...Content 1. Hacking & Phishing 2. What is hacking? 3. How hackers discover your PC’s address? 4. How does a firewall work? 5. What is Phishing? 5.1 Introduction 5.2 Types of Phishing 5.2.1 Clone Phishing 5.2.2 Spear Phishing 5.2.3 Phone Phishing 1. Hacking & Phishing No, we're not talking about baiting the hook while you have a bad cold. Hacking and Phishing are two very different types of computer security threats. Hacking is an extremely y high tech attack which requires you to take certain precautions to protect your computer and al l of the data which is stored in it. Phishing, on the other hand, i s decidedly low tech and just requires a dose of common sense to ward off the dangers. 2. What is hacking? Because the Internet is simply a network of computers that are al l tied together, every one of them (including yours) has the capability to "talk" to any other one. That means that a determined criminal can gain unauthorized zed entry to your PC once he knows your computer's "address". These criminal s are called "hackers". 3. How hackers discover your PC’s address? Your computer l eaves its address al l over the Internet whenever it visits a web site. The addresses can be found in the log files which are automatically generated by every web server among other pl aces. Some hackers use what is known as "port scanning" software which simply goes out on the Internet and el electronically knocks" on the door of every connected computer it can find to see if any will...
Words: 1233 - Pages: 5
...Analysis of PHISHING By Prasath Manimaran ID: 20038303 Table of Contents Chapter One – Introduction 1. Research Questions and Objectives……………….…………………………………………….5 Chapter Two – Literature Review & Definition of Phishing 2.1. Literature Review…………………………………………………………………………………………..8 2.1.2. Definitions of Phishing……………………………………………………………………..8 2.1.3. Outcomes of this Study…………………………………………………………………….16 2.2. Research Details 2.2.1. Scope of the Research……………………………………………………………………….17 2.2.2. Research Methodology……………………………………………………………………..17 2.2.3Inductive versus Deductive Study……..………………………………………………..20 2.2.4. Qualitative versus Quantative……………………………………………………..20 Chapter Three – Phishing in a Banking Context 3.1. Confidence in Internet Banking……………………………………………………………………22 3.1.1. Security Requirements………………………………………………………………………23 3.2. Threat Models……………………………………………………………………………………………….25 3.2.1. The Internet Threat Model……………………………………………………..25 3.2.2. Thompson Threat Model……………………………………………………….26 3.2.3. Viral Threaet Model………………………………………………………………26 3.3. The Phishing Threat Model…………………………………………………………………………..26 3.3.1. Identification of Internet Banking Components………………………………..27 3.3.2. Identification of Phishing Threats………………………………………………29 Chapter 4 – Analysis of Current Phishing Techniques 4.1. Modus Operandi………………………………………………………………………………………….…36 4.2. Roles of Adversary in Phishing………………………………………………………………………...
Words: 15039 - Pages: 61
...understanding of the situation in the network of the company I decided to start the analysis by the vulnerabilities that this one presents. Many of these vulnerabilities are the cause for different types of network attacks. It should be noted that while many of these vulnerabilities may be mitigated or eliminated the possibility of an attack always exists. The first vulnerability is the email server. Although very well controlled for been within the Demilitarized Zone (DMZ), this is always a vulnerability with which most companies have to deal with. This vulnerability opens the way for phishing attack. One way to mitigate this vulnerability is configuring the email server so that only authorized email may enter. This is difficult because our video game company has a large list of customers and suppliers that are in constant change. The best option is to alert users about the security measures and company policies regarding private and unknown emails. The Web and FTP server can be a not very alarming vulnerability. Because it is located in the DMZ and after the Intrusion Detection System (IDS), is unlikely to be corrupted without being detected. The location of the file servers in the network is totally unprotected against internal attacks. Any successful attack in the LAN would leave the data servers exposed. The establishment of a demilitarized zone with a completely different set of log on names and password than any other machines would give these servers better security...
Words: 1141 - Pages: 5
...expose critical or confidential data to malicious attack from anywhere in the world. This paper is intended to discuss an emerging threat vector which combines social engineering and technology. Utilizing Voice over Internet Protocol (VoIP) convenience combined with electronic mail phishing techniques, Vishing has the potential to be a highly successful threat vector. Vishing victims face identity theft and/or financial fraud. An increased awareness about these attacks will provide an effective means for overcoming the security issues. INDEX 1. Introduction 1 2. What is Vishing? 1 3. How Vishing works? 2 4. The Problem of Trust 4 5. Vishing Characteristics 5 5.1. Type of data prone to attack 5 5.2. Data usage by the attacker 6 6. Other Attacks 6 6.1. Dumpster diving 6 6.2. Card Owner Validation 7 6.3. Handset Blackmail 7 6.4. Exploit payloads 7 7. Overcoming Vishing 7 8. Conclusion 8 References 9 1. Introduction: Many of today’s widespread threats rely heavily on social engineering techniques, which are used to manipulate people into performing actions or divulging confidential information to leverage and exploit technology weaknesses. Phishing is the most commonly exploited threat currently plaguing the Internet and its users. At one point, phishing referred exclusively to the use of e-mail to...
Words: 2502 - Pages: 11
...------------------------------------------------- Techniques and terms[edit] All social engineering techniques are based on specific attributes of human decision-making known as cognitive biases.[3] These biases, sometimes called "bugs in the human hardware," are exploited in various combinations to create attack techniques, some of which are listed here: Pretexting[edit] Pretexting (adj. pretextual), also known in the UK as blagging or bohoing, is the act of creating and using an invented scenario (the pretext) to engage a targeted victim in a manner that increases the chance the victim will divulge information or perform actions that would be unlikely in ordinary circumstances.[4] An elaborate lie, it most often involves some prior research or setup and the use of this information for impersonation (e.g., date of birth, Social Security number, last bill amount) to establish legitimacy in the mind of the target.[5] This technique can be used to fool a business into disclosing customer information as well as by private investigators to obtain telephone records, utility records, banking records and other information directly from company service representatives. The information can then be used to establish even greater legitimacy under tougher questioning with a manager, e.g., to make account changes, get specific balances, etc. Pretexting can also be used to impersonate co-workers, police, bank, tax authorities, clergy, insurance investigators — or any other individual...
Words: 9621 - Pages: 39
...| Russian hackers attack the white house | | | Michae haven | 4/27/2015 | | On April 8, 2015 CNN did a report on a security breach involving the white house and the state department. This attack was done allegedly by Russian hackers in an attempt to gain states secrets. The hackers had gained access to the state departments computers via a phishing email attack. The attack was found out by suspicious activity that was happening on the white house computers. This attack allowed them full access to the state department’s computers and eventually they were able to convince someone to give them access to the white house’s non classified systems where sensitive information like the presidents non-published schedule and other information. The state department had been battling the hackers for months on trying to keep the hackers out but with no success at doing so. The systems were taken off line in an attempt to purge the mal-ware that was installed that gave the access to the systems and for new security measures to be put into place to help prevent future attacks on the systems. (Prokupecz, 2015) The attack was done by using a phishing scam. The way this works is first someone sends a message to a user, in this case it was by an email, trying to convince the user that they are someone from inside their work place, representing an event from the work place, or represents themselves as a trusted source. They then get the user to click on a web link that takes...
Words: 891 - Pages: 4
...Small Business Paper 1 Over the last few years major retail companies have been hacked. Target, Sony and even Walmart, you may think that only big name companies get hacked. But to be honest small business are the major target of hackers because they do not have the resource or knowledge as the top dogs. According to Symantec Threat Report 82% of stolen information could have been protected if business had and follow a security plan. So what are some threats that small business face today, for example let’s take a look at a kiosk at a shopping center. Kiosk’s is an 8 billion dollar industry in the United States, the average mall has 20 kiosk and they sell apparel, cell phone and accessories all the way down to home décor. Why are kiosks at the mall so vulnerable to system threat? Because most of them us an iPad or computer to make their daily transactions. Let’s take a look at some of the threats a kiosk had to deal with. Number one since they use a computer or iPad that’s need to be connected to a network this alone is a huge threat because hackers can easily hack the network and get customers financial information. According to Symantec/Small Business Technology Institute Study 60% of small business have open wireless networks. This leads me to the second threat that a small business can get is a malicious code. Small businesses try to save money so they don’t really think about an anti-spyware program or anti-virus because of this the system is defenseless against a...
Words: 641 - Pages: 3
...the Department of Defense’s Joint Staff became the latest target in a spear phishing attack. For over two weeks more than 4,000 users on the Defense network have been shut down by this attack (Starr, 2015). Where are all these threats originating from? They are from every location on the universe within the United States, China, Russia and even our own allies (Starr, 2015). Provide a description of a few network based threats The recent attack on the Department of Defense was a spear phishing attack. These are attacks through emails sent to employees with hopes that they open the link. Once the link is opened they give up their network credentials and it allows an outside source into a network. Denial-of-servie (DoS) and distributed-denial-of-service (DDoS) are attacks from one or more devices that are targeted at a server that creates so much traffic or demands for services that the target cannot respond to legitimate requests (TechTarget, 2000-2015). Figure 1: In a DDoS attack, multiple devices (red) flood a server with requests, overwhelming the server and blocking legitimate users (green). Malware or malicious software is any software that is used with intentions to disrupt computer operations, gather information or gain access to private computers (Norton, 1995). For each threat, focus on describing how the threat exploits network vulnerabilities In the case of the Phishing attack on the Joint Staff, malicious emails are created that resemble legitimate emails...
Words: 810 - Pages: 4
...For each malicious attack and threat identified in Assignment 1, choose a strategy for dealing with the risk (i.e., risk mitigation, risk assignment, risk acceptance, or risk avoidance). Masquerading – An attacker impersonates an authorized user to capture authentication information for use at a later date, resulting in possible unauthorized access to the network. An impersonation attack may be a replay or may be some other type of attack. Risk mitigation would be the best strategy for dealing with a masquerading attack. As risk mitigation uses various controls to reduce risk. (Janssen, 2013) Social engineering – An attacker uses the weakest link (people) to gain access to secret information by simply asking. This can be done over the phone or email. Compromise of sensitive information is likely to occur. Social networking websites can reveal a large amount of personal information, including resumes, home addresses, phone numbers, employment information, work locations, family members, education and photos. Social media websites may share more personal information than users expect or need to keep in touch with friends making them vulnerable to identity theft or other crimes. Risk avoidance would be the best strategy for dealing with a social engineering attack. (Roman, 2013) Phishing – Attackers use email to trick an individual into giving up private information such as financial information through a link to a fake website. When a user logs onto the fake Web site, and...
Words: 622 - Pages: 3
...1. Phishing= phone+ fishing Definition: Phishing is the attempt to acquire sensitive information by using malware. Phishing is a homophone of fishing, which involves using lures to catch fish. Typically a victim receives a message that appears to have been sent by a known contact or organization. An attachment or links in the message may install malware on the user’s device or direct them to a malicious website set up to trick their personal information, such as password, account IDs or credit card details. To make phishing messages look like they are genuinely from a well-known company, they include logos and other identifying information taken directly from that company’s website. The malicious links within the body of the message are designed to make it appear that they go to the spoofed organization. The use of subdomains and misspelled URLs (typosquatting) are common tricks, as is homograph spoofing -- URLs created using different logical characters to read exactly like a trusted domain. Some phishing scams use JavaScript to place a picture of a legitimate URL over a browser’s address bar. the main reason for this is that it is more difficult to identify a phishing site on a mobile device than on a computer, due to page size and other hidden factors making it difficult to tell a site of this type from a clean one in a small 2. How phishing works: From beginning to end, the process involves: 1) Planning. Phishers decide which business to target and determine...
Words: 1870 - Pages: 8
...Introduction Pharming is defined as an attack in which a hacker installs malicious code on a personal computer or server, and redirects users from legitimate websites to fraudulent ones without their consent. It can also be called as “Phishing without a Lure.” Furthermore, it is among the most common computer security threats and even though it is a variant of phishing, it uses different techniques to achieve this. The first use of the word Phishing was in 1987 in a paper and presentation brought to the International HP users group. However, it didn’t really come out to the public until the American Online (AOL) accounts were stolen in 1996 by email. Since then, attempts have been made to target customers of banks and online payment services, making Social Networking sites the primary use for these attacks. On the other hand, Pharming was the evolution of phishing when it started to have low effects on users because the scams were easily identified and avoided. Panix was the first investigated case of this attack and in 2005 someone changed the DNS address, email direction, and ownership information of panix.com Pharming techniques are mainly based on deceiving not only the user but the computer as well, in order to change the real URLs to different IP numbers and consequently take the users to unwanted destinations. Moreover, pharming seeks to obtain personal or private information through domain spoofing. In other words, it poisons a DNS server by infusing...
Words: 279 - Pages: 2
...PHISHING & ONLINE BANKING FRAUD By, Aditya Ravishankar 5-BBA-LLB ‘B’ 1216452 School Of Law, Christ University TABLE OF CONTENT 1. Abstract ...2 2. Introduction ...3 3. Statement of Problem ...3 4. Scope and Objective ...3 5. Fraud …4 6. Online Banking …5 7. Banking Fraud using Technology …6 8. Cyber Crime & Online Banking Fraud …6 9. Phishing …7 10. Classification of Phishing ...8 11. Indian Scenario …11 12. conclusion …12 Abstract Nowadays, almost every bank provides its clients with access to their accounts over the Internet Banks provide a different range of financial services through their Internet banking channels. Different financial Internet banking applications mostly contain money transferring services, investment services (stock, bond, and mutual funds) and currency exchange services. However, as new technologies upset traditional power balances and so does the Internet. The Internet empowers everyone including cybercriminals. Advancement of technology and rapid progression of the hackers’ ability to access various users’ systems maliciously altered their motivations from curiosity to financial motives. Thus Financial Fraud is on rampant increase. This paper focuses on Online Banking Fraud in a general perspective and also looks into...
Words: 3597 - Pages: 15
...attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and rely on the information from the first source to add to his or her credibility. In the past companies would assume if they setup authentication processes, firewalls, virtual private networks, and network-monitoring the software their network would be safe. Social Engineering bypasses the technical security measures and targets the human element in the organization. SOCIAL ENGINEERING ATTACK Social engineering attacks are personal. Hackers understand that employees are often the weakest link in a security system. One of the greatest dangers of social engineering is that attacks need not to work against everyone. A single successful victim can provide enough information to trigger an attack that can affect entire organization. There are numerous types of social engineering attacks including but not limited to Trojan and phishing email messages, impersonation, persuasion, bribery, shoulder surfing,...
Words: 948 - Pages: 4
...1.0 Incident: A Police Department in Cockrell Hill, a smaller town just west of Dallas, Texas recently fell victim to a phishing attack and had to decide between losing several years’ worth of evidence or paying a ransom to cybercriminals. 2.0 Analysis: Phishing is a form of fraud in which attackers attempt to gain access to and or learn information such as login credentials, other account information, and etc. by masquerading as reputable entities mostly through emails or instant messaging. Typically what happens is, victims will receive a message that appears to be from a known contact or reputable organization. Then when opened, the message will contain either some form of attachment or link(s) containing malware. In this case, the Cockrell Hill Police Department was victim to just that. Someone from inside the department clicked on an email from what appeared as a legitimate department-issued email address. The message subsequently introduced a virus to the departments computer system. The virus corrupted all their files on the server and produced a computer-generated ransom message, demanding approximately $4,000 worth of Bitcoins. According...
Words: 498 - Pages: 2
...issues should a company anticipate due to spam? One of the issues that a company should expect due to spam is their reputation. Spam can hurt the reputation of a business, because it is very easy to “spoof” or fake the email address that an email shows it is being sent from. As a business owner, you definitely do not want customers to receive junk or malware emails with your company’s name in the sender’s address bar. Spoofing email is very easy to do as it increases a level of trust that the basic email protocols use. Also spam slows down network traffic and takes up storage space. It can expose the business to email borne virus and malware infections causing the company computer to actually become a source of spam and denial of service attacks. In addition, it can expose the company to frauds...
Words: 468 - Pages: 2