Module 4 notes continued…

 Types of Phishing Scams

1. Deceptive Phishing: Phishing scams started by broadcasting deceptive E-Mail messages

with the objective of ID theft. E-Mails are broadcasted to a wide group of netizens asking about
the need to verify banking account information/system failure requiring users to re-enter their
personal information/fictitious account charges and/or undesirable account changes/new free
services requiring quick action.
E-Mails and/or clicking on weblinks or signing onto a fake website designed by the phisher.

2. Malware-based Phishing: It refers to scams that involve running Malicious Code on the
netizens system. Malware can be launched as an E-Mail attachment or as a downloadable file
from a website or by exploiting known security vulnerabilities. For example, small and medium
businesses are all found to be ignorant to keep their operating systems (OS)antivirus software up
to date with latest patch updates released by vendors.

3. Keyloggers: Malware can embed a keylogger to track keyboard input and send relevant
information, maybe the keylogger log, to the phisher through the Internet.

[Link] hijacking: It is an attack in which netizens’ activities are monitored until they
establish their bona fide credentials by signing into their account or begin the transaction and at
that point the Malicious Code takes over and comport unauthorized actions such as transferring
funds without netizen's knowledge.

[Link]-session Phishing: It is a Phishing attack based upon one web browsing session being
able to detect the presence of another session (such as visit to an online banking website) on the
same web browser and then a pop-up window is launched that pretends to be opened from the
targeted session.
6. Web Trojans: It pops up to collect netizen’s credentials and transmit them to the phisher
while netizens are attempting to log in. Such pop-ups are usually invisible.

7. Pharming: It is a new threat evolved with a goal to steal online identity of the netizens and Pharming is
known as one of the “P” in cybercrime

In Pharming, following two techniques are used:

* Hosts file poisoning: The most popular operating system (OS) in the world is Windows and it
has “host names” in their “hosts” file. A simple text file was used in web address ([Link]
used to “poison” the host file to redirect the netizen to a fake/bogus website, designed and
developed by the phisher, which will “look alike” the original website, to steal the netizen’s
personal information easily.

* DNS-based Phishing: Phisher tampers with a DNS so that requests for URLs or name service
return a fake address and subsequently netizens are directed to a fake site.

8. System reconfiguration attacks: Phisher can intrude into the netizens’ system (i.e.,
computer) to modify the settings for malicious purposes. For example, URLs saved under
favorites in the browser might be modified to redirect the netizen to a fake/bogus “look alike”
websites (i.e, URL for a website of a bank can be changed from “[Link]” to
[Link].).

9. Data theft: Critical and confidential data getting stolen is one of the biggest concerns in the
modern times. As more and more information resides on the corporate servers and the Web,
attackers have a boom time because taking away/copying information in electronic form easy.
Phishers can easily make profit from selling the stealth confidential communications, design
documents, legal opinions and employee-related records to those who may want to embarrass or
cause economic damage to competitors.

10. Content-injection Phishing: In this type of scam, phisher replaces part of the content of a
legitimate website with false content to mislead the netizen to reveal the confidential personal
information. For example, Phisher may insert Malicious Code to capture netizen’s credentials
that can secretly collect information and send it to phisher.

11. Man-in-the-middle Phishing: In this type of attack, phisher positions himself between the
netizen and the legitimate website or system. Phisher records the input being provided by the
netizen but continues to pass it on to the web server so that netizens’ transactions are not
affected. Later on phisher can either sell or use the information or credentials collected when the
user is not active on the system.

12. Search engine Phishing: It occurs when phishers create websites with attractive sounding
offers and have them indexed legitimately with search engines. Netizens find websites during
their normal course of search for products or services and are trapped to reveal their personal
information. For example, phishers set up fake/bogus banking websites displaying an offer of
lower credit costs or better interest rates than other banks.

13. SSL certificate Phishing: It is an advanced type of scam. Phishers target web servers with
SSL certificates to create a duplicitous website with fraudulent webpages displaying familiar
“lock” icon.
Distributed Phishing Attack (DPA)
Phisher sends lure E-Mails that entice the victim to follow the URLs displayed in the E-Mail
which directs him/her to the phisher’s website. As the victim is unable to verify/ check
legitimacy of the webpage/website, he/she submits personal information. Most often, the
Phishing messages and webpages/websites masquerade as banks/financial institutions,
government agencies or some other trustworthy entity that could probably ask for personal
information. Distributed Phishing attack is an advanced form of Phishing attack that works as per
victim's personalization of the location of sites collecting credentials and a covert transmission of
credentials to a hidden coordination center run by the phisher.

 Phishing Toolkits and Spy Phishing

A Phishing toolkit is a set of scripts/programs that allows a phisher to automatically set up
Phishing websites that spoof the legitimate websites of different brands including the graphics
(i.c., images and logos) displayed on these websites. Phishing toolkits are developed by groups
or individuals and are sold in the underground economy.

Phishers use hypertext preprocessor (PHP) to develop the Phishing kits. PHP is a general
purpose scripting language that was originally designed for web development of dynamic web
pages. PHP code is embedded into the HTML source script and interpreted by a web server with
the help of a PHP processor module.
Following are few examples of such toolkits:
1. Rock Phish: It is a Phishing toolkit popular in the hacking community since 2005. It
allows non techies to launch Phishing attacks, The kit allows a single website with multiple DNS
names to host a variety of phished webpages, covering numerous organizations and institutes.
2. Xrenoder Trojan Spyware: It resets the homepage and/or the search settings to point to other
websites usually for commercial purposes or porn traffic.
3. Cpanel Google: It is a Trojan Spyware that modifies the DNS entry in the host’s file to point
to it own website. If Google gets redirected to its website, a netizen may end up having a version
of a website prepared by the phisher.


Phishing Countermeasures
The countermeasures will prevent malicious attacks that phisher may target to gain the
unauthorized access to the system to steal the relevant personal information about the victim,
from the system.
How to avoid being victim of Phishing attack
Brief description
Security measures
Important aspect is to keep antivirus software
[Link] antivirus software up to date up to date because most antivirus vendors have
signatures that protect against some common
technology exploits.

It should always be practiced that, E-Mails

[Link] not click on hyperlinks from unknown source, clicking on any
 hyperlinks displayed in an E- ail should be
avoided. This may lead to either the link taking
the victim that website created by the phisher

Ensure the address bar displays “[Link] rather

[Link] https than just “[Link] along with a secure lock
icon than has been displayed at the bottom
right-hand corner of the web browser

Always update the knowledge to know new

tools and techniques used by
[Link] educated phishers to entice the netizens and to
understand how to prevent these
types of attacks. Report any suspicious activity
observed to nearest cyber security cell.

How to Judge/Recognize Legitimate Websites

ScanSafe ([Link]) was the first company in the world to offer web security.
Scandoo ([Link]) scans all search results to protect the user from visiting false
websites (i.e., websites that spread malicious viruses or Spyware as well as protecting the user
from viewing offensive content).Presently this site is not available as improvements for add-on
features based on users' feedback is underway.
McAfee SiteAdvisor software ([Link]) is a free web security plug-in that provides
the user with red, yellow and green website security ratings based on the search results.
 SPS Algorithm to Thwart Phishing Attacks

The proposal of system based on a simple filtering algorithm, Sanitizing Proxy System
(SPS),has been suggested under the white paper by the authors Daisuke Miyamoto,Hiroaki
Hazeyama and Youki Kadobayashi from Nara Institute of Science and Technology, Japan.
Netcraft Toolbar It offers protection from Phishing attacks.
[Link]

ScamBlocker It is an Earthlink Toolbar feature that helps protect

[Link] users from the latest Phishing threats.

Windows Internet Explorer's Phishing filter It is available in Internet Explorer

[Link]
[Link] * Ithelps protect users from
entering
filter Phishing sites.

The key idea behind SPS is that web Phishing attack can be immunized by removing part of the
content that entices the netizens into entering their personal information. SPS sanitizes all HTTP
responses from suspicious URLs with warning, messages; however, netizens will realize that
they are browsing Phishing sites.
The white paper summarizes the characteristics of SPS in the following, points:
[Link]-level filtering: SPS employs two-level filtering composed of strict URL filtering and
HTTP response sanitizing. By combining two filtering methods, netizens can be protected from
revealing their personal information on Phishing sites.
2. Flexibility of the rule set: By filtering HTTP responses, the algorithm distinguishes between
legitimate websites and other suspicious websites based on a rule set written by the operator of
SPS.
3. Simplicity of the filtering algorithm: A simple two-level filtering algorithm can be described
into 20 steps and can easily apply the SPS functions into existing proxy implementations,
browser plugins or personal firewalls.
4. Accountability of HTTP response sanitizing: SPS prevents netizens from disclosing their
personal information to Phishing sites by removing malicious HTTP headers or HTML tags from
HTTP responses. SPS can also alert netizens about requested webpage containing suspicious
parts that are under threat at the time of Phishing attacks.
5. Robustness against both misbehavior of novice users and evasion techniques: An SPS built-in
proxy server can protect netizens from almost all deceit cases of web Spoofing, regardless of
netizens misbehavior and evasion techniques used by the phisher.
 Identity Theft (ID Theft)
This term is used to refer to fraud that involves someone pretending to be someone else to
steal money or get other [Link] person whose identity is used can suffer various
consequences when he/she is held responsible for the perpetrator's actions. In many countries,
specific laws make it a crime to use another person's identity for personal gain.'! As mentioned in
the “introduction” section, ID theft is a punishable offense under the Indian IT Act (Section 66C
and Section 66D).According to 2010 Report published by Javelin Strategy & Research"! the
number of “identity fraud victims” were increased by 12% during 2009 and “amount of fraud”
increased by 12.5%. Key statistics noted about total identity frauds in the US are as mentioned
below:
1. The total fraud amount was US$ 54 billion.
[Link] average amount spent by the victim was US$ 373 and the time of 21 hours to resolve the
crime.
[Link] total, 11.1 million adults were found to be victims of ID theft, which amounts to 4.8% of the
population being a victim of identity fraud in 2009.

4.13% of identity frauds were committed by someone who the victim knew.
[Link] methods accounted for only 11% of ID theft in 2009.
[Link] methodology such as stolen wallets and paperwork account for almost half (43%) of all
ID thefts.
Federal Trade Commission (FTC) has provided the statistics about each one of the identity fraud
mentioning prime frauds presented below:
[Link] card fraud (26%): The highest rated fraud that can occur is when someone acquires the
victim’s credit card number and uses it to make a purchase.
[Link] fraud (17%): Besides credit card fraud, cheque theft and Automatic Teller Machines
(ATM) pass code theft have been reported that are possible with ID theft.
[Link] fraud (12%): In this fraud, the attacker borrows the victim's valid SSN to obtain a
job.
[Link] fraud (9%): This type of fraud includes SSN, driver license and income tax fraud.
[Link] fraud (5%): It occurs when the attacker applies for a loan on the victim’s name and this
can occur even if the SSN does not match the name exactly.
It is important to note the various usage of ID theft information.”
1.66% of victims’ personal information is used to open a new credit account in their name.
2.28% of victims’ personal information is used to purchase cell phone service.
3.12% of victims end up having warrants issued in their name for financial crimes committed by
the identity thief.
The statistics proves the importance of ID theft and the frauds related with ID theft are increasing
day-by-day.
Personally Identifiable Information (PII)
The fraudster always has an eye on the information which can be used to uniquely
identify, contact or locate a single person or can be used with other sources to uniquely identify a
single individual. PII has four common variants based on personal, personally, identifiable and
identifying.
[Link] name;
[Link] identification number (e.g., SSN);
[Link] number and mobile phone number;
[Link]'s license number;
[Link] card numbers;
[Link] identity (e.g., E-Mail address, online account ID and password);
[Link] date/birth day;
[Link];
[Link] and fingerprints.
The fraudster may search for following about an individual, which is less often used to
distinguish individual identity; however these can be categorized as potentially PII because they
can be combined with other personal information to identify an individual.
1. First or last name;
2. age;
3. country, state or city of residence;
4. gender;
The information can be further classified as (a) non-classified and (b) classified.
1. Non-classified information
* Public information: Information that is a matter of public record or knowledge.
* Personal information: Information belongs to a private individual but the individual commonly
may share this information with others for personal or business reasons.
* Routine business information: Business information that do not require any special protection
and may be routinely shared with anyone inside or outside of the business.
* Private information: Information that can be private if associated with an individual and
individual can object in case of disclosure (e.g., SSN, credit card numbers and other financial
information).
* Confidential business information: Information which, if disclosed, may harm the business
(e.g., sales and marketing plans, new product plans and notes associated with patentable
inventions).
2. Classified information
* Confidential: Information that requires protection and unauthorized disclosure could damage
national security (e.g., information about strength of armed forces and technical information my
about weapons).
* Secret: Information that requires substantial protection and unauthorized disclosure could
seriously damage national security (e.g., national security policy, military plans or intelligence
operations).
* Top secret: Information that requires the highest degree of protection and unauthorized
disclosure could severely damage national security.

 Types of Identity Theft

[Link] identity theft;
[Link] identity theft;
[Link] cloning;
[Link] identity theft;
[Link] identity theft;
[Link] identity theft;
[Link] identity theft.
[Link] Identity Theft
Financial ID theft includes bank fraud, credit card fraud, tax refund fraud, mail fraud and
several [Link] total, 25 types of financial ID thefts are investigated by the US Secret Service.
Financial identity occurs when a fraudster makes a use of someone else’s identifying details,
such as name, SSN and. bank account details, to commit fraud that is detrimental to a victim's
finances. For example, the fraudster fraudulently can open a new credit card account in the
victim’s name and the card charges up, payment is neglected, leaving the
Victim with bad credit history (i.e., horrible credit score) and a world of debt. fraudster use
credit cards, purchase a vehicle, receive a home mortgage or even find employment in the
victim's name.

The process of recovering from the crime is often expensive, time-consuming and
psychologically painful.
[Link] Identity Theft
It involves taking over someone else’s identity to commit a crime such as enter into a country,
get special permits, hide one’s own identity or commit acts of terrorism. These criminal activities
can include:
1. Computer and cybercrimes;
2. organized crime;
3. drug trafficking;

Individuals who commit ID theft are not always out to steal the victim’s money or ruin victim's
credit. This type of fraud/theft occurs when a fraudster uses the victim's name upon an arrest or
during a criminal investigation. The personal information given by a fraudster to a law
enforcement officer may include counterfeited document such as driver's license, birth
certificate, etc. Unfortunately, the victim of criminal ID theft may not know what warrant has
been issued under his/her name for quite some time.

The victims of this crime are left with the burden to clear their own name in the eyes of the
criminal justice system. It is very important to act quickly in order to minimize the damage and
get your life back im order, What makes the process so difficult is the fact that officials working
within the criminal justice system are the only ones capable of correcting the data.

[Link] Cloning
Identity cloning may be the scariest variation of all ID theft. Instead of stealing the personal
information for financial gain or committing crimes in the victim's name, identity clones
compromise the victim's life by actually living and working as the victim. ID clones may even
pay bills regularly, get engaged and married, and start a family. In summary, identity cloning is
the act of a fraudster living a natural and usual life similar to a victim’s life, may be at a different
location.
[Link] Identity Theft
“Bust-out” is one of the schemes fraudsters use to steal business identity; it is paid less
importance in com parison with individual's ID theft. A fraudster rents a space in the same
building as victim's office. Then he applies for corporate credit cards using victim's firm name.
‘The application passes a credit check because the company name and address match, but the
cards are delivered to the fraudster’s mailbox. He sells them on the street and vanishes before the
victim discovers the firm's credit is wrecked.'°! Hence, it is extremely” important to protect
business sensitive information (BSI) to avoid any further scams.

[Link] Identity Theft

India is known to have become famous for “medical tourism.” Thousands of tourists,
every year visit India with dual purpose — touring the country plus getting their medical
problems attended to (surgeries, total health check, Kerala massage, etc.) because India has made
name for good quality and yet reasonable priced (compared with Europe and the US) in medical
services. In the process thousands of medical records of foreigners as well as locals who avail
medical facility get created. This has created a boom for cybercriminals. Healthcare facilities
now are very different compared to how they were used a decade back. There are greater
opportunities for protected health information (PHI) changing hands when multiple agencies are
connected over computer networks and the Internet — for example, medical representatives,
health officers, doctors, medical insurance organizations, hospitals, etc.
Medical facility providers are moving from cumbersome paper records to faster and easier file
and trace electronic records. The stolen information can be used by the fraudster or sold in the
black market to people who “need” them.
[Link] Identity Theft
This is an advanced form of ID theft in the ID theft world. The fraudster will take parts of
personal information from many victims and combine them. The new identity is not any specific
person, but all the victims can be affected when it is used.
[Link] Identity Theft
Parents might sometimes steal their children’s identity to open credit card accounts,
utility accounts, bank accounts and even to take out loans or secure leases because their own
credit history is insufficient or too damaged to open such accounts.

 Techniques of ID Theft
Identity theft can affect all aspects of a victim’s daily life and often occurs far from its
victims. The attackers use both traditional, that is human-based, methods as well as computer-
based techniques.
1. Human-based methods: These methods are techniques used by an attacker without and/or
minimal use of technology
* Direct access to information: People who have earned a certain degree of trust (house cleaners,
babysitters, nurses, friends or roommates) can obtain legitimate access to a business or to a
residence to steal the required personal information,
* Dumpster diving: Retrieving documents from trash bins is very common.
* Theft of a purse or wallet: Wallet often contains bank credit cards, debit cards, driving
license,” medical insurance identity card and what not. Pickpockets work on the street as well as
in publi¢ transport and exercise rooms to steal the wallets and in turn sell the personal
information.
Mail theft and rerouting: \t is easy to steal the postal mails from mailboxes, which has poor
security mechanism and all the documents available to the fraudster are free of charge, for
example, Bank Mail (credit cards and account statements), administrative forms or partially
completed credit offers.
* Shoulder surfing: People who loiter around in the public facilities such as in the cybercafes,
near ATMs and telephone booths can keep an eye to grab the personal details.
* False or disguised ATMs (“skimming”): Just as it is possible to imitate a bank ATM, it is also
possible to install miniaturized equipment on a valid ATM. This equipment (a copier) captures
the card information, using which, duplicate card can be made and personal identification
number (PIN) can be obtained by stealing the camera films.
* Dishonest or mistreated employees: An employee or partner with access to the personal files,
salary information, insurance files or bank information can gather all sorts of confidential
information and can use it to provide sufficient damage.
* Telemarketing and fake telephone calls: This is an effective method for collecting information
from unsuspecting people. The caller who makes a “cold call” (supposedly from a bank)
the victim to verify account information immediately on the phone, often without much
explanation or verification.
[Link] based technique: these technique are attempts made by the attacker to exploit
vulnerabilities within moie processes and/or systems.
* Backup theft: This is the most common method. In addition to stealing equipment from private
buildings, attackers also strike public facilities. They carefully analyze stolen equipment or
backups to recover the data.
* Hacking, unauthorized access to systems and database theft: Besides stealing the equipment
and methods to gain unauthorized access to download the required information.
* Phishing:
* Pharming: The attackers setup typo or matching domain names of the target (usually of
popular banks and financial institutions) and install websites with similar look and feel. Hence,
even if the user types-in incorrect URL (e.g,, instead of [Link] , URL is punched as
[Link]).

 Identity Theft: Countermeasures

Identity theft is growing day-by-day and people think simple steps such as keeping the credit
card and PIN safely will protect them from ID theft.
How to Efface Your Online Identity
 Every time details about your identity and/or about your personal information are
revealed on the Internet, you are prone to be a victim for ID theft/fraud.
[Link] your credit closely The credit report contains information about
your credit accounts and bill paying history so
that you can be tipped off when someone is
impersonating you You can also consider
identity protection services, which range from
credit monitoring to database scanning, for
extra security.
[Link] records of your financial data and Review your statements regularly for any
transactions activity or charges you did not make.

[Link] security software Install security software (firewall, antivirus and

anti-Spyware software) and keep it up to date
as a safety measure against online intrusions.

4 Use an updated Web browser 4 Use an updated Web browser Use an updated
web browser to make sure you're taking
advantage of its current safety features.

 How to protect/efface your online identity

Anti Tracks: These are set of tools that appear to be a complete solution to protect your online
identity, sensitive data and maintaining the integrity of your system by hiding system's IP
address, securely locking and hiding important files and folders and maintaining a healthy
system performance, which keeps the system in top-notch condition.
Privacy Eraser Pro: It protects Internet privacy by cleaning up all the tracks of Internet and
computer activities and supports almost all popular web browsers. The main features of this
utility are as follows: Erase Browser Cache Files, Browser History, Cookies etc.