SlideShare una empresa de Scribd logo

Advanced phishing the art of stealing

P
prj_publication

Research Paper

Ingeniería
1 de 13
Descargar para leer sin conexión
International Journal of Computer science and Engineering Research and Development (IJCSERD), ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014) 41 ADVANCED PHISHING - THE ART OF STEALING Avinash R Sinha Amruta S Moon Security Consultant Lecturer Company: Aujas College: GHRCE ABSTRACT Phishing is described as an art of stealing personal and business sensitive information using social engineering techniques. Personal sensitive information (PSI) includes your identification proof including your social security number, driving license, passport, email id and everything which defines who you are. Business sensitive information (BSI) includes your corporate details, usernames, passwords, financial corporate information, customer sensitive details and military information. Phishing scams has advanced tremendously .Phishing attacks were previously aimed at mostly individuals however now a days they are mostly aimed at corporate organizations, financial sectors, defense industry, government and last but not the least country .One thing is clear that phishing has evolved from targeting individuals and grown to target at a much bigger scale. Now-a –days when we hear Phishing it’s about companies losing millions of dollars and their Brand Value. Phishing in the past didn’t required much technical knowledge and was easier to accomplish however there has been enormous technical advancement in the way phishing techniques are used in present days. This is result of educating users and counter measures of phishing. In this article we will be the focusing on all the aspects of Phishing attacks including the technological advancements, exploitation, post exploitation techniques and the countermeasures techniques against Advanced Phishing” The Art of Stealing” . We will also learn about payloads and Web Application attacks and how they contribute to advanced phishing attacks. BACKGROUND Phishing has been popular these days as it’s highly used in Advanced Persistent threat (APT) attacks to deliver malware which is being used to compromise the security of entire infrastructure of country mainly targeted at organizations, political leaders and Executives IJCSERD © PRJ PUBLICATION INTERNATIONAL JOURNAL OF COMPUTER SCIENCE ENGINEERING RESEARCH AND DEVELOPMENT (IJCSERD) ISSN 2248 – 9363(Print) ISSN 2248 – 9371(Online), Volume 4, Number 2, April- June (2014), pp: 41-53 © PRJ Publication, http://www.prjpublication.com/
International Journal of Computer science and Engineering Research and Development (IJCSERD), ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014) 42 from financial, economic and military sectors. Phishing scams have progressed drastically and they are not restricted to common phishing attacks in which the victim is sent a spoofed email and lured to provide PSI and BSI. Traditional techniques used by Phishers involved use of the following techniques:- 1. Spoofed emails asking for PSI & BSI 2. Obfuscation techniques 3. Webchat/Chat Rooms 4. Compromising a Web server and hosting a phish link. Traditionally Phishers used Sensitive personal information for committing high value crimes such as Identity theft and electronic fraud. These were targeted at individuals .Victim receives an email and in the spoofed email content generally gives a very legitimate sounding reason along with a sense of 1.Hope, 2.Urgency, 3.PSI, 4.Highly confidential info, 5.Threat and fear. As phishing is combined with human emotions it is has been also termed as “Social Engineering –Attacking the Human element or The Art of Human Exploitation.” An example of Spoofed email: Fig: Cursor placed on top of email id gives the actual email-id Fig: Spoofed email asking for PSI
International Journal of Computer science and Engineering Research and Development (IJCSERD), ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014) 43 Advanced Techniques used by Phishers:- Spear Phishing: - This is the most popular attack as it is highly used in APT attacks. The term Spear Phishing is coined as it’s a much focused attack on a particular individual/organization/sector fetching detailed information .Spear Phishers uses social engineering techniques to get detailed information about you including your likes and dislikes. Using your presence on web (Facebook/LinkedIn/Company/twitter) a detailed profile is created and phishing attacks are crafted combined with this information which is much more convincing as it ensures to come from a legitimate source and the content is highly designed to lure the victim to share PSI and BSI. Also what makes it more powerful is that it’s combined with advanced malwares which are designed for very specific purpose ranging from session control, data theft to compromising the whole system. Whaling-It is a type of phishing attack in which spear phishing techniques are used but are targeted only at high ranking officers/government officials, Political leaders, and industrialist both in Private and Military sectors Fig: Spoofed email from attacker asking to click on link Vishing-Victim will receive a phone call and asked for SPI and BSI. Few examples:- • Receiving a call from Bank to change your password for extra security. • A call from Credit card companies asking yourself to confirm your identity or your account will be closed immediately or in next 24 hrs .Similarly asking victim to enroll for Credit card services with lots of good benefits (Free movie tickets/50% off on hotel bill or reward points) and share all his details in form of online scanned documents are few good tricks. • Even highly qualified employees fall prey to a phishing attack as when you receive a call on your office landline number most of them never bother to ask why or who is calling .Identifying yourself as a helpdesk spoc person and asking the employees to change their password to your choice or asking them to perform a specific action of your choice (Running an exe or clicking on a link).This may jeopardize security of the Org. As the threats are both internal and external, one should always be careful.
International Journal of Computer science and Engineering Research and Development (IJCSERD), ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014) 44 Smishing:-Sending specially crafted text messages asking to click on links send via mobile messages or share their SPI or spreading false information. Few example of smashing are given below 1. Victim receives a sms that he has won 10000 $ to transfer click on link. 2. Victim receives a sms to download an app for free. The app may be a spoofed version of any popular game, social network app like Wechat, Whatsapp or bank. As most of the mobiles are android based most of the apps are available for free .Also many of these apps are combined with malwares specifically designed to read ,modify and delete any data present in your phone’s memory and memory card. These apps can read your sms or delete any content present on your phones memory. By installing such app you also agree to share your OTP as well. Fig: Spoofed SMS from attacker Obfuscation Techniques:- Obfuscation technique comes into picture when the Phishers want to disguise the evil website link, which is to be sent to victim so that the victim falls for it. Obfuscation means hiding of intended meaning in communication. Obfuscation techniques include using Dword/HEX/Octal representation of an Ip address of any website. Example: - www.google.com .Ip Address of Google.com is - 173.194.38.166 • Dword Obfuscation:- http://2915182246 • Hex Obfuscation:- http://0xADC226A6 • Octal Obfuscation:- http://0255.0302.046.0246 • Few other techniques are to encode the URL using different forms Conversion tools are available for free over the internet which can help the attacker to craft his attacks viciously. Observe that in the above obfuscated URL it is not possible to know what will happen after you click on the URL. Curiosity is a human factor that encourages most of us to explore things and in this case if you click on the above link, you may be directed to a Malware site easily.
International Journal of Computer science and Engineering Research and Development (IJCSERD), ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014) 45 Now as we know about various Phishing techniques, let’s think how we can use these techniques combined with the following:- 1. Web Application Vulnerabilities 2. Network Vulnerabilities 3. Advanced tools /kits 4. Exploits Phishing techniques combined with Vulnerabilities, Advanced phishing kits/tools and Exploits are so much powerful that they can compromise security of your entire IT- infrastructure. Application and Network based Vulnerabilities:- Few examples of Web Application based vulnerabilities are as follows:- 1. Cross-Site Scripting 2. Frame Injection 3. Link Injections 4. Session hijacking 5. Open Redirection 6. Hidden Element-Web 7. Embedded Objects and links in documents like doc ,images and pdf 8. File uploads-Advanced Malwares etc These Application related vulnerabilities and many more makes a Phishing attack powerful. Now let’s look at few Network Vulnerabilities which boost’s phishing attacks:- 1. Compromised DNS -DNS Cache Snooping/poisoning Vulnerability 2. SMTP Open Mail Relay’s/User enumeration etc Attack amplification:- To increase the attack surface, hackers use the following techniques:- 1. Posting a phish link on a forums /blogs/group chats to get the max victims 2. Mass emails 3. Mass Mobile messages 4. Spoofed Apps(Games/Social chat) Thus we complete phase-I i.e. “The Art “involved in phishing Now that everything is known about the” the Art “, let’s start” Stealing Phase –II Begins - Attacking the Human Element Before we begin please note the below points:- “Targeting any individual/Organization with any kind of phishing attack or in any way which can harm an individual or organization without prior written confirmation/consent from right authority will certainly put you into a lot of trouble. Please note that it is a “Crime” and is against the law .So please do not perform the below steps or use any tool/kits until it’s a pentest with proper approvals from the right authority.” Information shared within this article is only for educational purpose and is shared for spreading awareness about phishing attacks and how to secure yourself as an individual/Organization .Please do not misuse it. Author of this document/article is not responsible for misuse of the information contained within this article. Let’s begin with Offensive security professional’s favorite SET- “Social Engineering Toolkit “which is an open source toolkit.
International Journal of Computer ISSN 2248- 9363 (Print), ISSN- 2248 As we can see it has the email to Third Party Module are listed and each and every module is combined with numerous methods Let’s take a quick look into how the attack can be crafted you can see in the below screenshot achieve via any of the listed methods. Above attacks can be used dig login credent browser exploitation to root level access. We have another most popular tool called as “Phishnix” Phishnix is a social engineering solution that assess and trains employees on the risks of phishing. Phishnix develops organization. This scenario will be sent out to employees and Phishnix will track how the International Journal of Computer science and Engineering Research and Development (IJCSERD), 2248-9371 (Online) Volume 4, Number 2, April-June (2014) 46 Fig: SET Overview As we can see it has the most advanced ways for Phishing ranging from Phishing hird Party Module are listed and each and every module is combined with take a quick look into how the attack can be crafted using these methods below screenshot the attack depends upon what the attacker is trying to achieve via any of the listed methods. Fig: Attack Methods Above attacks can be used dig login credentials of any victims via session hijacking, to root level access. We have another most popular tool called as “Phishnix” is a social engineering solution that assess and trains employees on the risks Phishnix develops a phishing scenario that is realistic and relative to your organization. This scenario will be sent out to employees and Phishnix will track how the science and Engineering Research and Development (IJCSERD), June (2014) most advanced ways for Phishing ranging from Phishing hird Party Module are listed and each and every module is combined with using these methods. As the attack depends upon what the attacker is trying to any victims via session hijacking, is a social engineering solution that assess and trains employees on the risks a phishing scenario that is realistic and relative to your organization. This scenario will be sent out to employees and Phishnix will track how the
International Journal of Computer science and Engineering Research and Development (IJCSERD), ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014) 47 employees respond. This provides organizations with a view of their human firewall and insight into where the vulnerabilities exist within the human firewall. Phishnix further leverages the teaching moment created based on the user's response and generate an action plan that can be implemented to avoid future pitfalls. Phishnix helps your organization to build the first line of defense by increasing an employee's awareness to phishing; thus Phishnix plays a vital role in an organization's anti-phishing strategy We can use phishnix to deliver specially crafted spoofed email to be sent to the victims. Also the best part of this tool is that it will analyze the data and provide information about how many employees were victims of the attack. Also it is capable of collecting data from users if required to be presented in an audit session. Exploitation and Post Exploitation:- Now that we know about attack methods ,lets dig the third bit Exploits and Exploitation. Advanced URL Obfuscation techniques: - 1. Use Clone page attack to get the same page as hosted by a live server 2. Use any of the Obfuscation techniques mentioned above and combine as per your needs. 3. Use URL Shorter service (Google URL shortner/tiny URL) which is freely available and shorten your URL .Now you are ready for a real world attack. 4. Send the phish link to the victim. Credential Harvesting Attack via Web attack vectors:- The below yahoo.com webpage was opened by clicking on a malicious link by victim which was sent to him by an attacker using Credential Harvester attack. If you observe the URL closely, the Ip address using which the link was opened doesn’t belong to yahoo.com. This IP belongs to an attacker on which the website is hosted.
International Journal of Computer ISSN 2248- 9363 (Print), ISSN- 2248 Fig: Victim tricked to click and login into Evil Page Fig: Session established from Attacker system to victim’s session Fig: Login Credentials output Using Credential Harvester attack International Journal of Computer science and Engineering Research and Development (IJCSERD), 2248-9371 (Online) Volume 4, Number 2, April-June (2014) 48 Victim tricked to click and login into Evil Page Session established from Attacker system to victim’s session Login Credentials output Using Credential Harvester attack science and Engineering Research and Development (IJCSERD), June (2014) Login Credentials output Using Credential Harvester attack
International Journal of Computer science and Engineering Research and Development (IJCSERD), ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014) 49 Once the data attacker needs is collected, they can have all the data built into form of a report which will contain your username and password as well. Similar process can be used to craft credential harvesting attacks for various different websites as and when required. Phase III- Gaining Root Access-(Victim Pawned) via Phishing Attack Few Exploits and their descriptions are as follows which can be used to gain system level / Root Level Access Gaining Root Access 1) Windows Shell Reverse_TCP Spawn a command shell on victim and send back to attacker 2) Windows Reverse_TCP Meterpreter Spawn a meterpreter shell on victim and send back to attacker 3) Windows Reverse_TCP VNC DLL Spawn a VNC server on victim and send back to attacker 4) Windows Bind Shell Execute payload and create an accepting port on remote system 5) PyInjector Shellcode Injection This will drop a meterpreter payload through PyInjector There are more than 300+ exploits available on the internet each pertaining to different products (Software’s/Browsers/Document/OS/System level). Steps for gaining root access 1. Choose any one of the above exploits and run 2. Share the evil link with the victim, 3. Backdoor will be installed, as soon as victim clicks on evil link. 4. And the session is established Fig: Using Aurora exploit for taking root access
International Journal of Computer ISSN 2248- 9363 (Print), ISSN- 2248 Steps to follow after using any of the exploits and gaining system level access/root level access:- 1. Take control of user’s session 2. Create a user with privilege 3. Try to gather as much information as you can as required as a part of your Advanced Persistent threat exercise 4. The main aim as a part of this APT Phishing exercise should be compromised one system, look for another system attached/ connected to it until you find a system with Active Directory and try to compromise the same by dumping as much data as required . 5. Install few more backdoor’s and c Fig: Gained Root access to victim’s system Fig: Dump Phase IV -Securing the Human Element Following are the Counter measures Don’ts Do not click on any links which seems suspicious. Don’t open any documents, images or pdf file users, they may trigger unwanted actions. Don't put too much information (SPI) about yourself on the internet (LinkedIn/Facebook/twitter) exam Don’t share any information with email address which uses real organization name but incorrect email/domain address. Example microsoft@gmail.com Don’t click on links in e-mails especially any that are requesting priva Attackers use URL shortner for hiding the intent hidden with the evil link. Don’t click on tiny (bitly/adsfly) URL or URL which have no meaning or sense International Journal of Computer science and Engineering Research and Development (IJCSERD), 2248-9371 (Online) Volume 4, Number 2, April-June (2014) 50 fter using any of the exploits and gaining system level access/root session. Create a user with privileged access-hidden mode and dump the hashes. Try to gather as much information as you can as required as a part of your Advanced The main aim as a part of this APT Phishing exercise should be once you have compromised one system, look for another system attached/ connected to it until you find a system with Active Directory and try to compromise the same by dumping as nstall few more backdoor’s and clear all the logs generated as a part of this exercise Fig: Gained Root access to victim’s system Fig: Dump hashes from victim’s system Securing the Human Element r measures Against Advanced Phishing:- links which seems suspicious. images or pdf file which comes as attachment from unknown users, they may trigger unwanted actions. Don't put too much information (SPI) about yourself on the internet /twitter) example your DOB or social security number Don’t share any information with email address which uses real organization name but incorrect email/domain address. Example microsoft@gmail.com mails especially any that are requesting private information. Attackers use URL shortner for hiding the intent hidden with the evil link. Don’t click on tiny which have no meaning or sense e.g. http://bit.ly/1dUdYId science and Engineering Research and Development (IJCSERD), June (2014) fter using any of the exploits and gaining system level access/root Try to gather as much information as you can as required as a part of your Advanced once you have compromised one system, look for another system attached/ connected to it until you find a system with Active Directory and try to compromise the same by dumping as nerated as a part of this exercise. which comes as attachment from unknown Don't put too much information (SPI) about yourself on the internet Don’t share any information with email address which uses real organization name but te information. Attackers use URL shortner for hiding the intent hidden with the evil link. Don’t click on tiny http://bit.ly/1dUdYId
International Journal of Computer science and Engineering Research and Development (IJCSERD), ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014) 51 *You may get an email from your friend/relative does not mean they have sent it. Your friend/relative computer may have been infected or their account may have been compromised. If you have a suspicious email from a trusted friend or colleague, call them to confirm that they sent it. Use a telephone number that you already know or can independently verify, not one that was included in the message to verify Don’t share any usernames, passwords or transfer money urgently without verifying. Don’t plug any pen-drives, SD cards and other memory chips you find in your lying on ground or in your company campus to your company’s laptop/desktop, you may compromise security of entire company. Those days are gone when you used to get phishing emails with bad grammar and lousy spelling mistakes. Now-a-days Phishing emails look more authentic than the original emails. Do’s Check the grammar or spelling mistakes. Use common sense, if an email/call seems too good to be true, it is most likely an attack. Verify this every time while sharing any PSI or BSI over email. Use good Antivirus which has Web protections set to on while you are browsing. For Corporate/Business Use an updated anti-virus program that can scans e-mail and has Anti- Spam Filter enabled. Few of them also get coupled with browser to show site rating and risk. Also use Anti Trojan and Anti-Spyware to get rid of any harmful malwares. Always type a website URL manually for any Banking transactions, financial transactions or even for social websites like Facebook if you want to be secure. Use Open VPN for connecting and browsing on internet. Most of them are available for free. Please observe the”https://” and a lock icon in the address bar before entering any private information. Ensure all Financial Banking and social networking websites are on secured channel and has a valid SSL Certificate before performing login and performing any transactions. If you put your mouse Cursor over the link, your browser or security software will share the actual email id/URL Request for sharing PSI and BSI are a clear sign of an attack .Never share your PSI, BSI over emails from free email service providers like hacker@gmail.com, @yahoo.com,@rediffmail.com Set Internet Explorer as your default browser. Always use Mozilla Firefox in private browsing mode or Google Chrome in incognito mode for performing any financial transaction or logging into a Social Networking Website .Always remember to close your browser after use. Be aware of any email that requires quick attention or creates a sense of urgency so that you rush to click on it without thinking. Always use the preview method provided by email service providers to view the attachments that come via emails. Avoid tiny URLs .Use service such as Long URL to view the complete URL. These services also give you a preview of the URL which helps you to determine whether they are of malicious nature or not. Enable One Time Password functionality on Gmail, Yahoo, Facebook and other websites which you browse regularly and use to transfer SPI. Disable your Mobile’s internet connection while performing any transaction that involves use of OTP-One Time Password. Always dump suspicious emails in trash or marking it spam. Marking spam only once for one type of email helps your anti spam service to analyze its content and the signature including
International Journal of Computer science and Engineering Research and Development (IJCSERD), ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014) 52 email-id and host ip details from which the email was received which in turn helps to ensure that you don’t receive any malicious emails in future. Download Software Products only from authentic sources or for business purposes from companies own software store and keep them updated with latest versions and patches. Use Mobile Device Management solutions if you permit your employees to use Smart Phones to connect to company’s network or storing companies BSI. Download only those apps from android market which have been downloaded by at least 100000+ users. This doesn’t guarantee but would limit the possibility of you falling for a Smishing attack. Never speak of company’s secrets, SPI or BSI in public places. Example: Discussing Network diagram of your company over a cup of tea with anonymous people in public places. Spread and share awareness about phishing attacks and prevention. If you find any pen drives lying anonymously and if you are greedy enough to own it. Use it in own your home laptop and make sure you are not connected to internet. Also scan Pen drive for malware, Trojans and spyware. Make sure you open it on a VM. Make use of paper shredder in your organization and install it next to printers. Dispose of any confidential information using it. Ask the employees to collect their prints within 15 minutes from the time of print action. Never share your debit/credit cards at ATM centers. If you are not able to use it, request the concerned security personal present at ATM center for help and not to ask to person standing next to you. Always press cancel button two times once your transaction is complete. Conduct Phishing exercise within your company to analyze how vulnerable are your employees. Arrange a session for your friends and employees to generate awareness against phishing. If you come across any phishing website, please submit it at www.phishtank.com. Use https://www.virustotal.com and scan any suspicious URL before browsing it. Also send a Phishing Awareness email monthly once to your employees. So that they will be prepared for the worst and this exercise would definitely stop and limit any kind of phishing activity within your network. Financial Losses via Phishing Attacks Fig: Financial Loss from Phishing Attacks
International Journal of Computer science and Engineering Research and Development (IJCSERD), ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014) 53 Financial loss from phishing occurs in Millions of dollars. India ranks third in the world which is prone to phishing attacks. Last year financial loss was 28.8 million dollars. “Don’t have false assumptions that you will never be targeted. Beware you may be Next.” REFERENCES 1. Technical Trends in Phishing Attacks by Jason Milletary-CERT Coordination Center 2. Phishing Awareness –by Navy Information Operations Command (NIOC) Norfolk 3. https://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201302_en.pdf 4. http://www.moneycontrol.com/news/features/phishing-for trouble_648789.html ABOUT AUTHOR Avinash Sinha is a Security Consultant working with Aujas. Previously he has worked with IBM India Pvt Ltd as an Application Security Consultant for 2.8 Yrs. His key area of interests include Vulnerability assessments, Secure Code review, Security research, Penetration testing and professional interest focuses on network infrastructure protection. Amruta Moon is working as a faculty at G.H Raisoni College of engineering. She has completed her M.Tech in Software Engineering from Sagar institute. Her keen area of interest includes security research, image analysis and programming.

Recomendados

Advanced Phishing The Art of Stealing
Advanced Phishing The Art of StealingAdvanced Phishing The Art of Stealing
Advanced Phishing The Art of Stealing
Avinash Sinha
 
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
IJNSA Journal
 
HOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICES
HOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICESHOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICES
HOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICES
AM Publications,India
 
Phishing detection in ims using domain ontology and cba an innovative rule ...
Phishing detection in ims using domain ontology and cba an innovative rule ...Phishing detection in ims using domain ontology and cba an innovative rule ...
Phishing detection in ims using domain ontology and cba an innovative rule ...
ijistjournal
 
Detecting malicious URLs using binary classification through ada boost algori...
Detecting malicious URLs using binary classification through ada boost algori...Detecting malicious URLs using binary classification through ada boost algori...
Detecting malicious URLs using binary classification through ada boost algori...
IJECEIAES
 
IRJET- Phishing Web Site
IRJET- Phishing Web SiteIRJET- Phishing Web Site
IRJET- Phishing Web Site
IRJET Journal
 
2 phishing
2 phishing2 phishing
2 phishing
Yadavalli Thripura
 
Topsec email security 2016
Topsec email security 2016Topsec email security 2016
Topsec email security 2016
Nathan CAVRIL
 

Recomendados

Advanced Phishing The Art of Stealing
Advanced Phishing The Art of StealingAdvanced Phishing The Art of Stealing
Advanced Phishing The Art of Stealing
Avinash Sinha
 
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
IJNSA Journal
 
HOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICES
HOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICESHOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICES
HOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICES
AM Publications,India
 
Phishing detection in ims using domain ontology and cba an innovative rule ...
Phishing detection in ims using domain ontology and cba an innovative rule ...Phishing detection in ims using domain ontology and cba an innovative rule ...
Phishing detection in ims using domain ontology and cba an innovative rule ...
ijistjournal
 
Detecting malicious URLs using binary classification through ada boost algori...
Detecting malicious URLs using binary classification through ada boost algori...Detecting malicious URLs using binary classification through ada boost algori...
Detecting malicious URLs using binary classification through ada boost algori...
IJECEIAES
 
IRJET- Phishing Web Site
IRJET- Phishing Web SiteIRJET- Phishing Web Site
IRJET- Phishing Web Site
IRJET Journal
 
2 phishing
2 phishing2 phishing
2 phishing
Yadavalli Thripura
 
Topsec email security 2016
Topsec email security 2016Topsec email security 2016
Topsec email security 2016
Nathan CAVRIL
 
The Evolution of Phising Attacks
The Evolution of Phising AttacksThe Evolution of Phising Attacks
The Evolution of Phising Attacks
Bee_Ware
 
Cybercriminals and security attacks
Cybercriminals and security attacksCybercriminals and security attacks
Cybercriminals and security attacks
GFI Software
 
CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016
Bolaji James Bankole CCSS,CEH,MCSA,MCSE,MCP,CCNA,
 
Sophos security-threat-report-2014-na
Sophos security-threat-report-2014-naSophos security-threat-report-2014-na
Sophos security-threat-report-2014-na
Andreas Hiller
 
Em36849854
Em36849854Em36849854
Em36849854
IJERA Editor
 
IRJET- Cyber Attacks and its different Types
IRJET- Cyber Attacks and its different TypesIRJET- Cyber Attacks and its different Types
IRJET- Cyber Attacks and its different Types
IRJET Journal
 
Mobile security hakin9_Revista
Mobile security hakin9_RevistaMobile security hakin9_Revista
Mobile security hakin9_Revista
the_ro0t
 
IP Spoofing
IP SpoofingIP Spoofing
IP Spoofing
ijtsrd
 
What are the possible damages of phishing and spoofing mail attacks part 2#...
What are the possible damages of phishing and spoofing mail attacks part 2#...What are the possible damages of phishing and spoofing mail attacks part 2#...
What are the possible damages of phishing and spoofing mail attacks part 2#...
Eyal Doron
 
Security_prediction_2014
Security_prediction_2014Security_prediction_2014
Security_prediction_2014
Truong Minh Yen
 
MainPaper_4.0
MainPaper_4.0MainPaper_4.0
MainPaper_4.0
varun4110
 
NATO Cyber Security Conference: Creating IT-Security Start-Ups
NATO Cyber Security Conference: Creating IT-Security Start-UpsNATO Cyber Security Conference: Creating IT-Security Start-Ups
NATO Cyber Security Conference: Creating IT-Security Start-Ups
Benjamin Rohé
 
2013 Threat Report
2013 Threat Report2013 Threat Report
2013 Threat Report
Envision Technology Advisors
 
Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009
Kim Jensen
 
Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi?
Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi? Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi?
Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi?
CypSec - Siber Güvenlik Konferansı
 
INTRODUCTION OF CYBER CRIME AND ITS TYPE
INTRODUCTION OF CYBER CRIME AND ITS TYPEINTRODUCTION OF CYBER CRIME AND ITS TYPE
INTRODUCTION OF CYBER CRIME AND ITS TYPE
AM Publications
 
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissanceCe hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Mehrdad Jingoism
 
Symantec Cyber Security Intelligence Report
Symantec Cyber Security Intelligence ReportSymantec Cyber Security Intelligence Report
Symantec Cyber Security Intelligence Report
Symantec
 
Sophos Security Threat Report 2014
Sophos Security Threat Report 2014Sophos Security Threat Report 2014
Sophos Security Threat Report 2014
- Mark - Fullbright
 
Mirando Ao Futuro
Mirando Ao FuturoMirando Ao Futuro
Mirando Ao Futuro
Susana Vazquez
 
Impact_Responsive Web Design Brings Success to Your Business-AmitFBOXERLLP
Impact_Responsive Web Design Brings Success to Your Business-AmitFBOXERLLPImpact_Responsive Web Design Brings Success to Your Business-AmitFBOXERLLP
Impact_Responsive Web Design Brings Success to Your Business-AmitFBOXERLLP
Amit Thakur
 
Bhildi Railway Running Room
Bhildi Railway Running RoomBhildi Railway Running Room
Bhildi Railway Running Room
Aishik Saha
 

Más contenido relacionado

La actualidad más candente

Sophos security-threat-report-2014-na
Sophos security-threat-report-2014-naSophos security-threat-report-2014-na
Sophos security-threat-report-2014-na
Andreas Hiller
 
IP Spoofing
IP SpoofingIP Spoofing
IP Spoofing
ijtsrd
 
Security_prediction_2014
Security_prediction_2014Security_prediction_2014
Security_prediction_2014
Truong Minh Yen
 
MainPaper_4.0
MainPaper_4.0MainPaper_4.0
MainPaper_4.0
varun4110
 
Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009
Kim Jensen
 
Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi?
Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi? Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi?
Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi?
CypSec - Siber Güvenlik Konferansı
 
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissanceCe hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Mehrdad Jingoism
 
Symantec Cyber Security Intelligence Report
Symantec Cyber Security Intelligence ReportSymantec Cyber Security Intelligence Report
Symantec Cyber Security Intelligence Report
Symantec
 

La actualidad más candente (19)

The Evolution of Phising Attacks
The Evolution of Phising AttacksThe Evolution of Phising Attacks
The Evolution of Phising Attacks
 
Cybercriminals and security attacks
Cybercriminals and security attacksCybercriminals and security attacks
Cybercriminals and security attacks
 
CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016
 
Sophos security-threat-report-2014-na
Sophos security-threat-report-2014-naSophos security-threat-report-2014-na
Sophos security-threat-report-2014-na
 
Em36849854
Em36849854Em36849854
Em36849854
 
IRJET- Cyber Attacks and its different Types
IRJET- Cyber Attacks and its different TypesIRJET- Cyber Attacks and its different Types
IRJET- Cyber Attacks and its different Types
 
Mobile security hakin9_Revista
Mobile security hakin9_RevistaMobile security hakin9_Revista
Mobile security hakin9_Revista
 
IP Spoofing
IP SpoofingIP Spoofing
IP Spoofing
 
What are the possible damages of phishing and spoofing mail attacks part 2#...
What are the possible damages of phishing and spoofing mail attacks part 2#...What are the possible damages of phishing and spoofing mail attacks part 2#...
What are the possible damages of phishing and spoofing mail attacks part 2#...
 
Security_prediction_2014
Security_prediction_2014Security_prediction_2014
Security_prediction_2014
 
MainPaper_4.0
MainPaper_4.0MainPaper_4.0
MainPaper_4.0
 
NATO Cyber Security Conference: Creating IT-Security Start-Ups
NATO Cyber Security Conference: Creating IT-Security Start-UpsNATO Cyber Security Conference: Creating IT-Security Start-Ups
NATO Cyber Security Conference: Creating IT-Security Start-Ups
 
2013 Threat Report
2013 Threat Report2013 Threat Report
2013 Threat Report
 
Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009
 
Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi?
Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi? Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi?
Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi?
 
INTRODUCTION OF CYBER CRIME AND ITS TYPE
INTRODUCTION OF CYBER CRIME AND ITS TYPEINTRODUCTION OF CYBER CRIME AND ITS TYPE
INTRODUCTION OF CYBER CRIME AND ITS TYPE
 
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissanceCe hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
 
Symantec Cyber Security Intelligence Report
Symantec Cyber Security Intelligence ReportSymantec Cyber Security Intelligence Report
Symantec Cyber Security Intelligence Report
 
Sophos Security Threat Report 2014
Sophos Security Threat Report 2014Sophos Security Threat Report 2014
Sophos Security Threat Report 2014
 

Destacado

Impact_Responsive Web Design Brings Success to Your Business-AmitFBOXERLLP
Impact_Responsive Web Design Brings Success to Your Business-AmitFBOXERLLPImpact_Responsive Web Design Brings Success to Your Business-AmitFBOXERLLP
Impact_Responsive Web Design Brings Success to Your Business-AmitFBOXERLLP
Amit Thakur
 
Espíritu en La Iglesia
Espíritu en La IglesiaEspíritu en La Iglesia
Espíritu en La Iglesia
juangag16
 
Que no te tomen el pelo
Que no te tomen el peloQue no te tomen el pelo
Que no te tomen el pelo
Diego Cruz
 
Acotación 01
Acotación 01Acotación 01
Acotación 01
xyu21
 
FazilShaikh Resume 13th january
FazilShaikh Resume 13th januaryFazilShaikh Resume 13th january
FazilShaikh Resume 13th january
fazilahmed sheikh
 
(비전공자) 실전 재무회계 과정 (3차)
(비전공자) 실전 재무회계 과정 (3차) (비전공자) 실전 재무회계 과정 (3차)
(비전공자) 실전 재무회계 과정 (3차)
(주)피플앤인사이트
 

Destacado (12)

Mirando Ao Futuro
Mirando Ao FuturoMirando Ao Futuro
Mirando Ao Futuro
 
Impact_Responsive Web Design Brings Success to Your Business-AmitFBOXERLLP
Impact_Responsive Web Design Brings Success to Your Business-AmitFBOXERLLPImpact_Responsive Web Design Brings Success to Your Business-AmitFBOXERLLP
Impact_Responsive Web Design Brings Success to Your Business-AmitFBOXERLLP
 
Bhildi Railway Running Room
Bhildi Railway Running RoomBhildi Railway Running Room
Bhildi Railway Running Room
 
Espíritu en La Iglesia
Espíritu en La IglesiaEspíritu en La Iglesia
Espíritu en La Iglesia
 
Que no te tomen el pelo
Que no te tomen el peloQue no te tomen el pelo
Que no te tomen el pelo
 
E S P I R I T U H G G
E S P I R I T U H G GE S P I R I T U H G G
E S P I R I T U H G G
 
MANTA CALENTADORA
MANTA CALENTADORA MANTA CALENTADORA
MANTA CALENTADORA
 
Presentacio pH-metro_Equipo de laboratorio
Presentacio pH-metro_Equipo de laboratorioPresentacio pH-metro_Equipo de laboratorio
Presentacio pH-metro_Equipo de laboratorio
 
Acotación 01
Acotación 01Acotación 01
Acotación 01
 
FazilShaikh Resume 13th january
FazilShaikh Resume 13th januaryFazilShaikh Resume 13th january
FazilShaikh Resume 13th january
 
DIEGO ESPINOSA
DIEGO ESPINOSADIEGO ESPINOSA
DIEGO ESPINOSA
 
(비전공자) 실전 재무회계 과정 (3차)
(비전공자) 실전 재무회계 과정 (3차) (비전공자) 실전 재무회계 과정 (3차)
(비전공자) 실전 재무회계 과정 (3차)
 

Similar a Advanced phishing the art of stealing

EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
IJNSA Journal
 
E Mail Phishing Prevention and Detection
E Mail Phishing Prevention and DetectionE Mail Phishing Prevention and Detection
E Mail Phishing Prevention and Detection
ijtsrd
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
ijtsrd
 
Running head CYBERSECURITY IN FINANCIAL DOMAIN .docx
Running head CYBERSECURITY IN FINANCIAL DOMAIN .docxRunning head CYBERSECURITY IN FINANCIAL DOMAIN .docx
Running head CYBERSECURITY IN FINANCIAL DOMAIN .docx
healdkathaleen
 
F5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalF5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker Final
Shallu Behar-Sheehan FCIM
 
Credential Harvesting Using Man in the Middle Attack via Social Engineering
Credential Harvesting Using Man in the Middle Attack via Social EngineeringCredential Harvesting Using Man in the Middle Attack via Social Engineering
Credential Harvesting Using Man in the Middle Attack via Social Engineering
ijtsrd
 

Similar a Advanced phishing the art of stealing (20)

Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
 
Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing Tools
 
Cyber security.docx
Cyber security.docxCyber security.docx
Cyber security.docx
 
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
 
E Mail Phishing Prevention and Detection
E Mail Phishing Prevention and DetectionE Mail Phishing Prevention and Detection
E Mail Phishing Prevention and Detection
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
IRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing Techniques
 
Top 5 Cybersecurity Threats in Retail Industry
Top 5 Cybersecurity Threats in Retail IndustryTop 5 Cybersecurity Threats in Retail Industry
Top 5 Cybersecurity Threats in Retail Industry
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
 
Running head CYBERSECURITY IN FINANCIAL DOMAIN .docx
Running head CYBERSECURITY IN FINANCIAL DOMAIN .docxRunning head CYBERSECURITY IN FINANCIAL DOMAIN .docx
Running head CYBERSECURITY IN FINANCIAL DOMAIN .docx
 
Hacking 04 2011
Hacking 04 2011Hacking 04 2011
Hacking 04 2011
 
50120130405019
5012013040501950120130405019
50120130405019
 
50120130405019
5012013040501950120130405019
50120130405019
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016
 
F5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalF5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker Final
 
C018131821
C018131821C018131821
C018131821
 
Credential Harvesting Using Man in the Middle Attack via Social Engineering
Credential Harvesting Using Man in the Middle Attack via Social EngineeringCredential Harvesting Using Man in the Middle Attack via Social Engineering
Credential Harvesting Using Man in the Middle Attack via Social Engineering
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber security
 
Cisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco 2014 Midyear Security Report
Cisco 2014 Midyear Security Report
 

Más de prj_publication

Smes role in reduction of the unemployment problem in the area located in sa...
Smes role in reduction of the unemployment problem in the area located in sa...Smes role in reduction of the unemployment problem in the area located in sa...
Smes role in reduction of the unemployment problem in the area located in sa...
prj_publication
 
Diabetes and allied diseases research in india – a
Diabetes and allied diseases research in india – aDiabetes and allied diseases research in india – a
Diabetes and allied diseases research in india – a
prj_publication
 
Connecting the ‘long tails’ of content and users
Connecting the ‘long tails’ of content and usersConnecting the ‘long tails’ of content and users
Connecting the ‘long tails’ of content and users
prj_publication
 
The role of green intellectual capital management in acquiring green competit...
The role of green intellectual capital management in acquiring green competit...The role of green intellectual capital management in acquiring green competit...
The role of green intellectual capital management in acquiring green competit...
prj_publication
 
Awareness of digital library among library professional
Awareness of digital library among library professionalAwareness of digital library among library professional
Awareness of digital library among library professional
prj_publication
 
The study of scope and implementation of lean aspects
The study of scope and implementation of lean aspectsThe study of scope and implementation of lean aspects
The study of scope and implementation of lean aspects
prj_publication
 
Review of three categories of fingerprint recognition 2
Review of three categories of fingerprint recognition 2Review of three categories of fingerprint recognition 2
Review of three categories of fingerprint recognition 2
prj_publication
 
Extended information technology enabled service quality model for life insura...
Extended information technology enabled service quality model for life insura...Extended information technology enabled service quality model for life insura...
Extended information technology enabled service quality model for life insura...
prj_publication
 
Prevalence and factors of smoking among the saudi youth in the northern borde...
Prevalence and factors of smoking among the saudi youth in the northern borde...Prevalence and factors of smoking among the saudi youth in the northern borde...
Prevalence and factors of smoking among the saudi youth in the northern borde...
prj_publication
 
Impact of shg bank linkage programme on women shgs empowerment with reference...
Impact of shg bank linkage programme on women shgs empowerment with reference...Impact of shg bank linkage programme on women shgs empowerment with reference...
Impact of shg bank linkage programme on women shgs empowerment with reference...
prj_publication
 
Service gap analysis of footwear retail outlets a study 2
Service gap analysis of footwear retail outlets a study 2Service gap analysis of footwear retail outlets a study 2
Service gap analysis of footwear retail outlets a study 2
prj_publication
 
Emotional intelligence in teachers a tool to transform educational institutes...
Emotional intelligence in teachers a tool to transform educational institutes...Emotional intelligence in teachers a tool to transform educational institutes...
Emotional intelligence in teachers a tool to transform educational institutes...
prj_publication
 

Más de prj_publication (20)

International library management systems
International library management systemsInternational library management systems
International library management systems
 
Smes role in reduction of the unemployment problem in the area located in sa...
Smes role in reduction of the unemployment problem in the area located in sa...Smes role in reduction of the unemployment problem in the area located in sa...
Smes role in reduction of the unemployment problem in the area located in sa...
 
Diabetes and allied diseases research in india – a
Diabetes and allied diseases research in india – aDiabetes and allied diseases research in india – a
Diabetes and allied diseases research in india – a
 
Influences of child endorsers on the consumers
Influences of child endorsers on the consumersInfluences of child endorsers on the consumers
Influences of child endorsers on the consumers
 
Connecting the ‘long tails’ of content and users
Connecting the ‘long tails’ of content and usersConnecting the ‘long tails’ of content and users
Connecting the ‘long tails’ of content and users
 
The role of green intellectual capital management in acquiring green competit...
The role of green intellectual capital management in acquiring green competit...The role of green intellectual capital management in acquiring green competit...
The role of green intellectual capital management in acquiring green competit...
 
Awareness of digital library among library professional
Awareness of digital library among library professionalAwareness of digital library among library professional
Awareness of digital library among library professional
 
The study of scope and implementation of lean aspects
The study of scope and implementation of lean aspectsThe study of scope and implementation of lean aspects
The study of scope and implementation of lean aspects
 
Review of three categories of fingerprint recognition 2
Review of three categories of fingerprint recognition 2Review of three categories of fingerprint recognition 2
Review of three categories of fingerprint recognition 2
 
Extended information technology enabled service quality model for life insura...
Extended information technology enabled service quality model for life insura...Extended information technology enabled service quality model for life insura...
Extended information technology enabled service quality model for life insura...
 
Prevalence and factors of smoking among the saudi youth in the northern borde...
Prevalence and factors of smoking among the saudi youth in the northern borde...Prevalence and factors of smoking among the saudi youth in the northern borde...
Prevalence and factors of smoking among the saudi youth in the northern borde...
 
Impact of job attitude towards srf limited, trichy
Impact of job attitude towards srf limited, trichyImpact of job attitude towards srf limited, trichy
Impact of job attitude towards srf limited, trichy
 
Impact of shg bank linkage programme on women shgs empowerment with reference...
Impact of shg bank linkage programme on women shgs empowerment with reference...Impact of shg bank linkage programme on women shgs empowerment with reference...
Impact of shg bank linkage programme on women shgs empowerment with reference...
 
Service gap analysis of footwear retail outlets a study 2
Service gap analysis of footwear retail outlets a study 2Service gap analysis of footwear retail outlets a study 2
Service gap analysis of footwear retail outlets a study 2
 
Emotional intelligence in teachers a tool to transform educational institutes...
Emotional intelligence in teachers a tool to transform educational institutes...Emotional intelligence in teachers a tool to transform educational institutes...
Emotional intelligence in teachers a tool to transform educational institutes...
 
‘E aushadhi’ a drug warehouse management system
‘E aushadhi’ a drug warehouse management system‘E aushadhi’ a drug warehouse management system
‘E aushadhi’ a drug warehouse management system
 
An appraisal of users’ attitudinal behaviour in
An appraisal of users’ attitudinal behaviour inAn appraisal of users’ attitudinal behaviour in
An appraisal of users’ attitudinal behaviour in
 
Akce international journal of graphs and
Akce international journal of graphs andAkce international journal of graphs and
Akce international journal of graphs and
 
Distribution of the number of times m m 2 n
Distribution of the number of times m m 2 nDistribution of the number of times m m 2 n
Distribution of the number of times m m 2 n
 
A scientometric analysis of research productivity
A scientometric analysis of research productivityA scientometric analysis of research productivity
A scientometric analysis of research productivity
 

Último

UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
rknatarajan
 
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdf
Kamal Acharya
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
ranjana rawat
 
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
SUHANI PANDEY
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college project
Tonystark477637
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
roncy bisnoi
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Call Girls in Nagpur High Profile
 
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 

Último (20)

Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.ppt
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
 
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdf
 
UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICS
UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICSUNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICS
UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICS
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
 
UNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular ConduitsUNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular Conduits
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performance
 
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
 
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college project
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
 
Unit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfUnit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdf
 
chapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringchapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineering
 

Advanced phishing the art of stealing

  • 1. International Journal of Computer science and Engineering Research and Development (IJCSERD), ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014) 41 ADVANCED PHISHING - THE ART OF STEALING Avinash R Sinha Amruta S Moon Security Consultant Lecturer Company: Aujas College: GHRCE ABSTRACT Phishing is described as an art of stealing personal and business sensitive information using social engineering techniques. Personal sensitive information (PSI) includes your identification proof including your social security number, driving license, passport, email id and everything which defines who you are. Business sensitive information (BSI) includes your corporate details, usernames, passwords, financial corporate information, customer sensitive details and military information. Phishing scams has advanced tremendously .Phishing attacks were previously aimed at mostly individuals however now a days they are mostly aimed at corporate organizations, financial sectors, defense industry, government and last but not the least country .One thing is clear that phishing has evolved from targeting individuals and grown to target at a much bigger scale. Now-a –days when we hear Phishing it’s about companies losing millions of dollars and their Brand Value. Phishing in the past didn’t required much technical knowledge and was easier to accomplish however there has been enormous technical advancement in the way phishing techniques are used in present days. This is result of educating users and counter measures of phishing. In this article we will be the focusing on all the aspects of Phishing attacks including the technological advancements, exploitation, post exploitation techniques and the countermeasures techniques against Advanced Phishing” The Art of Stealing” . We will also learn about payloads and Web Application attacks and how they contribute to advanced phishing attacks. BACKGROUND Phishing has been popular these days as it’s highly used in Advanced Persistent threat (APT) attacks to deliver malware which is being used to compromise the security of entire infrastructure of country mainly targeted at organizations, political leaders and Executives IJCSERD © PRJ PUBLICATION INTERNATIONAL JOURNAL OF COMPUTER SCIENCE ENGINEERING RESEARCH AND DEVELOPMENT (IJCSERD) ISSN 2248 – 9363(Print) ISSN 2248 – 9371(Online), Volume 4, Number 2, April- June (2014), pp: 41-53 © PRJ Publication, http://www.prjpublication.com/
  • 2. International Journal of Computer science and Engineering Research and Development (IJCSERD), ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014) 42 from financial, economic and military sectors. Phishing scams have progressed drastically and they are not restricted to common phishing attacks in which the victim is sent a spoofed email and lured to provide PSI and BSI. Traditional techniques used by Phishers involved use of the following techniques:- 1. Spoofed emails asking for PSI & BSI 2. Obfuscation techniques 3. Webchat/Chat Rooms 4. Compromising a Web server and hosting a phish link. Traditionally Phishers used Sensitive personal information for committing high value crimes such as Identity theft and electronic fraud. These were targeted at individuals .Victim receives an email and in the spoofed email content generally gives a very legitimate sounding reason along with a sense of 1.Hope, 2.Urgency, 3.PSI, 4.Highly confidential info, 5.Threat and fear. As phishing is combined with human emotions it is has been also termed as “Social Engineering –Attacking the Human element or The Art of Human Exploitation.” An example of Spoofed email: Fig: Cursor placed on top of email id gives the actual email-id Fig: Spoofed email asking for PSI
  • 3. International Journal of Computer science and Engineering Research and Development (IJCSERD), ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014) 43 Advanced Techniques used by Phishers:- Spear Phishing: - This is the most popular attack as it is highly used in APT attacks. The term Spear Phishing is coined as it’s a much focused attack on a particular individual/organization/sector fetching detailed information .Spear Phishers uses social engineering techniques to get detailed information about you including your likes and dislikes. Using your presence on web (Facebook/LinkedIn/Company/twitter) a detailed profile is created and phishing attacks are crafted combined with this information which is much more convincing as it ensures to come from a legitimate source and the content is highly designed to lure the victim to share PSI and BSI. Also what makes it more powerful is that it’s combined with advanced malwares which are designed for very specific purpose ranging from session control, data theft to compromising the whole system. Whaling-It is a type of phishing attack in which spear phishing techniques are used but are targeted only at high ranking officers/government officials, Political leaders, and industrialist both in Private and Military sectors Fig: Spoofed email from attacker asking to click on link Vishing-Victim will receive a phone call and asked for SPI and BSI. Few examples:- • Receiving a call from Bank to change your password for extra security. • A call from Credit card companies asking yourself to confirm your identity or your account will be closed immediately or in next 24 hrs .Similarly asking victim to enroll for Credit card services with lots of good benefits (Free movie tickets/50% off on hotel bill or reward points) and share all his details in form of online scanned documents are few good tricks. • Even highly qualified employees fall prey to a phishing attack as when you receive a call on your office landline number most of them never bother to ask why or who is calling .Identifying yourself as a helpdesk spoc person and asking the employees to change their password to your choice or asking them to perform a specific action of your choice (Running an exe or clicking on a link).This may jeopardize security of the Org. As the threats are both internal and external, one should always be careful.
  • 4. International Journal of Computer science and Engineering Research and Development (IJCSERD), ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014) 44 Smishing:-Sending specially crafted text messages asking to click on links send via mobile messages or share their SPI or spreading false information. Few example of smashing are given below 1. Victim receives a sms that he has won 10000 $ to transfer click on link. 2. Victim receives a sms to download an app for free. The app may be a spoofed version of any popular game, social network app like Wechat, Whatsapp or bank. As most of the mobiles are android based most of the apps are available for free .Also many of these apps are combined with malwares specifically designed to read ,modify and delete any data present in your phone’s memory and memory card. These apps can read your sms or delete any content present on your phones memory. By installing such app you also agree to share your OTP as well. Fig: Spoofed SMS from attacker Obfuscation Techniques:- Obfuscation technique comes into picture when the Phishers want to disguise the evil website link, which is to be sent to victim so that the victim falls for it. Obfuscation means hiding of intended meaning in communication. Obfuscation techniques include using Dword/HEX/Octal representation of an Ip address of any website. Example: - www.google.com .Ip Address of Google.com is - 173.194.38.166 • Dword Obfuscation:- http://2915182246 • Hex Obfuscation:- http://0xADC226A6 • Octal Obfuscation:- http://0255.0302.046.0246 • Few other techniques are to encode the URL using different forms Conversion tools are available for free over the internet which can help the attacker to craft his attacks viciously. Observe that in the above obfuscated URL it is not possible to know what will happen after you click on the URL. Curiosity is a human factor that encourages most of us to explore things and in this case if you click on the above link, you may be directed to a Malware site easily.
  • 5. International Journal of Computer science and Engineering Research and Development (IJCSERD), ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014) 45 Now as we know about various Phishing techniques, let’s think how we can use these techniques combined with the following:- 1. Web Application Vulnerabilities 2. Network Vulnerabilities 3. Advanced tools /kits 4. Exploits Phishing techniques combined with Vulnerabilities, Advanced phishing kits/tools and Exploits are so much powerful that they can compromise security of your entire IT- infrastructure. Application and Network based Vulnerabilities:- Few examples of Web Application based vulnerabilities are as follows:- 1. Cross-Site Scripting 2. Frame Injection 3. Link Injections 4. Session hijacking 5. Open Redirection 6. Hidden Element-Web 7. Embedded Objects and links in documents like doc ,images and pdf 8. File uploads-Advanced Malwares etc These Application related vulnerabilities and many more makes a Phishing attack powerful. Now let’s look at few Network Vulnerabilities which boost’s phishing attacks:- 1. Compromised DNS -DNS Cache Snooping/poisoning Vulnerability 2. SMTP Open Mail Relay’s/User enumeration etc Attack amplification:- To increase the attack surface, hackers use the following techniques:- 1. Posting a phish link on a forums /blogs/group chats to get the max victims 2. Mass emails 3. Mass Mobile messages 4. Spoofed Apps(Games/Social chat) Thus we complete phase-I i.e. “The Art “involved in phishing Now that everything is known about the” the Art “, let’s start” Stealing Phase –II Begins - Attacking the Human Element Before we begin please note the below points:- “Targeting any individual/Organization with any kind of phishing attack or in any way which can harm an individual or organization without prior written confirmation/consent from right authority will certainly put you into a lot of trouble. Please note that it is a “Crime” and is against the law .So please do not perform the below steps or use any tool/kits until it’s a pentest with proper approvals from the right authority.” Information shared within this article is only for educational purpose and is shared for spreading awareness about phishing attacks and how to secure yourself as an individual/Organization .Please do not misuse it. Author of this document/article is not responsible for misuse of the information contained within this article. Let’s begin with Offensive security professional’s favorite SET- “Social Engineering Toolkit “which is an open source toolkit.
  • 6. International Journal of Computer ISSN 2248- 9363 (Print), ISSN- 2248 As we can see it has the email to Third Party Module are listed and each and every module is combined with numerous methods Let’s take a quick look into how the attack can be crafted you can see in the below screenshot achieve via any of the listed methods. Above attacks can be used dig login credent browser exploitation to root level access. We have another most popular tool called as “Phishnix” Phishnix is a social engineering solution that assess and trains employees on the risks of phishing. Phishnix develops organization. This scenario will be sent out to employees and Phishnix will track how the International Journal of Computer science and Engineering Research and Development (IJCSERD), 2248-9371 (Online) Volume 4, Number 2, April-June (2014) 46 Fig: SET Overview As we can see it has the most advanced ways for Phishing ranging from Phishing hird Party Module are listed and each and every module is combined with take a quick look into how the attack can be crafted using these methods below screenshot the attack depends upon what the attacker is trying to achieve via any of the listed methods. Fig: Attack Methods Above attacks can be used dig login credentials of any victims via session hijacking, to root level access. We have another most popular tool called as “Phishnix” is a social engineering solution that assess and trains employees on the risks Phishnix develops a phishing scenario that is realistic and relative to your organization. This scenario will be sent out to employees and Phishnix will track how the science and Engineering Research and Development (IJCSERD), June (2014) most advanced ways for Phishing ranging from Phishing hird Party Module are listed and each and every module is combined with using these methods. As the attack depends upon what the attacker is trying to any victims via session hijacking, is a social engineering solution that assess and trains employees on the risks a phishing scenario that is realistic and relative to your organization. This scenario will be sent out to employees and Phishnix will track how the
  • 7. International Journal of Computer science and Engineering Research and Development (IJCSERD), ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014) 47 employees respond. This provides organizations with a view of their human firewall and insight into where the vulnerabilities exist within the human firewall. Phishnix further leverages the teaching moment created based on the user's response and generate an action plan that can be implemented to avoid future pitfalls. Phishnix helps your organization to build the first line of defense by increasing an employee's awareness to phishing; thus Phishnix plays a vital role in an organization's anti-phishing strategy We can use phishnix to deliver specially crafted spoofed email to be sent to the victims. Also the best part of this tool is that it will analyze the data and provide information about how many employees were victims of the attack. Also it is capable of collecting data from users if required to be presented in an audit session. Exploitation and Post Exploitation:- Now that we know about attack methods ,lets dig the third bit Exploits and Exploitation. Advanced URL Obfuscation techniques: - 1. Use Clone page attack to get the same page as hosted by a live server 2. Use any of the Obfuscation techniques mentioned above and combine as per your needs. 3. Use URL Shorter service (Google URL shortner/tiny URL) which is freely available and shorten your URL .Now you are ready for a real world attack. 4. Send the phish link to the victim. Credential Harvesting Attack via Web attack vectors:- The below yahoo.com webpage was opened by clicking on a malicious link by victim which was sent to him by an attacker using Credential Harvester attack. If you observe the URL closely, the Ip address using which the link was opened doesn’t belong to yahoo.com. This IP belongs to an attacker on which the website is hosted.
  • 8. International Journal of Computer ISSN 2248- 9363 (Print), ISSN- 2248 Fig: Victim tricked to click and login into Evil Page Fig: Session established from Attacker system to victim’s session Fig: Login Credentials output Using Credential Harvester attack International Journal of Computer science and Engineering Research and Development (IJCSERD), 2248-9371 (Online) Volume 4, Number 2, April-June (2014) 48 Victim tricked to click and login into Evil Page Session established from Attacker system to victim’s session Login Credentials output Using Credential Harvester attack science and Engineering Research and Development (IJCSERD), June (2014) Login Credentials output Using Credential Harvester attack
  • 9. International Journal of Computer science and Engineering Research and Development (IJCSERD), ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014) 49 Once the data attacker needs is collected, they can have all the data built into form of a report which will contain your username and password as well. Similar process can be used to craft credential harvesting attacks for various different websites as and when required. Phase III- Gaining Root Access-(Victim Pawned) via Phishing Attack Few Exploits and their descriptions are as follows which can be used to gain system level / Root Level Access Gaining Root Access 1) Windows Shell Reverse_TCP Spawn a command shell on victim and send back to attacker 2) Windows Reverse_TCP Meterpreter Spawn a meterpreter shell on victim and send back to attacker 3) Windows Reverse_TCP VNC DLL Spawn a VNC server on victim and send back to attacker 4) Windows Bind Shell Execute payload and create an accepting port on remote system 5) PyInjector Shellcode Injection This will drop a meterpreter payload through PyInjector There are more than 300+ exploits available on the internet each pertaining to different products (Software’s/Browsers/Document/OS/System level). Steps for gaining root access 1. Choose any one of the above exploits and run 2. Share the evil link with the victim, 3. Backdoor will be installed, as soon as victim clicks on evil link. 4. And the session is established Fig: Using Aurora exploit for taking root access
  • 10. International Journal of Computer ISSN 2248- 9363 (Print), ISSN- 2248 Steps to follow after using any of the exploits and gaining system level access/root level access:- 1. Take control of user’s session 2. Create a user with privilege 3. Try to gather as much information as you can as required as a part of your Advanced Persistent threat exercise 4. The main aim as a part of this APT Phishing exercise should be compromised one system, look for another system attached/ connected to it until you find a system with Active Directory and try to compromise the same by dumping as much data as required . 5. Install few more backdoor’s and c Fig: Gained Root access to victim’s system Fig: Dump Phase IV -Securing the Human Element Following are the Counter measures Don’ts Do not click on any links which seems suspicious. Don’t open any documents, images or pdf file users, they may trigger unwanted actions. Don't put too much information (SPI) about yourself on the internet (LinkedIn/Facebook/twitter) exam Don’t share any information with email address which uses real organization name but incorrect email/domain address. Example microsoft@gmail.com Don’t click on links in e-mails especially any that are requesting priva Attackers use URL shortner for hiding the intent hidden with the evil link. Don’t click on tiny (bitly/adsfly) URL or URL which have no meaning or sense International Journal of Computer science and Engineering Research and Development (IJCSERD), 2248-9371 (Online) Volume 4, Number 2, April-June (2014) 50 fter using any of the exploits and gaining system level access/root session. Create a user with privileged access-hidden mode and dump the hashes. Try to gather as much information as you can as required as a part of your Advanced The main aim as a part of this APT Phishing exercise should be once you have compromised one system, look for another system attached/ connected to it until you find a system with Active Directory and try to compromise the same by dumping as nstall few more backdoor’s and clear all the logs generated as a part of this exercise Fig: Gained Root access to victim’s system Fig: Dump hashes from victim’s system Securing the Human Element r measures Against Advanced Phishing:- links which seems suspicious. images or pdf file which comes as attachment from unknown users, they may trigger unwanted actions. Don't put too much information (SPI) about yourself on the internet /twitter) example your DOB or social security number Don’t share any information with email address which uses real organization name but incorrect email/domain address. Example microsoft@gmail.com mails especially any that are requesting private information. Attackers use URL shortner for hiding the intent hidden with the evil link. Don’t click on tiny which have no meaning or sense e.g. http://bit.ly/1dUdYId science and Engineering Research and Development (IJCSERD), June (2014) fter using any of the exploits and gaining system level access/root Try to gather as much information as you can as required as a part of your Advanced once you have compromised one system, look for another system attached/ connected to it until you find a system with Active Directory and try to compromise the same by dumping as nerated as a part of this exercise. which comes as attachment from unknown Don't put too much information (SPI) about yourself on the internet Don’t share any information with email address which uses real organization name but te information. Attackers use URL shortner for hiding the intent hidden with the evil link. Don’t click on tiny http://bit.ly/1dUdYId
  • 11. International Journal of Computer science and Engineering Research and Development (IJCSERD), ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014) 51 *You may get an email from your friend/relative does not mean they have sent it. Your friend/relative computer may have been infected or their account may have been compromised. If you have a suspicious email from a trusted friend or colleague, call them to confirm that they sent it. Use a telephone number that you already know or can independently verify, not one that was included in the message to verify Don’t share any usernames, passwords or transfer money urgently without verifying. Don’t plug any pen-drives, SD cards and other memory chips you find in your lying on ground or in your company campus to your company’s laptop/desktop, you may compromise security of entire company. Those days are gone when you used to get phishing emails with bad grammar and lousy spelling mistakes. Now-a-days Phishing emails look more authentic than the original emails. Do’s Check the grammar or spelling mistakes. Use common sense, if an email/call seems too good to be true, it is most likely an attack. Verify this every time while sharing any PSI or BSI over email. Use good Antivirus which has Web protections set to on while you are browsing. For Corporate/Business Use an updated anti-virus program that can scans e-mail and has Anti- Spam Filter enabled. Few of them also get coupled with browser to show site rating and risk. Also use Anti Trojan and Anti-Spyware to get rid of any harmful malwares. Always type a website URL manually for any Banking transactions, financial transactions or even for social websites like Facebook if you want to be secure. Use Open VPN for connecting and browsing on internet. Most of them are available for free. Please observe the”https://” and a lock icon in the address bar before entering any private information. Ensure all Financial Banking and social networking websites are on secured channel and has a valid SSL Certificate before performing login and performing any transactions. If you put your mouse Cursor over the link, your browser or security software will share the actual email id/URL Request for sharing PSI and BSI are a clear sign of an attack .Never share your PSI, BSI over emails from free email service providers like hacker@gmail.com, @yahoo.com,@rediffmail.com Set Internet Explorer as your default browser. Always use Mozilla Firefox in private browsing mode or Google Chrome in incognito mode for performing any financial transaction or logging into a Social Networking Website .Always remember to close your browser after use. Be aware of any email that requires quick attention or creates a sense of urgency so that you rush to click on it without thinking. Always use the preview method provided by email service providers to view the attachments that come via emails. Avoid tiny URLs .Use service such as Long URL to view the complete URL. These services also give you a preview of the URL which helps you to determine whether they are of malicious nature or not. Enable One Time Password functionality on Gmail, Yahoo, Facebook and other websites which you browse regularly and use to transfer SPI. Disable your Mobile’s internet connection while performing any transaction that involves use of OTP-One Time Password. Always dump suspicious emails in trash or marking it spam. Marking spam only once for one type of email helps your anti spam service to analyze its content and the signature including
  • 12. International Journal of Computer science and Engineering Research and Development (IJCSERD), ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014) 52 email-id and host ip details from which the email was received which in turn helps to ensure that you don’t receive any malicious emails in future. Download Software Products only from authentic sources or for business purposes from companies own software store and keep them updated with latest versions and patches. Use Mobile Device Management solutions if you permit your employees to use Smart Phones to connect to company’s network or storing companies BSI. Download only those apps from android market which have been downloaded by at least 100000+ users. This doesn’t guarantee but would limit the possibility of you falling for a Smishing attack. Never speak of company’s secrets, SPI or BSI in public places. Example: Discussing Network diagram of your company over a cup of tea with anonymous people in public places. Spread and share awareness about phishing attacks and prevention. If you find any pen drives lying anonymously and if you are greedy enough to own it. Use it in own your home laptop and make sure you are not connected to internet. Also scan Pen drive for malware, Trojans and spyware. Make sure you open it on a VM. Make use of paper shredder in your organization and install it next to printers. Dispose of any confidential information using it. Ask the employees to collect their prints within 15 minutes from the time of print action. Never share your debit/credit cards at ATM centers. If you are not able to use it, request the concerned security personal present at ATM center for help and not to ask to person standing next to you. Always press cancel button two times once your transaction is complete. Conduct Phishing exercise within your company to analyze how vulnerable are your employees. Arrange a session for your friends and employees to generate awareness against phishing. If you come across any phishing website, please submit it at www.phishtank.com. Use https://www.virustotal.com and scan any suspicious URL before browsing it. Also send a Phishing Awareness email monthly once to your employees. So that they will be prepared for the worst and this exercise would definitely stop and limit any kind of phishing activity within your network. Financial Losses via Phishing Attacks Fig: Financial Loss from Phishing Attacks
  • 13. International Journal of Computer science and Engineering Research and Development (IJCSERD), ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014) 53 Financial loss from phishing occurs in Millions of dollars. India ranks third in the world which is prone to phishing attacks. Last year financial loss was 28.8 million dollars. “Don’t have false assumptions that you will never be targeted. Beware you may be Next.” REFERENCES 1. Technical Trends in Phishing Attacks by Jason Milletary-CERT Coordination Center 2. Phishing Awareness –by Navy Information Operations Command (NIOC) Norfolk 3. https://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201302_en.pdf 4. http://www.moneycontrol.com/news/features/phishing-for trouble_648789.html ABOUT AUTHOR Avinash Sinha is a Security Consultant working with Aujas. Previously he has worked with IBM India Pvt Ltd as an Application Security Consultant for 2.8 Yrs. His key area of interests include Vulnerability assessments, Secure Code review, Security research, Penetration testing and professional interest focuses on network infrastructure protection. Amruta Moon is working as a faculty at G.H Raisoni College of engineering. She has completed her M.Tech in Software Engineering from Sagar institute. Her keen area of interest includes security research, image analysis and programming.