What is Phishing?

Phishing is the art of stealing the idnetity of an individual and obtaining confidential information by the attacker. Surveys and studies reveals that the direct financial loss due to phishing attacks accounted for 1.2 billion in 2003 and is increasing day-by-day. The indirect loss is many times higher than the direct loss.

The most popular phishing attack strategy is to trick the users by sending fraudulant messages into giving out information. You might have seen messages like .ABC bank requires to verify your account information, please follow the below URL and enter the login credentials to verify your account..

Other methods include malware attacks, where malicious code is used to obtain the confidential information and DNS redirection, where the DNS entries are altered to redirect the users to the fraudulant server.

Phishing attack flow

Most of the phishing attacks falls in the following work flow

1. Attack planning
2. Setting up the phish page/server
3. Sending the malicious code/email/message
4. End user action (executing the code, clicking the links etc..)
5. Prompting for confidential information
6. User enters the confidential information
7. The phishing server send the confidential information to the phisher
8. Use of the confidential information to impersonate the user
9. Making use of the compromised information and performing fraudulant transactions.

Countermeasures

The phishing problem cannot be handled solely by the end-users, financial institutions or regulations. A combined effort is important to mitigate the threat of phishing. The solution to phishing lies in taking counter measures at all levels. This includes, technical solutions, user awareness and regulations.

To effectively counter a phishing attack, the early detection of such activity is important.

99.99% of the phishing attacks have an associated phishing page, which captures the information from the end user. This hosting of the phishing page is the first step in the phishing. Many attackers use the images and buttons from the real website by saving the webpage as it is or will redirect the page to the geniune site after the submission of the confidential data. In both the cases, the webserver logs will have the referer names recorded. Regularly reviewing the webserver logs will help the detection in the planning stage of a phishing attack.

Once the server is setup, the attacker starts sending the .bait. emails with the URLs encoded in the email. These emails are either from a valid email address or from an invalid address. As the attacker sends thousands of emails, there is a high chance of finding bounced messages in the inbox of the valid mailbox. Tracking the customer facing mailboxes for bounced messages can help detecting that a phishing attack is in progress and a possibility of finding the details of the phishing site.

Another way to detect the phishing is by asking the users to report it. Ideally, your website shouold have a option for reporting the phishing incidents they recieve.

Once you have identified the phishing attack and the detils related to it, the next step is to take the phishing site down. To achive this, the phishing site need to be reported to the authorities. The lsit includes ISP.s, the related NIC, hosting provider etc.

Security Meassures for End Users

The above details give a snapshot of how the phishing works and how to prevent it. References:This document has excerpts/ideas from articles posted in and websites.

• Do not click on any link received through mails, always type or use the bookmarks
• Do not send sensitive information like passwords or banking pins through emails to anyone
• Contact the bank/organization incase of any suspicious transaction
• Always use complex alpha-numeric passwords containing at least 8 characters. Refer to the posts related to passwords in this site.
• Change passwords at least once in 2 months and avoid using the same password for multiple Websites
• Update the system with security patches and anti-virus signatures
• Set Internet browser security settings to .high.
• Avoid visiting links containing .@. sign in the URL
• Always make sure that financial or commerce Websites contain .HTTPS. before the URL and the .Padlock. at the status bar
• Log out properly from all open accounts, such as email and online banking etc.
• Close the browser after completing any transaction

The above details give a snapshot of how the phishing works and how to prevent it.

The above details give a snapshot of how the phishing works and how to prevent it. References:

The above details give a snapshot of how the phishing works and how to prevent it. References:This document has excerpts/ideas from articles posted in SANS and Antiphishing websites.