fraud and phishing scam response arrangements in brazil
play

Fraud and Phishing Scam Response Arrangements in Brazil Marcelo H. - PowerPoint PPT Presentation

Jun 08, 2023 •186 likes •443 views

Fraud and Phishing Scam Response Arrangements in Brazil Marcelo H. P . C. Chaves mhp@cert.br Computer Emergency Response Team Brazil CERT.br http://www.cert.br/ Brazilian Internet Steering Committee http://www.cgi.br/ October 2005 FIRST

  1. Fraud and Phishing Scam Response Arrangements in Brazil Marcelo H. P . C. Chaves mhp@cert.br Computer Emergency Response Team Brazil – CERT.br http://www.cert.br/ Brazilian Internet Steering Committee http://www.cgi.br/ October 2005 FIRST Technical Colloquium – p.1/25

  2. Overview • Financial Sector Statistics • Short timeline of Internet bank fraud in Brazil • Current trends • Current developments • Statistics – trojan notifications – AV vendors efficiency • Further developments needed October 2005 FIRST Technical Colloquium – p.2/25

  3. Financial Sector Statistics October 2005 FIRST Technical Colloquium – p.3/25

  4. Financial Sector Statistics End of 2004: 164 banks • 88 – national and private • 62 – foreign and private • 14 – public → 44% of the service network Service Evolution 2000 (%) 2004 (%) number (Mi)* indicators indicators Internet Banking 3.7 13 checking accounts 73 self−service 33.5 32.4 savings accounts 67 automatic debits 27 27 I.B. end users 18.1 tellers 20.4 12 I.B. com. users 1.9 debit cards 1.6 4.1 * end of 2004 Source: Brazilian Bankers’ Association (FEBRABAN) October 2005 FIRST Technical Colloquium – p.4/25

  5. Short Timeline of Internet Bank Fraud in Brazil October 2005 FIRST Technical Colloquium – p.5/25

  6. Timeline of Internet bank fraud in Brazil • 2001: brute force attacks using easy passwords • 2002–2003: increase in phishing with heavy use of compromised DNS servers • 2003–2004: increase in sophisticated phishing – fraudulent homepages very similar to the real ones – data sent from fraudulent homepages to other homepages, that process the data and send results to email accounts October 2005 FIRST Technical Colloquium – p.6/25

  7. Current Trends October 2005 FIRST Technical Colloquium – p.7/25

  8. Current Trends Traditional phishing and compromised DNS servers are rarely seen. The current scheme is: • the criminals send spams using the names of well-known entities or popular sites (government, telecom, airline companies, charity institutions, reality shows, e-commerce, etc) • these spams have links to trojan horses hosted at various sites • the victim usually never associates the spam with a banking fraud October 2005 FIRST Technical Colloquium – p.8/25

  9. Current Trends (cont.) Once installed, the trojan has the hability to: • monitor the victim’s computer looking for accesses to Brazilian well-known banks • capture keystrokes and mouse events, as well as snapshots of the screen • overlap portions of the victim’s screen, hiding information • send captured information, such as account numbers and passwords, to collector sites or email accounts October 2005 FIRST Technical Colloquium – p.9/25

  10. Current Trends (cont.) • today most trojans are hosted at major ISPs • we are seeing an increase in – defacers working for the criminals and uploading trojans together with their defacements – low profile intrusions with trojans hidden and remaining undetected by the site owners * usually very difficult to find the proper site contact October 2005 FIRST Technical Colloquium – p.10/25

  11. Current Developments October 2005 FIRST Technical Colloquium – p.11/25

  12. CERT.br Initiatives Trojan notification and submission system emails trojanfilter Extract suspicious URLs from emails URLs trojancheck notify sm2av Fetch and store malware Select new malware Get IP contacts candidate from malware´s list list entry Create email with the malware files Using AV, confirm if file is Send malware copy list entry data and a (confirmed) really a malware to each AV vendor email template that does not detect Create a list with the IP, date, URL, Send notification the malware yet confirmed URLs AV signature asking to remove the malware email with the malware copy email with the notification October 2005 FIRST Technical Colloquium – p.12/25

  13. CERT.br Initiatives (cont.) • notifying sites hosting trojans • sending undetected trojan samples to 25 AV vendors – aim is to increase AV effectiveness • the documents aimed to home users were revised, focusing on Internet frauds and social engineering October 2005 FIRST Technical Colloquium – p.13/25

  14. CERT.br Initiatives (cont.) • a task force between CERT.br and 9 biggest banks – PGP mailing list maintained by CERT.br – CERT.br facilitates exchange of technical information – banks coordinate efforts with the proper law enforcement agency for each case October 2005 FIRST Technical Colloquium – p.14/25

  15. Statistics October 2005 FIRST Technical Colloquium – p.15/25

  16. Top Trojan Hosting Domains Number of times a domain was referenced in spams, and was hosting a trojan candidate • 2005-04-01 – 2005-09-20 → 420266 emails, 541870 URLs number domain 140263 America Online* 26485 gratisweb.com 19655 spectrogariaclips.inf.br 14097 thefilebucket.com 9797 ripway.com 9499 noti-auto.com.ar 8608 atspace.com 7863 cartoesmagicos.com.br 6516 ncren.net 6141 terra.com.br * aol.{co.uk,com.br,de,com.au}, netscape.com, americaonline.com.{ar,mx,br} October 2005 FIRST Technical Colloquium – p.16/25

  17. Trojan Notifications Summary: 2005-04-01 – 2005-09-20 counter number domains 1409 contacts 772 extensions 16 filenames 3424 hosts 2228 IP addresses 1223 country codes 52 e-mails sent 5671 URLs 8540 AV signatures 575 Total amount of URLs notified = 11687 (with repetition) October 2005 FIRST Technical Colloquium – p.17/25

  18. Trojan Notifications (cont.) Top 10 domains notified number (%) domain 5245 44.88 America Online* 1154 9.88 gratisweb.com 140 1.20 terra.com.br 134 1.15 100free.com 132 1.13 galeon.com 127 1.09 webcindario.com 124 1.06 pop.com.br 102 0.87 atspace.com 99 0.85 tripod.com.br 91 0.78 yahoo.com.br * aol.{co.uk,com.br,de,com.au}, americaonline.com.{ar,mx,br}, netscape.com October 2005 FIRST Technical Colloquium – p.18/25

  19. Trojan Notifications (cont.) Top 12 extensions and country codes (CC) number (%) extension number (%) CC 8860 75.84 exe 1836 46.41 US 2394 20.49 scr 813 20.55 BR 274 2.35 zip 200 5.06 ES 76 0.65 jpg 152 3.84 KR 16 0.14 com 108 2.73 DE 16 0.14 rar 108 2.73 IT 15 0.13 js 105 2.65 UK 11 0.09 txt 93 2.35 CA 10 0.09 html 93 2.35 RU 3 0.03 dll 47 1.19 AR 2 0.02 gif 45 1.14 FR 2 0.02 swf 41 1.04 CN October 2005 FIRST Technical Colloquium – p.19/25

  20. AV Vendors Efficiency Period: 2005-04-06 – 2005-09-21 Sent a total of 6633 samples to AV vendors Antivirus Vendor samples detected Kaspersky 857 87.08 % F-Secure 857 87.08 % Sybari 2001 69.83 % McAfee 2456 62.97 % DrWeb 2706 59.20 % Panda 4265 35.70 % Fortinet 4408 33.54 % eTrust-Iris 4944 25.46 % AVG 5085 23.34 % ClamAV 5177 21.95 % Symantec 5916 10.81 % eTrust-Vet 6152 7.25 % October 2005 FIRST Technical Colloquium – p.20/25

  21. AV Vendors Efficiency (cont.) Kaspersky/F-Secure McAfee 140 Panda AVG Undetected Trojan Samples Sent (06/Apr - 13/Aug) ClamAV Symantec 120 100 80 60 40 20 0 10/Apr 24/Apr 08/May 22/May 05/Jun 19/Jun 03/Jul 17/Jul 31/Jul 2005 October 2005 FIRST Technical Colloquium – p.21/25

  22. AV Vendors Efficiency (cont.) Kaspersky/F-Secure McAfee 140 Panda AVG Undetected Trojan Samples Sent (14/Aug - 15/Sep) ClamAV Symantec 120 Federal Police Operation Pegasus (25/Aug) 100 80 60 40 20 0 15/Aug 22/Aug 29/Aug 05/Sep 12/Sep 2005 October 2005 FIRST Technical Colloquium – p.22/25

  23. Further Developments Needed October 2005 FIRST Technical Colloquium – p.23/25

  24. Further Developments Needed • AV software need to better detect trojans – most used defense among end users • ISPs need to be more proactive – check files at upload time • more efforts to block spam at its source – working in some technical solutions with telcos and ISPs • better international cooperation October 2005 FIRST Technical Colloquium – p.24/25

  25. Contact Information • Computer Emergency Response Team Brazil – CERT.br http://www.cert.br/ • Brazilian Internet Steering Comittee – CGI.br http://www.cgi.br/ • Marcelo H. P . C. Chaves <mhp@cert.br> October 2005 FIRST Technical Colloquium – p.25/25

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Phishing: New Internet Financial Fraud Trend by Yuejin Du CNCERT/CC Feb. 24 th . 2005 APRICOT

Phishing: New Internet Financial Fraud Trend by Yuejin Du CNCERT/CC Feb. 24 th . 2005 APRICOT

Phishing: New Internet Financial Fraud Trend by Yuejin Du CNCERT/CC Feb. 24 th . 2005 APRICOT www.cert.org.cn Attendee Investigation National Computer network Emergency Response technical Team/Coordination Center of China Contents

374 views • 21 slides
Fraud Awareness May 2018 Unrestricted Prevalent Frauds types 1. Social Engineering Phishing,

Fraud Awareness May 2018 Unrestricted Prevalent Frauds types 1. Social Engineering Phishing,

Fraud Awareness May 2018 Unrestricted Prevalent Frauds types 1. Social Engineering Phishing, Vishing 2. Payment Fraud CEO Impersonation, Invoice Fraud. 3. Online / Cyber Fraud Malware &amp; Trojans, Security Software, Social

448 views • 13 slides
PhiGARo: Automatic Phishing Detection and Incident Response Framework Martin Husk, Jakub

PhiGARo: Automatic Phishing Detection and Incident Response Framework Martin Husk, Jakub

PhiGARo: Automatic Phishing Detection and Incident Response Framework Martin Husk, Jakub egan {husakm|cegan}@ics.muni.cz ECTCM 2014 Fribourg, Switzerland Outline Introduction, Phishing incident response, PhiGARo (phishing

270 views • 23 slides
Scams Awareness Month July 2016 Did you know? A scam is a scheme to con people out of their

Scams Awareness Month July 2016 Did you know? A scam is a scheme to con people out of their

Scams Awareness Month July 2016 Did you know? A scam is a scheme to con people out of their money. Other names for a scam include fraud, hoax, con, swindle, cheat. Each year millions of people in the UK fall prey to scammers.

729 views • 14 slides
Inside the SCAM Jungle: A Closer Look at 419 Scam Email Operations Jelena Isacenkova Olivier

Inside the SCAM Jungle: A Closer Look at 419 Scam Email Operations Jelena Isacenkova Olivier

Inside the SCAM Jungle: A Closer Look at 419 Scam Email Operations Jelena Isacenkova Olivier Thonard Andrei Costin Aurelien Francillon Davide Balzarotti Nigerian Scam Trap 2 Nigerian Scam Trap 3 Spam vs. 419 Scam 419 SCAM SPAM

804 views • 36 slides
Phishing, CEO Fraud &amp; Other Criminal Tactics Fe February 19t 19th,2 ,2020 Mat Matthe

Phishing, CEO Fraud &amp; Other Criminal Tactics Fe February 19t 19th,2 ,2020 Mat Matthe

Phishing, CEO Fraud &amp; Other Criminal Tactics Fe February 19t 19th,2 ,2020 Mat Matthe hew Ellis , Incident Management, UBC Cybersecurity FACTS At UBC, we are responsible for substantial amounts of personal information about

447 views • 33 slides
09/28/2005 Shalendra Chhabra MS Thesis Defense - Fighting Spam, Phishing and Email Fraud

09/28/2005 Shalendra Chhabra MS Thesis Defense - Fighting Spam, Phishing and Email Fraud

09/28/2005 Shalendra Chhabra MS Thesis Defense - Fighting Spam, Phishing and Email Fraud University of California, Riverside Acknowledgements Grateful to: UCR, My Advisor Dimitrios Gunopulos, My Mentors William S Yerazunis and Bhiksha Raj

572 views • 43 slides
The Art of Phishing : What you should know Arvind Vishwakarma 05/24/2019 Agenda 1. Phishing

The Art of Phishing : What you should know Arvind Vishwakarma 05/24/2019 Agenda 1. Phishing

The Art of Phishing : What you should know Arvind Vishwakarma 05/24/2019 Agenda 1. Phishing In a Nutshell 2. Phishing Types &amp; Techniques 3. Phishing Stats &amp; Modern Trends 4. Case-Study 5. Stay Safe 2 Speaker ABOUT ME

478 views • 24 slides
Phishing Fishing or Phishing? Definition Phishing: an attempt to trick victims into sharing

Phishing Fishing or Phishing? Definition Phishing: an attempt to trick victims into sharing

Phishing Fishing or Phishing? Definition Phishing: an attempt to trick victims into sharing sensitive information such as passwords, usernames, and credit card details for malicious reasons. Phishing can be in the form of emails, social

530 views • 20 slides
Phishing and Banking Trojan Cases Affecting Brazil Cristine Hoepers cristine@cert.br

Phishing and Banking Trojan Cases Affecting Brazil Cristine Hoepers cristine@cert.br

Phishing and Banking Trojan Cases Affecting Brazil Cristine Hoepers cristine@cert.br Centro de Estudos, Resposta e Tratamento de Incidentes de Segurana no Brasil Ncleo de Informao e Coordenao do Ponto BR Comit Gestor da

417 views • 24 slides
Retreat IT Presentation Rick OToole Phishing Awareness What is Phishing? Phishing is the

Retreat IT Presentation Rick OToole Phishing Awareness What is Phishing? Phishing is the

School of Fin ine Arts Retreat IT Presentation Rick OToole Phishing Awareness What is Phishing? Phishing is the attempt to obtain personal information such as passwords and logins for malicious purposes. By appearing to be legitimate the

255 views • 13 slides
VECTOR Table of Content Bio What phishing is? Types of Phishing Anatomy of

VECTOR Table of Content Bio What phishing is? Types of Phishing Anatomy of

THE STATE OF PHISHING ATTACK VECTOR Table of Content Bio What phishing is? Types of Phishing Anatomy of Phishing Counter Measures Reports on Phishing Isaac K. Acheampong Facilities Manager BSc IT, Dip. IT, Sec+ STATE OF

711 views • 34 slides
Cyber Frauds: Phishing, Astroturfing, Fake News, and Deepfake Dongwon Lee Penn State

Cyber Frauds: Phishing, Astroturfing, Fake News, and Deepfake Dongwon Lee Penn State

Cyber Frauds: Phishing, Astroturfing, Fake News, and Deepfake Dongwon Lee Penn State University, USA dongwon@psu.edu Oct. 24, 2019 @ ORAU Fraud Informatics Symposium 2 Fraud Informatics (FI) Project l NSF SaTC EDU Grant (2018 2021) l

993 views • 80 slides
Fraud and the Internet Sandra Peaston Deputy Head of Financial Crime and Strategic Intelligence

Fraud and the Internet Sandra Peaston Deputy Head of Financial Crime and Strategic Intelligence

Fraud and the Internet Sandra Peaston Deputy Head of Financial Crime and Strategic Intelligence 10 th February 2015 This evenings presentation What is Cifas The Identity Fraud Problem Reeling you in how phishing works Fraud in

243 views • 23 slides
Tech Briefing Email Security (Phishing) VPN File Storage Phishing Awareness What is Phishing?

Tech Briefing Email Security (Phishing) VPN File Storage Phishing Awareness What is Phishing?

Tech Briefing Email Security (Phishing) VPN File Storage Phishing Awareness What is Phishing? Phishing email messages, websites, and phone calls are designed to steal money or sensitive information. Cybercriminals can do this by installing

264 views • 24 slides
PHISHING IN DEPTH (ATTACKS &amp; MITIGATIONS) Table of Content 1.0 Introduction 2.0 Phishing

PHISHING IN DEPTH (ATTACKS &amp; MITIGATIONS) Table of Content 1.0 Introduction 2.0 Phishing

PHISHING IN DEPTH (ATTACKS &amp; MITIGATIONS) Table of Content 1.0 Introduction 2.0 Phishing 3.0 Phishing kit 4.0 Types of Phishing 5.0 Avoidance Techniques 6.0 Effect of Phishing on Businesses 7.0 Demos &amp; Practical INTRODUCTION

565 views • 27 slides
Introduction to TCP/IP Surasak Sanguanpong nguan@ku.ac.th http://www.cpe.ku.ac.th/~nguan Last

Introduction to TCP/IP Surasak Sanguanpong nguan@ku.ac.th http://www.cpe.ku.ac.th/~nguan Last

1/24 Introduction to TCP/IP Surasak Sanguanpong nguan@ku.ac.th http://www.cpe.ku.ac.th/~nguan Last updated: 27 June 2002 Applied Network Research Group Department of Computer Engineering, Kasetsart University

509 views • 12 slides
Chapter 15 Networks Part 2 ARPANet in 1969 1 Hofstra University - CSC005 11/29/06

Chapter 15 Networks Part 2 ARPANet in 1969 1 Hofstra University - CSC005 11/29/06

Chapter 15 Networks Part 2 ARPANet in 1969 1 Hofstra University - CSC005 11/29/06 Internet Standards and RFCs Internet Architecture Board (IAB) - overall architecture Internet Engineering Task Force (IETF) - engineering and development

822 views • 54 slides
Final Year Project Part I &amp; II Briefing http://fes.utar.edu.my/current-students/fyp/

Final Year Project Part I &amp; II Briefing http://fes.utar.edu.my/current-students/fyp/

Final Year Project Part I &amp; II Briefing http://fes.utar.edu.my/current-students/fyp/ ATTENTION!!! ATTENTION!!! If you intend to use any laboratories for FYP , visit: Department of Laboratory Management and Safety Administration (LMSA)

702 views • 53 slides
Experiencing the Engineering Design Process through a Math Lens Heather Kohn Marlborough High

Experiencing the Engineering Design Process through a Math Lens Heather Kohn Marlborough High

Experiencing the Engineering Design Process through a Math Lens Heather Kohn Marlborough High School, MA @heather_kohn heather.m.kohn@gmail.com growingexponentially.wordpress.com Engineering Design Process Engineering Design Process Mindset

401 views • 21 slides
The Applied Control The Applied Control Technology Consortium Technology Consortium Dr Arek

The Applied Control The Applied Control Technology Consortium Technology Consortium Dr Arek

1 The Applied Control Technology Consortium The Applied Control The Applied Control Technology Consortium Technology Consortium Dr Arek Dutka Dr Arek Dutka ACTC Manager ACTC Manager 2 Presentation Overview Presentation Overview The

592 views • 29 slides
First International IEEE 5G Summit Princeton NJ May 26, 2015 May 26, 2015 1 / 11 Agenda [08:00

First International IEEE 5G Summit Princeton NJ May 26, 2015 May 26, 2015 1 / 11 Agenda [08:00

First International IEEE 5G Summit Princeton NJ May 26, 2015 May 26, 2015 1 / 11 Agenda [08:00 09:00 AM] Registration and Breakfast [09:00 09:05 AM] Welcome Address Dr. Ashutosh Dutta, General Chair Dr. Doug Zuckerman, Past President IEEE

341 views • 11 slides
Th The Flag Flagship ip in in Quan antum Tec echnolo logies ies of t of the E Europ

Th The Flag Flagship ip in in Quan antum Tec echnolo logies ies of t of the E Europ

Th The Flag Flagship ip in in Quan antum Tec echnolo logies ies of t of the E Europ opean C Com ommission on Tommaso Calarco The Quantum Technologies Flagship Meeting Stephen's Green Hibernian Club, Dublin 22 September 2017 The

916 views • 38 slides
Next Step Networks and Systems in China CCSA China Communications Standards Association

Next Step Networks and Systems in China CCSA China Communications Standards Association

Next Step Networks and Systems in China CCSA China Communications Standards Association 2019-11-27 Agenda 1 CCSA 2 China 5G Industry 3 China 6G CCSA China Communications Standards Association Founded in 2002, starting as a trial of

372 views • 21 slides

More recommend