| | |
| Phishing 1.0
Phishing is a deceptive practice, where a criminal spoofs an electronic correspondence (usually email) purporting to be from a legitimate business entity. Usually a bank or other financial institution. Commonly, within the correspondence the thief makes claims that the individual’s account is in some mortal danger unless they act immediately. A link to a fraudulent web site is conveniently embedded in the correspondence. The poor panicked individual clicks on the link and is redirected to the fraudulent web site that requests authentication, in a similar manner to the legitimate site. If the individual enters their credentials they are usually either redirected to the actual real site (man-in-the-middle) or presented with a thank you page. At that point the thief has won. The individual’s credentials are then used on the real web site to redirect funds out of their account and act in a generally fraudulent manner.
Security measure | How it works | Vulnerability | Username & Password | User types their Username & Password into buffer fields on the website to gain access | A fraudulent website will request authentication, in a similar manner to the legitimate site stealing the Username and Password | Virtual Keyboard | The user inputs their passcode through a web-based graphical keyboard/keypad | The user's passcode is stolen after it is entered through a spoofed web-based virtual keyboard/keypad | Knowledge-Based Authentication | The user answers a series of personal questions | A fraudulent website will ask a series of personal questions that can later be used to commit identity fraud | Recognition based authentication | The user needs to recognize shapes, faces, symbols, patterns, pictures, etc... | A fraudulent website will request authentication, in a similar manner to the legitimate site stealing the shapes, faces, symbols, patterns, pictures, etc... needed to gain access | IP Geolocation | The website associates the user's account with the geographic location of the IP address | Once a user visits the spoofed site the IP address is captured with the corresponding username, password when the fraudsters attempt to login they are routed through a local botnet computer located in the same geographic region or ISP as the real user | Device Fingerprinting | The website attempts to create a profile of the device based on information provided by the web browser | Once a user visits the spoofed site a profile of the device based on information provided by the web browser is captured with the corresponding username, password when the fraudsters attempt to login they present the device fingerprint to the site |
|