phishing new internet financial fraud trend
play

Phishing: New Internet Financial Fraud Trend by Yuejin Du - PowerPoint PPT Presentation

Mar 27, 2024 •150 likes •374 views

Phishing: New Internet Financial Fraud Trend by Yuejin Du CNCERT/CC Feb. 24 th . 2005 APRICOT www.cert.org.cn Attendee Investigation National Computer network Emergency Response technical Team/Coordination Center of China Contents

  1. Phishing: New Internet Financial Fraud Trend by Yuejin Du CNCERT/CC Feb. 24 th . 2005 APRICOT www.cert.org.cn

  2. Attendee Investigation National Computer network Emergency Response technical Team/Coordination Center of China

  3. Contents • Overview of Phishing • Trends: Phishing is becoming one of the most popular Internet incidents • Technique Issues: from both sides • Anti-Phishing Activities of CNCERT/CC National Computer network Emergency Response technical Team/Coordination Center of China

  4. Overview of Phishing What is Phishing? Phishing attacks use 'spoofed' e-mails and fake websites designed to bamboozle recipients into revealing confidential information with economic value such as credit card numbers, account usernames and passwords, social security numbers, etc. National Computer network Emergency Response technical Team/Coordination Center of China

  5. Basic components of Phishing attack • ‘fish’: (Identity , then money of ) you— customer of Internet Bank or e-commerce • ‘bait’: spam & story • ‘fishhook’: fake website or Phishing Site /Trojan /Spyware • ‘fisher’: somebody hidden somewhere National Computer network Emergency Response technical Team/Coordination Center of China

  6. Sample of Spoofed Email National Computer network Emergency Response technical Team/Coordination Center of China

  7. Fake Web Site — Phishing Site National Computer network Emergency Response technical Team/Coordination Center of China

  8. Trends — Phishing is becoming more and more popular Data comes from APWG National Computer network Emergency Response technical Team/Coordination Center of China

  9. Phishing Reports CNCERT/CC received • During the year of 2004, CNCERT/CC had received 223 Phishing reports from over 33 worldwide financial and security organization . C N C E R T/ C C M ont hl y P hi shi ng R epor t 70 60 50 40 30 20 10 0 Jan. Feb M ar A pr M ay Jun Jul A ug S ep O ct N ov D ec National Computer network Emergency Response technical Team/Coordination Center of China

  10. Tech. Issues: Phishing & Anti-Phishing • Method 1 ( of ‘fisher’): using alike url & similar webpages – ablc.com vs ab1c.com – abc.com vs abc.com.cn • Rule 1 (of ‘fish’): Confirm the correct URL of the real target you wanna access National Computer network Emergency Response technical Team/Coordination Center of China

  11. Tech. Issues (cont.) • Method 2: Real website but fake pop-up windows • Rule 2: Watch out pop-up windows • Tip: some banks announced that they never use pop-up windows in their websites National Computer network Emergency Response technical Team/Coordination Center of China

  12. National Computer network Emergency Response technical Team/Coordination Center of China

  13. Tech. Issue (cont.) • Method 3: Try to hide the real URL information in your browser • Rule 4: Check that information • Tip: usually this is not difficult to find out National Computer network Emergency Response technical Team/Coordination Center of China

  14. National Computer network Emergency Response technical Team/Coordination Center of China

  15. Tech. Issue (cont.) • Method 4: use IE vulnerabilities to make the browser ‘lie’ to you • Rule 4: Update your system on time ; or try to check the source code of a web page • Tip: this might be difficult for some Internet users National Computer network Emergency Response technical Team/Coordination Center of China

  16. Tech. Issue (cont.) • ‘Ultimate’ Rules? – Do not click the hyperlink in the uncertain emails? Inputting the URL by yourself instead of just clicking the hyperlink, is an effect rule for a lot of attack methods. – Do not open the email attachments; – …. • ‘Ultimate’ Methods: – Use monitor program in your computer like a spy , steal the valuable information and then try to send it out; or just hijack DNS to make the ‘ultimate rule’ useless – Plenty of ways for planting the malicious program into your computer: • Use IE vulnerabilities to plant particular trojans into your computer: Try to redirect your access to particular website which contains malicious code , then the malicious code can use the IE vulnerablity to plan the spyware into your computer (we discovered about 1200 such websites in 2004 ) • Use other vulnerabilities to put malicious code or spyware into your computer • Tip: Do not use Internet……? National Computer network Emergency Response technical Team/Coordination Center of China

  17. Multi-parts should be responsible for Anti-phishing • Bank/Financial organization: ensure that their website is uneasy to be imitated or mimic. Also, responsible to provide the security awareness education. • LEA: catch the criminals and to make them be punished • Vendors/Industry side: provide techniques and products for anti-phishing • Internet User / IDC (Host owners) : protect their hosts so that they are not easy to be abused by bad guys. • Customers ( financial customers) : aware how to protect themselves from being cheated • CSIRTs: ? National Computer network Emergency Response technical Team/Coordination Center of China

  18. CSIRTs’ responsibility on anti-phishing • Incident handling: locate the phishing site and try to shut it down asap, so that less customers will be cheated • Tech. support: for data analysis; malicious code analysis; • Awareness and training: make more users aware • Coordination: National Computer network Emergency Response technical Team/Coordination Center of China

  19. Difficulties for handling Phishing Incidents • Host the fake websites in other countries • Locate and communicate with the fake website host owners (they are also victims), seeking for their cooperation • Technique barriers, e.g. visitor IP filter in one of the cases • Related to legislation issues; anti-spam; vulnerability handling; anti malicious code; anti Botnet; etc National Computer network Emergency Response technical Team/Coordination Center of China

  20. What CNCERT/CC is Doing • receive report and investigate the info of the host, such as the location, owner, ISP. • CNCERT/CC’s certain branch convince the host owner to take the site down, provide the data, tech support and security consultant. (CERT is not police, and host owner is also a victim. CERT may only convince host owner to cooperate. ) • Provide awareness education and consultant to the public • Effectiveness: reduced phishing site number and percentage in the end of the year; APWG partner; National Computer network Emergency Response technical Team/Coordination Center of China

  21. Q & A Happy New Rooster Year ! dyj@cert.org.cn National Computer network Emergency Response technical Team/Coordination Center of China

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Fraud and the Internet Sandra Peaston Deputy Head of Financial Crime and Strategic Intelligence

Fraud and the Internet Sandra Peaston Deputy Head of Financial Crime and Strategic Intelligence

Fraud and the Internet Sandra Peaston Deputy Head of Financial Crime and Strategic Intelligence 10 th February 2015 This evenings presentation What is Cifas The Identity Fraud Problem Reeling you in how phishing works Fraud in

243 views • 23 slides
Fraud Awareness May 2018 Unrestricted Prevalent Frauds types 1. Social Engineering Phishing,

Fraud Awareness May 2018 Unrestricted Prevalent Frauds types 1. Social Engineering Phishing,

Fraud Awareness May 2018 Unrestricted Prevalent Frauds types 1. Social Engineering Phishing, Vishing 2. Payment Fraud CEO Impersonation, Invoice Fraud. 3. Online / Cyber Fraud Malware & Trojans, Security Software, Social

448 views • 13 slides
Fraud and Phishing Scam Response Arrangements in Brazil Marcelo H. P . C. Chaves mhp@cert.br

Fraud and Phishing Scam Response Arrangements in Brazil Marcelo H. P . C. Chaves mhp@cert.br

Fraud and Phishing Scam Response Arrangements in Brazil Marcelo H. P . C. Chaves mhp@cert.br Computer Emergency Response Team Brazil CERT.br http://www.cert.br/ Brazilian Internet Steering Committee http://www.cgi.br/ October 2005 FIRST

443 views • 25 slides
Phishing, CEO Fraud & Other Criminal Tactics Fe February 19t 19th,2 ,2020 Mat Matthe

Phishing, CEO Fraud & Other Criminal Tactics Fe February 19t 19th,2 ,2020 Mat Matthe

Phishing, CEO Fraud & Other Criminal Tactics Fe February 19t 19th,2 ,2020 Mat Matthe hew Ellis , Incident Management, UBC Cybersecurity FACTS At UBC, we are responsible for substantial amounts of personal information about

447 views • 33 slides
09/28/2005 Shalendra Chhabra MS Thesis Defense - Fighting Spam, Phishing and Email Fraud

09/28/2005 Shalendra Chhabra MS Thesis Defense - Fighting Spam, Phishing and Email Fraud

09/28/2005 Shalendra Chhabra MS Thesis Defense - Fighting Spam, Phishing and Email Fraud University of California, Riverside Acknowledgements Grateful to: UCR, My Advisor Dimitrios Gunopulos, My Mentors William S Yerazunis and Bhiksha Raj

572 views • 43 slides
The Art of Phishing : What you should know Arvind Vishwakarma 05/24/2019 Agenda 1. Phishing

The Art of Phishing : What you should know Arvind Vishwakarma 05/24/2019 Agenda 1. Phishing

The Art of Phishing : What you should know Arvind Vishwakarma 05/24/2019 Agenda 1. Phishing In a Nutshell 2. Phishing Types & Techniques 3. Phishing Stats & Modern Trends 4. Case-Study 5. Stay Safe 2 Speaker ABOUT ME

478 views • 24 slides
Phishing Fishing or Phishing? Definition Phishing: an attempt to trick victims into sharing

Phishing Fishing or Phishing? Definition Phishing: an attempt to trick victims into sharing

Phishing Fishing or Phishing? Definition Phishing: an attempt to trick victims into sharing sensitive information such as passwords, usernames, and credit card details for malicious reasons. Phishing can be in the form of emails, social

530 views • 20 slides
Retreat IT Presentation Rick OToole Phishing Awareness What is Phishing? Phishing is the

Retreat IT Presentation Rick OToole Phishing Awareness What is Phishing? Phishing is the

School of Fin ine Arts Retreat IT Presentation Rick OToole Phishing Awareness What is Phishing? Phishing is the attempt to obtain personal information such as passwords and logins for malicious purposes. By appearing to be legitimate the

255 views • 13 slides
VECTOR Table of Content Bio What phishing is? Types of Phishing Anatomy of

VECTOR Table of Content Bio What phishing is? Types of Phishing Anatomy of

THE STATE OF PHISHING ATTACK VECTOR Table of Content Bio What phishing is? Types of Phishing Anatomy of Phishing Counter Measures Reports on Phishing Isaac K. Acheampong Facilities Manager BSc IT, Dip. IT, Sec+ STATE OF

711 views • 34 slides
WHY CRIME? Financial Fraud Action UK report Q4 2016 WHY CRIME? Financial Fraud Action UK

WHY CRIME? Financial Fraud Action UK report Q4 2016 WHY CRIME? Financial Fraud Action UK

WHY CRIME? Financial Fraud Action UK report Q4 2016 WHY CRIME? Financial Fraud Action UK report Q4 2017 WHY NOW? A steep learning curve ? I NEED CYBER @Many in our industry 3 EVERYONE HAS A FRAUD EXPOSURE OUR CLIENTS HAVE

633 views • 34 slides
Cyber Frauds: Phishing, Astroturfing, Fake News, and Deepfake Dongwon Lee Penn State

Cyber Frauds: Phishing, Astroturfing, Fake News, and Deepfake Dongwon Lee Penn State

Cyber Frauds: Phishing, Astroturfing, Fake News, and Deepfake Dongwon Lee Penn State University, USA dongwon@psu.edu Oct. 24, 2019 @ ORAU Fraud Informatics Symposium 2 Fraud Informatics (FI) Project l NSF SaTC EDU Grant (2018 2021) l

993 views • 80 slides
Tech Briefing Email Security (Phishing) VPN File Storage Phishing Awareness What is Phishing?

Tech Briefing Email Security (Phishing) VPN File Storage Phishing Awareness What is Phishing?

Tech Briefing Email Security (Phishing) VPN File Storage Phishing Awareness What is Phishing? Phishing email messages, websites, and phone calls are designed to steal money or sensitive information. Cybercriminals can do this by installing

264 views • 24 slides
PHISHING IN DEPTH (ATTACKS & MITIGATIONS) Table of Content 1.0 Introduction 2.0 Phishing

PHISHING IN DEPTH (ATTACKS & MITIGATIONS) Table of Content 1.0 Introduction 2.0 Phishing

PHISHING IN DEPTH (ATTACKS & MITIGATIONS) Table of Content 1.0 Introduction 2.0 Phishing 3.0 Phishing kit 4.0 Types of Phishing 5.0 Avoidance Techniques 6.0 Effect of Phishing on Businesses 7.0 Demos & Practical INTRODUCTION

565 views • 27 slides
Onyx Fraud is rife online Online fraud aggregated 10bn in 2017 Fraud costs are increasing, due

Onyx Fraud is rife online Online fraud aggregated 10bn in 2017 Fraud costs are increasing, due

Onyx Fraud is rife online Online fraud aggregated 10bn in 2017 Fraud costs are increasing, due to technology sophistication Internet provides unrestricted access to a larger pool of potential victims Banks should arm themselves with

276 views • 16 slides
Financial (Mis)Statement Fraud A walk down memory lane Presentation to ACFE (Sydney chapter)

Financial (Mis)Statement Fraud A walk down memory lane Presentation to ACFE (Sydney chapter)

Financial (Mis)Statement Fraud A walk down memory lane Presentation to ACFE (Sydney chapter) 13 November 2014 Tyneil Flaherty, Special Counsel Financial (Mis)Statement Fraud Definition Australian Auditing Standard ASA 240 Fraud means

778 views • 30 slides
Fraud Overview Agenda Fraud Overview Fraud Triangle and Red Flags Fraud Prevention

Fraud Overview Agenda Fraud Overview Fraud Triangle and Red Flags Fraud Prevention

Fraud Overview Agenda Fraud Overview Fraud Triangle and Red Flags Fraud Prevention Case Studies Our Commitment Spring ISD Source: ACFE & Fraud Overview What Is Fraud? Fraud is any intentional act or

405 views • 18 slides
Erik Whynot, Esq Founding Partner 300 N. Maitland Ave. Maitland, Florida ewhynot@mygwlaw.com

Erik Whynot, Esq Founding Partner 300 N. Maitland Ave. Maitland, Florida ewhynot@mygwlaw.com

Erik Whynot, Esq Founding Partner 300 N. Maitland Ave. Maitland, Florida ewhynot@mygwlaw.com OFFICES Maitland/Orlando | *Ft. Lauderdale T) 407-539-3900 * By appointment only F) 407-386-8485 HU HURRICA CANE NE PREPAREDNE NESS Do Don

234 views • 21 slides
Protecting Internet Threat Monitors: A Statistical Filtering Approach Yoichi Shinoda JAIST

Protecting Internet Threat Monitors: A Statistical Filtering Approach Yoichi Shinoda JAIST

Protecting Internet Threat Monitors: A Statistical Filtering Approach Yoichi Shinoda JAIST Mapping Internet Monitors Two papers were presented/published at the 14th USENIX Security Symposium (Aug. 2005). Mapping Internet Sensors with

353 views • 9 slides
Cybersecurity and Africa Benot MOREL Carnegie Mellon University Afrinic Cyberization of

Cybersecurity and Africa Benot MOREL Carnegie Mellon University Afrinic Cyberization of

Cybersecurity and Africa Benot MOREL Carnegie Mellon University Afrinic Cyberization of Africa The new big development in the cyberworld 6.8% penetration population today but the growth is phenomenal Changes the digital

462 views • 8 slides
Security in SESAR 2020 Ruben Flohr ATM Expert, SESAR JU GAMMA final event 15 November 2017

Security in SESAR 2020 Ruben Flohr ATM Expert, SESAR JU GAMMA final event 15 November 2017

Security in SESAR 2020 Ruben Flohr ATM Expert, SESAR JU GAMMA final event 15 November 2017 Pieces of the puzzle EC NIS directive, EASA L aunch of ECSP, ECCSA, CERT-EU EU Computer Emergency Response Team SESAR Framework study,

340 views • 12 slides
Introduction to cybersecurity for Generalists James Davenport University of Bath 16 May 2019

Introduction to cybersecurity for Generalists James Davenport University of Bath 16 May 2019

Introduction to cybersecurity for Generalists James Davenport University of Bath 16 May 2019 James Davenport Introduction to cybersecurity for Generalists 1 / 16 CM50209: Security and Integrity Course is 6 ECTS (12 CATS) credits, in Semester

394 views • 16 slides
Security Standards Information Security Prof Hans Georg Schaathun Hgskolen i lesund Autumn

Security Standards Information Security Prof Hans Georg Schaathun Hgskolen i lesund Autumn

Security Standards Information Security Prof Hans Georg Schaathun Hgskolen i lesund Autumn 2011 Week 4 Prof Hans Georg Schaathun Security Standards Autumn 2011 Week 4 1 / 1 Evolution of Standards Outline Prof Hans Georg

521 views • 36 slides
IOT AND SMART CITIES Sokwoo Rhee Associate Director of Cyber-Physical Systems Program National

IOT AND SMART CITIES Sokwoo Rhee Associate Director of Cyber-Physical Systems Program National

NIST IOT AND SMART CITIES Sokwoo Rhee Associate Director of Cyber-Physical Systems Program National Institute of Standards and Technology (NIST) US Department of Commerce NIST Integrated, hybrid networks of cyber and engineered physical

361 views • 25 slides
CISO 90 Day Plan Nelson Chen, M.SC. IT CISSP, CISA, CISM Agenda Why are we here? Days 0

CISO 90 Day Plan Nelson Chen, M.SC. IT CISSP, CISA, CISM Agenda Why are we here? Days 0

CISO 90 Day Plan Nelson Chen, M.SC. IT CISSP, CISA, CISM Agenda Why are we here? Days 0 30 Days 31 60 Days 61 90 Days 90+ Infinity & Beyond Avoiding Really Bad News! <Your Company Name Here> Data

675 views • 42 slides

More recommend