Years ago, consumer need to step out from home for buying groceries, settle bills, making transactions and others daily activities. But in nowadays, consumer can simply sit in front of computer with the available of internet connection to complete all of those daily activities with the help of online transaction. Online transaction becomes more advance from days to days but also accompanied by the increasing of the prevalent and sophisticated of internet fraud. Phishing and pharming are the two most famous internet frauds.
This report will discuss in detail about the two most famous internet frauds, Phishing and Pharming. The topic that will be discuss in this report included the history of phishing and pharming, methods of phishing and pharming attacks, impacts cause by phishing and pharming and solutions to phishing and pharming.
For this report, the problem is being approached from practical standpoint via internet. The materials that obtained from the internet are the results of experiment and investigation by others.
The purpose of this report is written for those users of online transaction which hope that this report will give a clear message for those users of online transaction like what actually phishing and pharming is, impacts that will cause by phishing and pharming and the solutions to phishing and pharming.
________________________________________________________________________
Teoh Khai Zihh Bolton ID: 0711161 Page 3 of 62
Phishing and Pharming: What is happening in this area, the impact of this and how can it be stopped?
____________________________________________________________________________________________________________
The term phishing was coined when the America Online (AOL) accounts being theft by attackers using email in year 1996. The term phishing was derived from the concept of fishing hook which the attackers use email to lure the user’s AOL password. The character “f” of fishing is then being replaced by “ph” to keeps it compatible with the computer hackers’ tradition. Phishing works by using social engineering to lure consumers to divulge their sensitive personal information at fraudulent websites or known as spoofed site, sending email, through instant messaging (IM), Peer to Peer (P2P) network, search engines and etc.
Pharming was the evolution of phishing that also use to solicit consumer’s sensitive personal information by using technical subterfuge like sending email contained of viruses or trojan house that will install small application program at the targeted victims’ computer. The application program will redirect user to a fraudulent website when they visit an authentic official website. Beside of this, attacker will also use those well known traditional techniques like DNS cache poisoning, domain spoofing and other techniques to redirect users to the fraudulent website when user want to visit an authentic website.
________________________________________________________________________
Teoh Khai Zihh Bolton ID: 0711161 Page 3 of 62
Phishing and Pharming: What is happening in this area, the impact of this and how can it be stopped?
____________________________________________________________________________________________________________
Phishing is criminally and fraudulently lure of consumers in divulging their sensitive personal information such as credit card numbers, account username, password, PIN number, mother’s maiden name and other personal information through social engineering like sending email contain of link, download and install keylogger in victims’ computer or create look-alike web interface and domain name that hard to be differentiate by the victims.
The most popular techniques that used for phishing attack is by sending the targeted victims an email that contained of hyperlink to fraudulent websites pretending the email are sent from the hijacked brand name of banks, e-retailers, credit card companies or others online merchants Attackers will always convince the recipient of the email to respond by including message that sounds plausible or problem that are serious to the recipient like “there is a problem in your account’s information, please verify it”. When the recipients click on the hyperlink included in the email, recipients will be redirect to the fraudulent website. The website will either contained of form or pop up screen that will ask user to insert their sensitive personal detail and submit it to the attacker.
________________________________________________________________________
Teoh Khai Zihh Bolton ID: 0711161 Page 3 of 62
Phishing and Pharming: What is happening in this area, the impact of this and how can it be stopped?
____________________________________________________________________________________________________________
Bustathief.com
What is Phishing – eBay Phishing Examples
[Online]
Available: https://www.bustathief.com/what-is-phishing-ebay-phishing-examples/
[Accessed: 31 October 2008]
This email did look like the email that sends by eBay but it is actually an email that sent by attacker to the recipient. When the mouse pointed to the Respond Now Button, it will reveal the web address that will redirect recipient to. As we can see the link that being reveal is https://202.5.90.139/IT/.cgi-bin/ws/ISAPIdllUPdate/......that is not a link to the authentic eBay website. When recipient get this type of email, they should go to their eBay account and check on the private message and see is this email sent by eBay.
________________________________________________________________________
Teoh Khai Zihh Bolton ID: 0711161 Page 3 of 62
Phishing and Pharming: What is happening in this area, the impact of this and how can it be stopped?
____________________________________________________________________________________________________________
Bustathief.com
What is Phishing – eBay Phishing Examples
[Online]
Available: https://www.bustathief.com/what-is-phishing-ebay-phishing-examples/
[Accessed: 31 October 2008]
The emails that send by attackers to recipient that shown is in image format which embedded into the email. No matter where did the recipient point at the image, the mouse cursor will change to a “hand” for the computer default setting. When recipient of this email click on the image that embedded into the email, they will then being redirect to the website that control by the attackers and the sensitive information of the recipient that being redirect to the fraudulent webpage might be stole.
At the example shown, there is a masked web address which show a link to legitimate website but when mouse pointer point to the link, it will reveal the real link which will redirect user to. Those links is being present in a string of cryptic number which is not the company’s web address.
________________________________________________________________________
Teoh Khai Zihh Bolton ID: 0711161 Page 3 of 62
Phishing and Pharming: What is happening in this area, the impact of this and how can it be stopped?
____________________________________________________________________________________________________________
Other then sending email to the targeted victims, attackers also uses instant messaging (IM), Peer to Peer network (P2P), exploited website or search engine to download and install keylogger at the user’s computer. Keylogger is a type of malware that use to track the user’s keystroke on a website to steal the sensitive information that key in by the user.
SecurityFocus
Sachin Shetty
Introduction to Spyware Keyloggers
[Online]
Available: https://www.microsoft.com/protect/yourself/phishing/identify.mspx
[Accessed: 01 November 2008]
There is a list of keylogger being detected by using the Microsoft AntiSpyware. The registry entries that made by keylogger might be in EXE or DLL format which as what shown in figure 4, the keylogger that detected is bpk.exe, bpkhk.dll, bpkr.exe, bpkun.exe, bpkvw.exe and i_bpk2003.exe.
At the early year, the phishing of sensitive personal information was less sophisticated where the hyperlink contained in email is representing by IP address like 192.168.1.25, but not domain name like www.banking.com. The email that sent to the recipient at the early year of phishing normally has poorly written, bad grammar, spelling error and cheap scam. But in the later days, the attackers start using HTML to code the website with the stolen logo from the authentic website so that it look like the authentic website and make the user hard to differentiate between the authentic website and fraudulent website. Beside from this, some attackers also create a look-alike domain name that will confuse the user. For example, the character “l” ofwww.google.comis being replaced by the number “1” whichwww.goo1ge.comthat look similar towww.google.comwith just one character exchange.
________________________________________________________________________
Teoh Khai Zihh Bolton ID: 0711161 Page 3 of 62
Phishing and Pharming: What is happening in this area, the impact of this and how can it be stopped?
____________________________________________________________________________________________________________
In figure 5, it is the phishing site uses authentic PayPal logo, font and color that used by the authentic website. The attackers try to convince users to believe this website is the authentic website by including title page which is “Random Account Verification”, tabs on top of the page, the log in link, the help link and especially the Secure Verification symbol with lock. But one of the things that can recognize this is a phishing site by having a look at the address of it which an IP address is being use.
Anti-Phishing Working Group
Phishing Activity Trends (Report for the Month of January, 2008)
(Anti-Phishing Working Group)
[Online]
Available https://www.antiphishing.org/reports/apwg_report_jan_2008.pdf
[Accessed: 10 September 2008]
There are 20,305 phishing websites being detected by APWG at January 2008 where there are about 5,023 cases decrease compares to December 2007.
At the first quarter of year 2007, there are 64,555 new phishing sites while there are 124,790 new phishing sites reported in second quarter of year 2007, 60,235 new phishing site increased compare to first quarter of year 2007. In the third quarter of year 2007, there are 33,697 new phishing sites decreased compare to second quarter of year 2007 which the there are 91,093 new phishing sites. In the fourth quarter of year 2007, there are 83,224 new phishing sites which are 7,869 new phishing sites less then third quarter of year 2007.
In the comparison between January year 2007 with January year 2008, there are 6,916 new phishing sites less.
Anti-Phishing Working Group
Phishing Activity Trends (Report for the Month of January, 2008)
(Anti-Phishing Working Group)
[Online]
Available: https://www.antiphishing.org/reports/apwg_report_jan_2008.pdf
[Accessed: 10 September 2008]
According to the research that carried out by APWG, there are actually drops in hijacking of brands in January 2008 compare to December 2007. The figures of hijacked brands drop to 131 at January 2008 compare to December 2007 which have 144 reported hijacked brands.
From the chart, it shows that there are 436 total hijacked brands for the first quarter of year 2007. At the second quarter of year 2007, there are 469 hijacked brands which are 33 hijacked brands increase compare to first quarter of year 2007. In third quarter of year 2007, there are decreases of 122 hijacked brands compare to second quarter of year 2007 which there are 347 hijacked brands in third quarter of year 2007. At the fourth quarter of year 2007, there are 442 hijacked brands which are 95 hijacked brands more compare to third quarter of year 2007.
In the comparison between January year 2007 and January year 2008, there are 4 hijacked brands less in January 2008.
________________________________________________________________________
Teoh Khai Zihh Bolton ID: 0711161 Page 3 of 62
Phishing and Pharming: What is happening in this area, the impact of this and how can it be stopped?
____________________________________________________________________________________________________________
Phishing is actually being divided into categories like deceptive phishing, malware based phishing, content injection phishing, man in the middle phishing and search engine phishing.
Deceptive Phishing:it is performs by sending the targeted victims an email that required the recipient to click on the hyperlink to respond to the action that specify in the email.
Malware Based Phishing:it is done by running malware like keylogger, session hijacker or web Trojan at the user’s computer.
Content Injection Phishing:for this type of phishing technique, malicious content are being insert into a legitimate site by exploiting the vulnerability of server’s security or by SQL injection.
Man In The Middle Phishing:for the man in the middle phishing, the attackers need to get in between the sender and receiver to get all the information and select the information that are usable to them.
Search Engine Phishing:-in search engine phishing, attacker will need to set up a website that contain of fake product and getting the site index by the search engine. When a consumer responds to the product, attacker will receive the sensitive personal information.
________________________________________________________________________
Teoh Khai Zihh Bolton ID: 0711161 Page 3 of 62
Phishing and Pharming: What is happening in this area, the impact of this and how can it be stopped?
____________________________________________________________________________________________________________
Anti-Phishing Working Group
Phishing Activity Trends (Report for the Month of January, 2008)
(Anti-Phishing Working Group)
[Online]
Available: https://www.antiphishing.org/reports/apwg_report_jan_2008.pdf
[Accessed: 10 September 2008]
According to the research from Anti Phishing Working Group (APWG), there are 29,284 phishing cases happen in January 2008. The numbers of cases are increasing 3,601 report compare to the phishing report that had been reported in December 2007 which are 25,683 cases reported.
At the first quarter of year 2007, there are 78,393 cases in phishing reports received while at the second quarter of year 2007, there are 75,959 cases in phishing reports received where 2,434 cases decrease compare to first quarter of year 2007. In the third quarter of year 2007, there are 88,055 cases in the phishing reports received which 12,096 cases increased compare to second quarter of year 2007. While there are 85,407 cases phishing reports received at fourth quarter of year 2007. There are 2,648 cases decreased compare to third quarter of year 2007.
In the comparison between phishing reports received at January 2007 which are 29,930 cases received and 29,284 cases reported at January 2008, there are 646 cases decrease in phishing report received.
Anti-Phishing Working Group
Phishing Activity Trends (Report for the Month of January, 2008)
(Anti-Phishing Working Group)
[Online]
Available: https://www.antiphishing.org/reports/apwg_report_jan_2008.pdf
[Accessed: 10 September 2008]
According to the chart that provided by APWG, financial services are the focus point of attackers which the phishing on financial services are the highest which are at rate of 92.4% compare to retail which is 1.5%, ISP that is 3.8% and government & miscellaneous which are 2.3%.
________________________________________________________________________
Teoh Khai Zihh Bolton ID: 0711161 Page 3 of 62
Phishing and Pharming: What is happening in this area, the impact of this and how can it be stopped?
____________________________________________________________________________________________________________
Anti-Phishing Working Group
Phishing Activity Trends (Report for the Month of January, 2008)
(Anti-Phishing Working Group)
[Online]
Available: https://www.antiphishing.org/reports/apwg_report_jan_2008.pdf
[Accessed: 10 September 2008]
According to the pie chart, we can see that, United States is the top of country in hosting phishing sites which are 37.25% from all of the hosting country. Follow by United State, Russia Federation is the second top of phishing site hosting country which is 11.66%, follow by china which is 10.3%, Germany which is 5.64%, Romania 5.09%, Republic of Korea 3.77%, France 3.28%, Canada 1.94%, United Kingdom 1.92% and at the last is Italy with 1.59% of phishing sites hosting country.
________________________________________________________________________
Teoh Khai Zihh Bolton ID: 0711161 Page 3 of 62
Phishing and Pharming: What is happening in this area, the impact of this and how can it be stopped?
____________________________________________________________________________________________________________
In the last topic was about the internet fraud called as phishing, the sending of bogus email with hyperlink that required user to respond to the action that specified in the message by clicking on the hyperlink. The hyperlink will redirect user to fraudulent website that look like the authentic website.
Because of the raising of user awareness on phishing, pharming is being develop and use as one of the technique of internet frauds to solicit targeted victim’s sensitive information. Pharming uses technical subterfuge to solicit the targeted victim’s sensitive personal information and it is more sophisticated then phishing.
________________________________________________________________________
Teoh Khai Zihh Bolton ID: 0711161 Page 3 of 62
Phishing and Pharming: What is happening in this area, the impact of this and how can it be stopped?
____________________________________________________________________________________________________________
Pharming is carried out by attackers in several ways. The attacker will send email to the targeted victims that contained of viruses or Trojan horse that will download and run on the user’s computer. The recipient of the email can be duped by the attackers even they did not open or download the attachment in the email. The viruses or Trojan horse contained in the email will install small application in the recipient’s computer that will tries to redirect the recipient to the fraudulent website when the recipient try to visit an authentic website.
Pharming can also be performed by not sending email. Pharming can also be carried out by perform using techniques like DNS cache poisoning, domain hijacking, DNS server hijacking and malconfiguration of setting or rewrite the firmware of router.
DNS cache poisoning can be carry out by using malicious responses or taking of DNS software vulnerability to “poison” the cache that store queries made by user in certain amount of time in order to improve the speed of respond to user. After the cache being “poison”, when user make queries at the DNS, the user will be redirect to the fraudulent website.
While domain hijacking is perform by skipping the confirmation of the old domain registrar and the domain owner where the change of domain registrar can only be make with the confirmation from three parties, the domain owner, old registrar and new registrar.
Pharming also can be performing through DNS server hijacking. DNS server are responsible as the signposts of internet which it will change the domain name into the IP address. To hijack a DNS server, the attacker will first targeted the DNS server on the LAN or DNS server hosted by the ISP to change the IP address of an authentic website’s domain name to the IP address of fraudulent website. When user tries to visit the authentic website, queries will be makes on the DNS server for the IP address of the domain name. Because of the IP address of the domain name had been changed, it will redirect user to the fraudulent website. When user being redirect to the fraudulent website, they will perform the activities that they wish to perform at the website because the address display in the address bar remain the same with the authentic website’s address and they think that they are accessing the authentic website. Through the activities that perform by the user, attacker will be able to obtain the information that they wish to obtain. The website that always targeted by the attackers is normally those address that start with HTTP but not HTTPS because the website is without SSL protection.
________________________________________________________________________
Teoh Khai Zihh Bolton ID: 0711161 Page 3 of 62
Phishing and Pharming: What is happening in this area, the impact of this and how can it be stopped?
____________________________________________________________________________________________________________
Nilesh Chaudhari
Pharming on The Net
Palisade
[Online]
Available: https://palisade.plynt.com/issues/2006Mar/pharming/
[Accessed: 10 September 2008]
Pharming can also be done through malconfiguration of setting or rewrite the firmware of the router. Once the setting or firmware of the router being configure, the computers that connected to the router will automatically redirect to the DNS server that control by the attacker when they try to visit a website. This technique is being used for pharming because the change of setting or firmware of router is hard to detect and the malicious firmware will work as how the manufacture’s firmware works. In addition, the administration page and setting of the router will still remain the same.
________________________________________________________________________
Teoh Khai Zihh Bolton ID: 0711161 Page 3 of 62
Phishing and Pharming: What is happening in this area, the impact of this and how can it be stopped?
____________________________________________________________________________________________________________
There are impacts that caused by rising of phishing and pharming. One of the impacts that caused by phishing and pharming is the lost of financial on both organizations and consumers. According to the InternetNews.com, there are about $1.2 Billion lost in financial of banks and credit card issuers at year 2003, while at year 2004, there is about £12 Million lost in financial reported by the Association of Payment Clearing Services in United Kingdom.
Due to the credit card association policies, the online merchants that accepted and approved transactions made by using credit card numbers which solicit through internet fraud may need to liable for the full amount of those transactions. This may cause hard-hit to those small organizations.
The victims of phishing and pharming might need to spend time in clearing infect of phishing and pharming to them. But if the attacking on the victims was discover slower and then victims might need to take more time to resolve the problem. This might cause the victims in lost of time for their work and lost of wages.
Another impact that caused by phishing and pharming is the undermining of the consumer’s trust in the secured internet transaction or communication. This situation occurred because the internet fraud like phishing and pharming made consumer feel uncertain about the integrity of the financial and commercial websites although the web address display in the address is correct. Undermining of consumer trust might also happen if the financial and commercial website lost the consumers’ data file or the sensitive information of consumer is being access by attackers.
Phishing and pharming also caused some impact on the Law investigation. It makes the law investigation become harder because the technique that used by attackers to perform phishing and pharming is more sophisticated. In nowadays, those attackers can perform all of the phishing and pharming attack at a location that provided with the internet connection. With the available of internet connection, they can make use of it to perform attacking activities. Those activities included the control of a computer located in one place to perform phishing and pharming’s attack by using computer located at another place. The investigation become harder also because of the division of attacking tasks to several people located in different locations.
Phishing attack will also cause damage in the brand reputation, which the peoples’ trust in the brand will reduce if they get the phishing email from the respective brand.
In additional, brand reputation might also be damage if the respective brand lost their consumer data file or the sensitive information of their consumer is being theft.
Phishing and pharming attack might also cause serious impact on both IT resources and administrator of the IT resources. The phishing email that send in large amount of quantity might take up the free space of email server and this might cause in reducing of the system performance of email server.
Due to the attack of phishing attack, the administrator of IT resources might need to repair their system in order to clean the system from the infection. The IT administrator might need to perform some task like patch the system, shut down application and service, filer Transmission Control Protocol (TCP) ports and apply hotfixes. In order to reduce the chance of being attack by phishing and pharming in the future, IT administrator might also need to educate the end user in order to reduce the change of being attack.
________________________________________________________________________
Teoh Khai Zihh Bolton ID: 0711161 Page 3 of 62
Phishing and Pharming: What is happening in this area, the impact of this and how can it be stopped?
____________________________________________________________________________________________________________
The attack of phishing and pharming are on rising. Peoples are actually come out with numbers of ways in order to remediate or minimize the chance of being attack by phishing and pharming.
First of all, at the side of website developer, SSL (secured sockets layer) certificate can be use in protecting the website by establish the identity of the website because SSL certificate cannot be duplicate easily and SSL certificate are also good in alerting user about the attack of phishing and pharming. The address of a website that protected by using SSL certificate will initial by using HTTPS but not HTTP.
Phishing and pharming can also being prevent by using visual cues at the authentic website so that user can differentiate between the authentic website with the fraudulent website. The visual cues can be as simple as a symbol in a colored box. The visual cues will remain the same when every time user log into the website. Identity Cues is one of the programs that can use to provide visual cues for a website.
At the side of being a web developer, technique like token based authentication can also be used to prevent from phishing and pharming because it provided layer of security. It is suitable to use as the technique in preventing phishing and pharming because the time based token is hard to duplicate by attackers.
Others from using SSL certificate or visual cues in protecting the website from being attack by phishing and pharming, the DNS server that being use should also being secure by switching off the recursion queries so that the DNS cache poisoning will not work effectively.
To secure the DNS server, DNSSEC (DNS Security Extensions) should also be installed to secure DNS server from the attacking of phishing and pharming.
Users are also playing important role in preventing of phishing and pharming attack. As a user, they should not trust or open any email that send by unknown sender or email that send by bank that required recipient to respond to it like verify your account. In addition, when user visit a website with SSL certificate protection and when there is a message displaying that “your exchange with this site cannot be viewed or change by others. However, there is a problem with the site’s security certificate”, the users should confirm that did the website that they visit give this message in earlier or check on the web address at the address bar so that it is the same as the site they want to access. This message normally will be display when the server’s SSL certificate is not match with the website’s URL. User can also look for the “lock” or “key icon” at the bottom of the browser that lock the site they want to enter their sensitive personal information.
In the user’s computer, security suite or firewall should also be installed to protect computer against phishing and pharming. Security suite that can use to prevent or detect the attack of phishing and pharming is like AdAware, Windows Defender, Spybot Search and Destroy. After installing those security suites in the computer, user need to make sure that the detection definition of the security suite is up to date so that it can provide the maximum protection for the computer.
Some additional tools are also available for web browser in preventing phishing and pharming attack. Those additional tools are like Google Safe Browsing, Netcraft toolbar, Microsoft Phishing Filter for MSN toolbar, Cloudmark Anti_fraud toolbar and PhishingGuard.
As a user, they are also responsible to report to the related company or agencies when they are being attacked by phishing and pharming. They should report about what is the character that acts by the attacker to lure user in providing their sensitive personal information or report it to law enforcement agencies through internet or telephone. Those actions will help to stop the attack of phishing and pharming.
The work of preventing phishing and pharming are not only the responsible of web developer and user, government also responsible to fight against phishing and pharming. At United State, an act called Anti Phishing Act of 2005 was introduced to fight against the phishing attack. This act was introduced by Sen Patrick Leahy at Senate of United State. It was introduced with the introducing of two new crimes into the United State code, the prohibit creation or procurement of a website or the prohibit creation or procurement of an email that pretending it is from a legitimate business and try to solicit targeted victims sensitive personal information. The phishers will be charge under these laws no matter they successful gather sensitive information through phishing attack or unsuccessful, they could be spending up to 5 years in prison or they may also have to pas $250,000 fine.
________________________________________________________________________
Teoh Khai Zihh Bolton ID: 0711161 Page 3 of 62
Phishing and Pharming: What is happening in this area, the impact of this and how can it be stopped?
____________________________________________________________________________________________________________
Twenty eight people in seven countries including in United State were arrested for trafficking stolen bank and credit card numbers and personal information over the internet.
Those twenty eight people are the members of Shadowcrew.com. There operations of these members are in the sight of US Secret Service Agents after two years they had set up the identity theft ring. The operation of US Secret Service Agents was help by the former gang member turned informant in autumn of year 2004. The goal of this operation is to target the top tiered people that operate Shadowcrew.com.
After year long of investigation, twenty eight people are arrested while some of them are still in trading when policed arrived.
One of the people that arrested, Wellman, 35, from Liverpool was sentenced for six year due to the reason of his part in the conspiracy.
Another three people which is Smith, 22 from Camberley, Surrey, Murphy, 24, from Northwich, Cheshire and Kotwal, 25 from Bolton have been jail for nine month.
Jayson Harris, 23 was sentenced for 21 months due to the reason of running a bogus MSN billing website between January 2003 and June 2004. A spam email is being sent to recipient to encourage recipient to visit the site with link included and telling the MSN customer that they would get 50% discount on the next month’s service by updating their account information and credit card number at the site. Harris is then being tracked by Microsoft and involve in the investigation of FBI into the fraud.
Peter Francis Macrae, 23 from St Neots, Cambridgeshire was arrested after threatening Nominet UK which is the registry that controls the dot-uk domain. Because of Nominet warned businesses not to fall to the bogus invoice, Francis Macrae launched a botnet attack to the organization’s system which consists of 200,000 zombie computers. He is being jailed for six years for defrauding up to £1.6m. He tricked thousands of business in registering a dot-eu domain name by sending fraudulent email to the companies. In the email said so, those company need to pay renewal fee to avoid from losing the existing domain name.
Studies the three cases did show that, the laws of Anti Phishing Act did successfully punish the attackers that perform phishing attack with jailed for at least nine (9) months and the most jailed six (6) years. None of them from the cases that being studies are punished by fine in cash.
________________________________________________________________________
Teoh Khai Zihh Bolton ID: 0711161 Page 3 of 62
Phishing and Pharming: What is happening in this area, the impact of this and how can it be stopped?
____________________________________________________________________________________________________________
Phishing is about the use of social engineering by performing online imitation of brands to send spoof email that contain of hyperlink to fraudulent website to solicit user’s sensitive personal information like credit card number, PIN, mother’s maiden name and etc. Phishing can also be done through installing keylogger at user’s computer.
Pharming use technical subterfuge like, DNS hijacking, DNS cache poisoning, domain hijacking, router’s setting or firmware malconfiguration to redirect users to a fraudulent website. Pharming may also perform by sending the targeted victims an email that contained of viruses or Trojan horse that will install small application that will redirect user to fraudulent website.
There are impacts that caused by both phishing and pharming. Those impacts included the lost of financial, lost of time and wadges, undermining of user confident in secured online transaction or communication, hard hit to small organizations and cause the law investigation harder.
As a web developer, SSL certificate, switching off the recursion queries or DNS security extension should be apply because it can protect the DNS or website from phishing and pharming attack. Visual cues can also be use so that user can easily differentiate between authentic website and fraudulent website. Token based authentication also one of the technique that can be apply to protect the website or DNS server from phishing and pharming attack.
Users are also responsible to protect their self from phishing and pharming attack by not opening email or download attachment from unknown sender or email that required user to respond by clicking on the hyperlink contained in the email. User should also double confirm the URL at the address bar when a warning message like “SSL certificate do not match with the sites” appear. User can also install security suite or firewall in the computer in order to protect them from phishing and pharming. User can also look for the “lock” or “key icon” at the bottom of the browser that lock the site they want to enter their sensitive personal information.
As a user, they can also report the attack of phishing and pharming to the related agencies or company through internet or telephone to assist the work of minimize the attack. In addition, laws are also being introduced to against phisher and pharmer.
________________________________________________________________________
Teoh Khai Zihh Bolton ID: 0711161 Page 3 of 62
Phishing and Pharming: What is happening in this area, the impact of this and how can it be stopped?
____________________________________________________________________________________________________________
After having looked back on the report, I used to find out on what needed to do so that can improve on the report and how to make it better. After the research, much knowledge gained on Phishing and Pharming attacks like how the attack of phishing and pharming being done, the impacts that caused by phishing and pharming attack. Last but not least, knowledge in how to prevent from being attack by phishing and pharming attack is also gained. Truth to be told, the research is quite huge and detail. It takes a lot of time in this part. To do a complete research on phishing and pharming not saying that is impossible, but it will take time to do it. At this moment, the research is just to make sure that it is enough to complete the report. After finished the report and presentation, free time might spend to do more research on it. As what said just now, the knowledge that earn might be useful in future, because knowledge is power.
As for the research that that had done, spent adequate amount of time had spent into it and adequate methods and approaches to get the information also being used. The methods and approach that used is through research from internet because it is free, up to date information and many available sources for the topic.
________________________________________________________________________
Teoh Khai Zihh Bolton ID: 0711161 Page 3 of 62
Phishing and Pharming: What is happening in this area, the impact of this and how can it be stopped?
____________________________________________________________________________________________________________
________________________________________________________________________
Teoh Khai Zihh Bolton ID: 0711161 Page 3 of 62
Phishing and Pharming: What is happening in this area, the impact of this and how can it be stopped?
____________________________________________________________________________________________________________
________________________________________________________________________
Teoh Khai Zihh Bolton ID: 0711161 Page 3 of 62
Phishing and Pharming: What is happening in this area, the impact of this and how can it be stopped?
____________________________________________________________________________________________________________
Below is a screen capture of an email I received that claimed to be from eBay. The link led to a replica of the eBay login page that was used to trick users into entering personal information. The page used the createPopup vulnerability to mask its identity so that the address appeared legitimate.
________________________________________________________________________
Teoh Khai Zihh Bolton ID: 0711161 Page 3 of 62
Phishing and Pharming: What is happening in this area, the impact of this and how can it be stopped?
____________________________________________________________________________________________________________
________________________________________________________________________
Teoh Khai Zihh Bolton ID: 0711161 Page 3 of 62
Phishing and Pharming: What is happening in this area, the impact of this and how can it be stopped?
____________________________________________________________________________________________________________
A particularly dangerous spam and commonly known as"Phishing"attempts to trick recipients into disclosing personal sensitive information, such as login names, passwords or credit card information. It works by requesting users to click on a link to login into their account to update certain information. Visitors are instead directed to counterfeit websites which are exact duplicates of the actual website. Any information entered into the counterfeit website is then captured and stolen for identity theft. Favorite targets are eBay, PayPal and other well known financial institutions...
In the interest of originality, the body of the message is left unaltered as much as possible. But for security reasons, and to protect the reputation of our own website from being seen as linking to bogus websites, the links in the spam message have been disabled. Placing your mouse over them will show the original url it intended to link to, but clicking on them will bring you to spamhaus.org, a non-profit organization for combating spam.
From: "[email protected]/* */" <[email protected]/* */> To: [email protected]/* */ Date: Tue, 29 Aug 2006 10:56:20 -0700 Subject: [TKO] : your (eBay) account could be suspended |
The message above has been cropped as it won't fit into such a small space. To view the full message, please click here for the fulleBay Phishing Spam. A new window will open displaying the entire message in html format.
Points to note :-
________________________________________________________________________
Teoh Khai Zihh Bolton ID: 0711161 Page 3 of 62
Phishing and Pharming: What is happening in this area, the impact of this and how can it be stopped?
____________________________________________________________________________________________________________
________________________________________________________________________
Teoh Khai Zihh Bolton ID: 0711161 Page 3 of 62
Phishing and Pharming: What is happening in this area, the impact of this and how can it be stopped?
____________________________________________________________________________________________________________
Summary | ||||||||||||||||||||||||
| ||||||||||||||||||||||||
This phish combines some very dangerous tricks, perfect execution and a flaw in VISA's legitimate site to create the most dangerous phish scam yet. The email message it is being spreaded with looks perfect: | ||||||||||||||||||||||||
It is much more convincing that the usual phish stuff. The sender i spofed, and the link is masked. But even further - if the link is examined, it turns out it leads to the following URL: 'https://usa.visa.com/track/dyredir.jsp?rDirl=https://200.251.251.10/.verified/'. And this is a URL that is really on the visa.com page! It turns out that the phishers have used a redirect page on the visa.com site to redirect to the phish server. | ||||||||||||||||||||||||
Web Site | ||||||||||||||||||||||||
| ||||||||||||||||||||||||
The site itself uses a visually perfect address bar spoof, in addition to being very convincing design-wise. The real URL is visible in the properties page. The only other visible phishing clue is the missing padlock icon in the right part of the status bar, which is inconsistent with the 'https' in the forged address bar: | ||||||||||||||||||||||||
Notice the lack of a login screen, too. And to make the things even more convincing, the site checks the credit card number using a commonly available algorhytm. This does not require or reveal any information about the bank account behind the CC, but it would reject a random bogus number, which could make the potential victim trust the site. After the data is phished, the site will just redirect to the legitimate usa.visa.com, as if nothing has happened. | ||||||||||||||||||||||||
|
________________________________________________________________________
Teoh Khai Zihh Bolton ID: 0711161 Page 3 of 62
Phishing and Pharming: What is happening in this area, the impact of this and how can it be stopped?
____________________________________________________________________________________________________________
________________________________________________________________________
Teoh Khai Zihh Bolton ID: 0711161 Page 3 of 62
Phishing and Pharming: What is happening in this area, the impact of this and how can it be stopped?
____________________________________________________________________________________________________________
The fraudulent web site that supports the phishing email is designed to mirror the legitimate web site it is purporting to be. The fraudsters use multiple methods to do this, including using genuine looking images and text, disguising the URL in the address bar or removing the address bar altogether. The purpose of the web site is to trick consumers into thinking they are at the company's genuine web site, and giving their personal information to the trusted company they think they are dealing with.
Phishing web sites utilize copied images, text and in some cases simply mirror the legitimate web site. This will contain the normal links on the web site such as contact us, privacy, products, services etc. The user recognizes the website content from the genuine site and are unaware they are not on the genuine web site.
Some phishing web sites have registered a domain name similar to that of the organization they are appearing to be from. For example, one phishing scam we received targeting Barclays Bank used the domain name “https://www.barclayze.co.uk”. Other examples include using a sub-domain such as “https://www.barclays.validation.co.uk”, where the actual domain is “validation.co.uk” which is not related to Barclays Bank.
The most common method used to collect information in phishing scams is by the use of forms on the fake web site. The form is normally displayed in the same format as that used on the genuine web site. This may be an Internet Banking log-in, or a more detailed form for verification of personal details, with many fields for personally sensitive information.
Some phishing scam web sites do not even attempt to deceive users with their URL, and hope that the user does not notice. Some simply use I.P Addresses displayed as numbers in the users address bar.
This form of URL spoofing involves the removal of the address bar combined with the use of scripts to build a fake address bar using images and text. The link in the phishing email opens a new browser window, which closes and re-opens without the address bar, and in some case the status bar. The new window uses HTML, HTA and JavaScript commands to construct a false address bar in place of the original. (See figure 1 below)
As this method utilizes scripts, it is only possible to stop this form of deception by disabling active x and JavaScript in browser settings. As most web pages utilize these normal tools, this is impractical.
This form of URL spoofing involves the placement of a text object with a white background over the URL in the address bar. The text object contains the fake URL, which covers the genuine URL.
As this method utilizes scripts, it is only possible to stop this form of deception by disabling Active X and JavaScript in browser settings. As most web pages utilize these normal tools, this is impractical.
This form of deception involves the use of script to open a genuine webpage in the background while a bare pop up window (without address bar, tool bars, status bar and scrollbars) is opened in the foreground to display the fake webpage, in an attempt to mislead the user to think it is directly associated to the genuine page. (See figure 6 below)
As this method utilizes scripts, it is only possible to stop this form of deception by disabling Active X and JavaScript in browser settings. As most web pages utilize these normal tools, this is impractical.
Trojan and worm viruses are sent to the user as an email attachment, purporting to be for some type of purpose, such as greetings, important files or other type of SPAM email. The attachment is a program that exploits vulnerabilities in Internet Browsing software to force a download from another computer on the Internet. This file downloads other files and codes, which eventually installs a fully functional Trojan virus.
The Trojan is designed to harvest, or search for personal banking information and passwords, which many people keep on their computer. This information is then sent to a remote computer on the Internet.
Other worms have been known to hijack the user's HOST file, which causes an automatic redirection to a fake phishing web site when the user types in a specific URL (normally for a specific financial institution) into the address bar of their Internet browser.
Spyware, such as keyboard loggers, capture information entered at legitimate web sites, such as Internet banking sites. This type of spyware can be planted on a user's computer using a previous worm or Trojan infection. Any information the spyware captures is sent to a predetermined computer on the Internet.
A recent phishing scam used the link in the email to direct the users browsers to a site to first download keyboard logging spyware before redirecting the user to the genuine Internet banking web site. This spyware captured the login information entered, and sent this information to the fraudsters via a remote computer on the Internet.
________________________________________________________________________
Teoh Khai Zihh Bolton ID: 0711161 Page 3 of 62
Phishing and Pharming: What is happening in this area, the impact of this and how can it be stopped?
____________________________________________________________________________________________________________
Anonymizer.Inc
What is Pharming?
[Online]
Available:
https://www.anonymizer.com/consumer/threat_center/pharming.html
[Accessed: 08 September 2008]
Anti-Phishing Act of 2004 (Introduced in Senate)
[Online]
Available: https://mineco.fgov.be/internet_observatory/actualities/pdf/AntiPhishingAct2004.pdf
[Accessed: 31 October 2008]
Antiphishing.info
Laws That Protect The Internet From Phishing, Congress and Phishing
[Online]
Available: https://www.anti-phishing.info/congress-and-phishing.htm
[Accessed: 31 October 2008]
Anti-Phishing Working Group
VISA – ‘Notice from VISA’
[Online]
Available: https://www.antiphishing.org/phishing_archive/12-14-04_VISA/12-14-04_VISA.html
[Accessed: 08 September 2008]
BBC News
Bank Phishing Attacks On The Rise
[Online]
Available: https://news.bbc.co.uk/2/hi/business/7523253.stm
[Accessed: 31 October 2008]
BBC News
Man Charged Over Africa eBay Scam
[Online]
Available: https://news.bbc.co.uk/2/hi/uk_news/wales/mid_/5389222.stm
[Accessed: 31 October 2008]
BBC News
Phishing Attacks Soar In TheUk
[Online]
Available: https://news.bbc.co.uk/2/hi/technology/7348737.stm
[Accessed: 31 October 2008]
BBC News
Which? Highlights Phishing Losses
[Online]
Available : https://news.bbc.co.uk/2/hi/business/6401079.stm.
[Accessed : 31 October 2008]
Carnegie Mellon University
Anti-Phishing Phil
[Online]
Available: https://cups.cs.cmu.edu/antiphishing_phil/
[Accessed: 10 September 2008]
Computerweekly.com
Antony Savvas
Online Fraudsters Get 10 Years
[Online]
Available: https://www.computerweekly.com/Articles/2005/06/28/210626/online-fraudsters-get-10-years.htm.
[Accessed: 31 October 2008]
Cybercrime
The Law
[Online]
Available: https://library.thinkquest.org/04oct/00460/law.html#phishing
[Accessed: 31 October 2008]
Dawn Hicks
Phishing and Pharming: Helping Consumer Avoid Internet Fraud.
(Federal Reserve Bank of Boston)
[Online]
Available: https://www.bos.frb.org/commdev/c&b/2005/fall/phishpharm.pdf
[Accessed: 20 August 2008]
Federal Trade Commission
How Not to Get Hooked by a ‘Phishing’ Scam
[Online]
Available: https://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt127.shtm
[Accessed: 10 September 2008]
Computer Crime Research Center
Plugging The “Phishing” Hole: Legislation Versus Technology
[Online]
Available: https://www.crime-research.org/analytics/phishing_duke/
[Accessed: 31 October 2008]
Fernando De La Cuadra
Pharming – a new technique for internet fraud
[Online]
Available: https://www.crime-research.org/news/07.03.2005/1015/
[Accessed: 08 September 2008]
FindLaw
Anita Ramasastry
The Anti-Phishing Act of 2004 : A Useful Tool Against Identity Theft
[Online]
Available: https://writ.news.findlaw.com/ramasastry/20040816.html
[Accessed: 31 October 2008]
FraudWatch International
Phishing Web Site Methods
[Online]
Available: https://www.fraudwatchinternational.com/phishing-fraud/phishing-web-site-methods/
[Accessed: 01 November 2008]
Grant Gross
Anti-Phishing Act Pushes for 5 Years and $250,000 Fine
[Online]
Available: https://archive.thestandard.com/internetnews/002819.php
[Accessed: 31 October 2008]
Gunter Ollmann
The Phishing Guide, Understand & Preventing Phishing Attacks
[Online]
Available: https://www.ngssoftware.com/papers/NISR-WP-Phishing.pdf
[Accessed: 10 September 2008]
Gunter Ollmann
The Pharming Guide, Understanding & Preventing DNS-related Attacks by Phishers
[Online]
Available: https://www.nextgenss.com/papers/ThePharmingGuide.pdf
[Accessed: 13 September 2008]
Gregory M. Lamb.
New Twist On ‘Phishing’ Scam – ‘Pharming’.
[Online]
Available: https://www.csmonitor.com/2005/0505/p13s01-stin.html
[Accessed: 04 September 2008]
Henri Sivonen
Thoughts on Using SSL/TLS Certificates as the Solution to Phishing
[Online]
Available: https://hsivonen.iki.fi/phishing-certs/
[Accessed: 08 September 2008]
Internetnews.com
Chris Nerney
Trolling For Anti-Phishing Laws
[Online]
Available: https://www.internetnews.com/commentary/article.php/3382421
[Accessed: 31 October 2008]
John Leyden
US andRomaniaDredge Up 38 Phishing Suspects
[Online]
Available: https://www.theregister.co.uk/2008/05/20/us_romania_nets_phishing_suspects/
[Accessed: 31 October 2008]
Martin in Hacking, The Web
Introduction to new phishing techniques
[Online]
Available: https://www.ghacks.net/2007/02/16/introduction-to-new-phishing-techniques/
[Accessed: 08 September 2008]
McAfee
Phishing and Pharming Understanding phishing and pharming
[Online]
Available: https://www.mcafee.com/us/local_content/white_papers/wp_phishing_pharming.pdf
[Accessed: 08 September 2008]
Michelle Delio
Pharming Out-Scams Phishing
[Online]
Available: https://www.wired.com/techbiz/it/news/2005/03/66853
[Accessed: 10 September 2008]
Microsoft
Spear phishing : Highly targeted phishing scams
[Online]
Available: https://www.microsoft.com/protect/yourself/phishing/spear.mspx
[Accessed: 10 September 2008]
MoPo.Ca
Web site scams & Pharming “Farming”
[Online]
Available: https://www.mopo.ca/pharming-scam-hoax.html
[Accessed: 08 September 2008]
Mortgage Investments.com
Phishing Sample Citibank
[Online]
Available: https://www.mortgage-investments.com/Credit_reports/phishingsample.htm
[Accessed: 08 September 2008]
Pay Pal Phishing Scam Website Example
[Online]
Available: https://www.justtext.com/credit-card-fraud/pay-pal-scam/fraud-scam-website/phishing-website.html
[Accessed: 01 November 2008]
Phishing Activity Trends Report for the Month of December, 2007
[Online]
Available: https://www.antiphishing.org/reports/apwg_report_dec_2007.pdf
[Accessed: 13 September 2008]
Phishing Email Example
[Online]
Available: https://code.jenseng.com/createPopup/email.html
[Accessed: 08 September 2008]
Phishing (fraud.org)
[Online]
Available: https://www.fraud.org/tips/internet/phishing.htm
[Accessed: 10 September 2008]
Phishinginfor.org
How Phishing Works
[Online]
Available: https://www.phishinginfo.org/how.html
[Accessed: 08 September 2008]
Privacy Rights ClearingHouse
Alert : Watch out for “Phishing” Emails Attempting to Capture Your Personal Information
[Online]
Available: https://www.privacyrights.org/ar/phishing.htm
[Accessed: 08 September 2008]
Spam Blockers
Sample Phishing Spam -eBay
[Online]
Available: https://www.spam-site.com/sample-ebay.shtml
[Accessed: 08 September 2008]
Symantec Corporation
Online Fraud : Pharming
[Online]
Available: https://www.symantec.com/norton/cybercrime/pharming.jsp
[Accessed: 10 September 2008]
Symantec Corporation
Phishing
[Online]
Available: https://www.symantec.com/norton/security_response/phishing.jsp
[Accessed: 10 September 2008]
Tom Young Computing
New phishing technique discovered
[Online]
Available: https://www.computing.co.uk/computing/news/2174236/phishing-technique
[Accessed: 08 September 2008]
United States Computer Emergency Readiness Team
Report Phishing
[Online]
Available: https://www.us-cert.gov/nav/report_phishing.html
[Accessed: 10 September 2008]
University of Maryland, Baltimore Country
Sample Phishing E-mail Received by myUMBC Account Holders
[Online]
Available: https://spaces.umbc.edu/display/oit2/Sample+Phishing+E-mail+Received+by+myUMBC+Account+Holders
[Accessed: 08 September 2008]
U.S. Senator Patrick Leahy
[Online]
Available: https://leahy.senate.gov/press/200407/070904c.html
[Accessed: 31 October 2008]
Viruslist.com
Nikolay Grebennikov
[Online]
Available: https://www.viruslist.com/en/analysis?pubid=204791931
[Accessed: 01 November 2008]
________________________________________________________________________
Teoh Khai Zihh Bolton ID: 0711161 Page 3 of 62
Phishing and Pharming: What is happening in this area, the impact of this and how can it be stopped?
____________________________________________________________________________________________________________
Antiphishing.info
Botnet Threats and Solutions : Phishing
[Online]
Available: https://www.antiphishing.org/sponsors_technical_papers/trendMicro_Phishing.pdf
[Accessed: 01 November 2008]
BBC News
Lucy Rodgers
Smashing The Criminals’ E-bazaar
[Online]
Available: https://news.bbc.co.uk/2/hi/uk_news/7084592.stm
[Accessed: 31 October 2008]
ComputerWeekly.Com
Antony Savvas
Phisher Jailed For 21 Months
[Online]
Available: https://www.computerweekly.com/Articles/2006/06/23/216614/phisher-jailed-for-21-months.htm
[Accessed: 31 October 2008]
ComputerWeekly.Com
Antony Savvas
UKSpammer Jailed For Six Years
[Online]
Available: https://www.computerweekly.com/Articles/2005/11/18/213022/uk-spammer-jailed-for-six-years.htm
[Accessed: 31 October 2008]
Bustathief.com
What is Phishing – eBay Phishing Examples
[Online]
Available: https://www.bustathief.com/what-is-phishing-ebay-phishing-examples/
[Accessed: 31 October 2008]
Fraud Protection Center
Phishing Site Example
[Online]
Available: https://fraudcenter.zks.freedom.net/html/phishing_site_example.html
[Accessed: 01 November 2008]
Help Net Security
Impact of Phishing on The Reputation of Brands
(26 November 2007)
[Online]
Available: https://www.net-security.org/secworld.php?id=5629
[Accessed: 01 November 2008]
Nilesh Chaudhari.
Pharming on the Net(March 2006).
[Online]
Available: https://palisade.plynt.com/issues/2006Mar/pharming/
[Accessed: 10 September 2008]
Phishing Activity Trends Report for the Month of January, 2008
(Anti-Phishing Working Group)
[Online]
Available: https://www.antiphishing.org/reports/apwg_report_jan_2008.pdf
[Accessed: 10 September 2008]
Recognize phishing scams and fraudulent e-mail
(Microsoft)
[Online]
Available: https://www.microsoft.com/protect/yourself/phishing/identify.mspx
[Accessed: 10 September 2008]
René Haahr Hemmingsen
Project Proposal for CPSC 503 Project
Department of Computer Science University of Calgary, Canada
[Online]
Available: https://homepages.ucalgary.ca/~rhhemmin/503/project_proposal.pdf
[Accessed: 28 September 2008]
SecurityFocus
Sachin Shetty
Introduction to Spyware Keyloggers
[Online]
Available: https://www.microsoft.com/protect/yourself/phishing/identify.mspx
[Accessed: 01 November 2008]
U.S Senator Patrick Leahy.
New Leahy Bill Targets Internet “Phishing” and “Pharming” That Steal Billions of Dollars Annually From Consumers
[Online]
Available: https://leahy.senate.gov/press/200503/030105.html
[Accessed: 12 September 2008]
________________________________________________________________________
Online transaction. (2017, Jun 26).
Retrieved November 21, 2024 , from
https://studydriver.com/online-transaction/
A professional writer will make a clear, mistake-free paper for you!
Get help with your assignmentPlease check your inbox
Hi!
I'm Amy :)
I can help you save hours on your homework. Let's start by finding a writer.
Find Writer