Phishing & Pharming
Download as PPT, PDF3 likes8,726 views
The document discusses phishing and pharming techniques used by hackers to steal personal information from users. Phishing involves tricking users into providing sensitive details through emails or websites, while pharming redirects users to fake websites by altering DNS settings or host files. Common pharming techniques mentioned are link manipulation, website forgery, altering the host file, and hijacking DNS servers. Phishing statistics from April 2007 are provided, with over 23,000 reports, 55,000 phishing sites, and 172 brands targeted that month primarily from the United States. Live phishing URLs are also listed as examples.
Phishing & Pharming
- 2. Introduction 1 Phishing Techniques 2 Pharming Techniques 3 Phishing Statistical Highlights 4 Phishing/Pharming Demo 5
- 3. In Computing both Phishing and Pharming are criminal activity Both Phishing and Pharming are methods used to steal personal information over the Internet User Id/Password Credit Card Number PIN Phishing is typically carried out using email or an instant message, and often directs users to give details at a website Pharming is a hacker's attack aiming to redirect a website's traffic to another (bogus) website.
- 4. Pharming is more dangerous than Phishing In Phishing incorrect client request is sent and if user is little bit intelligent he/she can identify it very easily In Pharming correct Client request is sent and that get redirected to wrong server. So identifying it is difficult for intelligent users also
- 5. Technique -1 Link manipulation In this technique hackers manipulate links in such manner that it’s difficult for user to identify whether is page is served form correct website or fake website. Few of such techniques are 1. Misspelled URLs e.g. http://www.0rkut.com 2. Sub domains e.g. http://www.yourbank.com.example.com/ 3. Using “@” e.g. http://www.google.com@members.tripod.com/ Technique -2 Website forgery In this technique hackers alter the address bar 1. Hiding Address bar 2. Altering the content of Address bar using scripts 3. putting image with legitimate URL over address bar 1 2 4 3 Hacker Creates Fake website Send link of website to user using mail/instant messaging User opens link provided by Hacker User start sending/receiving information from Fake website Hacker 1 Fake website 2 4 3 User
- 6. In Pharming attackers try to redirect the user’s requests (web traffic) to a bogus website, for doing this commonly used techniques are: Altering Host File Host File location %windir%/system32/drivers/etc/hosts (Windows) /etc/hosts (Unix) Sample Host file Hijacking DNS Server/Local Network Router
- 7. Web Server IP : 64.233.187.99 google.com 64.233.187.99 64.233.187.99 google.com 1 2 3 4 2 IP add. is not specified in Host file IP add. is specified in Host file DNS & Host File
- 8. Number of unique phishing reports received in April: 23656 Number of unique phishing sites received in April: 55643 Number of brands hijacked by phishing campaigns in April: 172 Country hosting the most phishing websites in April: United States No hostname just IP address: 6 % Percentage of sites not using port 80: 1.5 % Average time online for site: 3.8 days Longest time online for site: 27 days Source: APWG(http://www.antiphishing.org)
- 10. United State 28.44% France 26.9% Republic of Korea 21.05%, Romania 2.04% China 1.9% Germany 1.9% Russia 1.75% United Kingdom 1.46% Turkey 1.46%, Netherlands 1.17%. Source: APWG(http://www.antiphishing.org)
- 11. Live Phishing URLs http://website.lineone.net/~farrago/cia/phish/ebay2.htm http://www.popsite-almere.nl/fotos/nieuws/data/www.anz.com/anzbank/ANZ/Bankmain.htm http://posssit.freehostia.com/bancoposta.online.it/bpol/poste//login-privati1.html http://www.safe-surf.org/cgi-bin/cgiproxy/nph-proxy.pl/000100A/http/www.myspace.com/ http://halifax-online-co-uk.idiotica.co.uk/_mem_/formslogin.asp/ http://session-7393533.nationalcity.com.userpro.tw/corporate/onlineservices/TreasuryMgmt/
- 12. Thank You !