Web Spoofing

1
Web Spoofing
Steve Newell Mike Falcon Computer Security
CIS 4360
2
Web Spoofing
Introduction

• Phishing
• Is a form of identity theft in which deception
  is used to trick a user into revealing
  confidential information that has economic value.

3
Web Spoofing
Introduction

• Definition
• Website spoofing is the act of creating a
  website, as a hoax, with the intention of
  misleading readers that the website has been
  created by a different person or organization.

• Web spoofing is a phishing scheme

4
Web Spoofing
Statistic

• The Gartner group estimates the direct
  phishing-related loss to US banks and credit card
  issuers in the last year to be 1.2 billion.

• Indirect losses are much higher, including
  customer service expenses and account replacement
  costs.

5
Web Spoofing
Chart
6
Web Spoofing
Phishing Technologies

• The goal of phishing is to deceive the user via
  the following ways
• Deceiving a user into believing a message comes
  from a trusted source.
• Deceiving a user into believing that a web site
  is a trusted institution.
• Deceiving a spam filter to classify a phishing
  email is legitimate.

7
Web Spoofing
Deception

• Deceptive return address information
• Attempts to appear as a trusted source
• Fraudulent request for action
• Prompts user to provide information.
• Deceptive appearance
• - Mimics visual target site

8
Web Spoofing
Deceptive Links

• Misleadingly named http//security.commerceflow.co
  m will lead to http//phisher.com
• RedirectedIf the targeted company has an open
  redirect, then this can be used to redirect a
  legitimate URL to a phishing site.

9
Web Spoofing
Deceptive Links

• Obfuscated Using encoded characters to hide the
  destination address of a link. abc
  "979899
• Programmatically ObscuredUsing a scripting
  language such as Javascript to hide the
  destination of a link address. For example, using
  the mouse-over function.

10
Web Spoofing

• Not possible to determine whether a connection to
  a site is secure by looking at a lock icon in a
  browser
• A lock icon by itself means only that the site
  has a certificate
• It is possible to get a browser to display a lock
  icon using a self-signed certificate
• A lock icon may be overlaid on top of the browser
  using the same technologies used to fake the URL
  bar

Deceptive Location
11
Web Spoofing
Information Flow Model
12
Web Spoofing
Information Flow Model

1. A deceptive message is sent from the phisher to
   the user.
2. A user provides confidential information to a
   phishing server (normally after some interaction
   with the server).
3. The phisher obtains the confidential information
   from the server.
4. The confidential information is used to
   impersonate the user.
5. The phisher obtains illicit monetary gain.

13
Web Spoofing
Prevention

• Preventing phishing attacks
• The average phishing site stays active no more
  than 54 hours
• Pre-emptive domain registration
• Holding period for new domain registrations
• E-mail authentication could prevent forged or
  misleading email return addresses.

14
Web Spoofing

• Defenses

Defenses Against Early User Actions

• Open Information Allow different spam filters,
  e-mail clients, and browsers to exchange
  information about unsafe domains.
• Warn The User Alert the user when they attempt
  to click on an obfuscated link. Show the user the
  actual link, whether the site is trusted or not,
  and prompt the user whether or not the wish to
  continue with the link.

15
Web Spoofing
Defenses

• Disrupting Data Transmission
• Monitor Outgoing Data Implement a browser
  tool-bar that hashes information and checks if
  confidential information is being sent.
• Blacklisting Block IP ranges of known phishing
  sites.
• Encryption Encrypt sensitive information before
  transmission.

16
Web Spoofing

• Defenses

• Advanced Authentication
• Two-factor Authentication Require proof of two
  out of three criteria (what you are, what you
  have, or what you know)
• Requires some sort of hardware or time sensitive
  information
• Use a checksum to verify that the information
  came from the users machine and not a phisher.

17
Web Spoofing
Cross-site Scripting

• Cross-site scripting is inserting a malicious
  script inside a secure domain.
• A phisher could insert a malicious script inside
  of an auction or a product review to attack the
  user.
• The script would modify the host site so that the
  user believes he/she is interacting with the
  secure site.
• Difficult to write sufficient filter to remove
  cross-site scripting. How do you know if a script
  is malicious?
• Cross-site scripting could be hindered by
  introducing a ltnoscriptgt tag on user supplied
  content.

18
Web Spoofing
Examples
Example 1 http//www.msfirefox.com/ http//www.msf
irefox.net/ Example 2 Florida Commerce Credit
Union Example 3 Thomas Scotts Parody Unofficial
site Official site
19
Web Spoofing
Leading Nations
20
Web Spoofing
Conclusion

• Current technology is unable to completely stop
  phishing and web spoofing.
• Improvements in security technology can
  drastically reduce the amount of phishing schemes.

21
Web Spoofing
Videos

• Documentary Footage
• Identity theft victims
• Dont let this happen to you.

22
Web Spoofing

• ANY QUESTIONS?