking and Countermeasures v6 Exam 312-50 Certified Ethical Hacker Phishing Module XII Page | 1562 Ethical Hacking and Countermeasures v6 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Phishing Methods • Most of the phishing attacks are done through email • Phishers can send millions of emails to valid email addresses by using the techniques and tools opted by spammers • Phishing emails provide a sense of urgency in the minds of the user to give the important information • Phishers take the advantage from SMTP flaws by adding fake “Mail from” header and incorporate any organization of choice • Minor changes are made in the URL field by sending mimic copies of legitimate emails Email and Spam EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Phishing Methods (cont’d) • This type of attack is carried out by targeting the customers through a third party website • Providing malicious website content is a popular method of phishing attacks • Keeping fake banner advertisements in some reputed websites to redirect the customers to the phishing website is also a form of web based delivery Web-based Delivery • IRC and IM clients allow for embedded dynamic content • The attackers send the fake information and links to the users through IRC and IM IRC and Instant Messaging EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Phishing Methods (cont’d) • Trojan is a program that gives complete access of host computer to phishers after being installed at the host computer • Phishers will make the user to install the trojaned software which helps in email propagating and hosting fraudulent websites Trojaned Hosts