Monday, January 11, 2010

Phishing


Phishing:

One of the hot topic of 2009 Information Security industry is phishing. According to a Truster's  recently released report with the sample of 3 million users over the period of 3 months time, it is identified that 45% of the time, users were spoofed into a fake  log on page.  The report also claimed that  most of the discovered phishing sites are live and also has the capability to bypass anti-spam and anti-phishing protection if any present on the victims browser.  Banking along with online shopping cart users are the most targeted and affected among the phishing victims.Below graph from Phishtank shows phishing sites by country of host for Nov 2009.

In phishing attack, hackers create an almost identical looking replica of a chosen banking or online shopping web site , then attempt to trick users to show personal information and log in credentials like user name, password, PIN number. Trapped user will fill the form thinking it as the legitimate website , exposing wide window of opportunity to hackers to misuse  victims sensitive information.
Hackers uses various phishing techniques to victimize users to make them access their fake web page, one such method is by sending email that pretend to be from your debit or credit card company asking you to update your personal information. Being a look-alike of a legitimate website, recipient will click on the link in the email, they are directed to the fake website and where they are tricked to expose their information.
To stay protected, below are some of the steps a user can take:
  • Check for digital signature, unless the email is digitally signed, email cannot be trusted to pass on the sensitive information.
  • Be aware of such fake emails, remember it is highly unlikely that your bank will ask your sensitive information by email.
  • When there is a need to fill in your log in details in a webpage look for https in your URL box. Also look for lock symbol on the lower right hand corner of the web browser. Double clicking the lock will enable your access to digital certificate. If you don't see both https and secure lock do not give your information. Alternatively contact your bank by telephone.
  • Instead of clicking the link from your email message, try typing the URL into your web browser .
  • Mozilla's current version 3.5 has good anti phishing functionality and using Mozilla Firefox may provide more advantage over phishing sites.
  • Make sure to update your web browser of choice with updated security patches.
  • Check your bank account regularly once making transaction, if you note any suspicious activities, report your bank immediately
  • Always report "phishing" or “spoofed” e-mails to the following groups:
  1. forward the email to reportphishing@antiphishing.org
  2. forward the email to the Federal Trade Commission atspam@uce.gov
  3. forward the email to the "abuse" email address at the company that is being spoofed (e.g. "spoof@ebay.com")
  4. when forwarding spoofed messages, always include the entire original email with its original header information intact
  5. notify The Internet Crime Complaint Center of the FBI by filing a complaint on their website: www.ic3.gov/
Phishing statistics for the month Dec 2009.

Phishing statistics below are from 1st December 2009 records from phishing. While visiting the below mentioned websites make sure to verify the above mentioned tips and minimize the risk of getting victimized.

Popular Targets

Top 10 Identified TargetsValid Phishes
1PayPal10,361
2Internal Revenue Service870
3Tibia784
4eBay, Inc.458
5Facebook439
6Bank of America Corporation270
7JPMorgan Chase and Co.202
8HSBC Group201
9Google146
10HSBC121

Phishing URLs

In November, 278 phishes (5% of valid phishes that month) used an IP address (i.e. http://12.34.56.78) and 4,980 (or 95%) used a domain name (i.e. http://example.com).
Top 10 Domains (valid phishes)
1atspace.com (237)
2submissionradio.com.au (67)
3oksamyt-inter.com.ua (60)
485studio.pl (50)
5sisek.net.ua (49)
6virtualbattlespace2.com (44)
7wilsden.com.au (40)
8110mb.com (39)
9aidastreasures.com (37)
10dezigner.ru (34)