Internet Vulnerabilities & Criminal Activity - PowerPoint PPT Presentation

1 / 37

About This Presentation

Title:

Internet Vulnerabilities & Criminal Activity

Description:

Internet Vulnerabilities & Criminal Activity Phishing, Nigerian 419 s, & High-Yield Investment Programs (HYIP) 8.1 3/22/10 HYIP Web Site Start Your Own HYIP HYIP ... – PowerPoint PPT presentation

Number of Views:47

Avg rating:3.0/5.0

Slides: 38

Provided by: ttswComSu

Category:

more less

Transcript and Presenter's Notes

Title: Internet Vulnerabilities & Criminal Activity

1
Internet Vulnerabilities Criminal Activity

Phishing, Nigerian 419s, High-Yield Investment
Programs (HYIP)
8.1
3/22/10

2
Phishing

The criminally fraudulent process of attempting
to acquire sensitive information such as
usernames, passwords and credit card details by
masquerading as a trustworthy entity in an
electronic communication.

(Wikipedia.org)
3
Why ph ? Phishing History

Original hackers
phone freaks phreakers
Term first used 1996
Coined by hackers who conned AOL users into
divulging their passwords
Phish hacked account
Phish traded as currency among hackers by 1997

4
How Phishing Works

Victim receives an official looking e-mail from
and ISP, online bank, or government agency
Victim advised he/she must validate or his/her
information to prevent dire consequences
Victim clicks on provided link and is taken to a
spoofed website
Victim asked to enter personal information to
validate/update his/her account
User name, account number, credit card number,
password, etc.

5
Phishing Techniques

Social engineering
Subject To restore access to your bank
account..
Link manipulation
Casual observation leads victim to believe the
link in e-mail is to legitimate web page
Filter evasion
Use of images rather than text

6
Phishing Techniques cont.

Website forgery
Address bar forgery
Cross-scripting
Man-in-the-middle attacks
Phone phishing
Phone message apparently from bank has victim
call phishers using VOIP
Vishing
Other techniques
Pop-up windows over legitimate bank sites

7
Spear Phishing

An e-mail spoofing fraud attempt that targets a
specific organization, seeking unauthorized
access to confidential data
E-mail appears to come from a trusted source
usually within ones own company
Likely to be conducted by "sophisticated groups
out for financial gain, trade secrets or military
information. NY Times
Overcomes normal suspicions

8
Rock Phish

No one really sure what it is
Wikipedia - phishing tool
Others - one of the most prominent phishing
groups in operation
Techno-savvy
Specializes in European and U.S. financial
institutions
Responsible for 1/3 to 1/2 of all phishing
e-mails sent in any given day
Credit card fraud, money laundering

9
Rock Phish Demo

http//www.youtube.com/watch?v6NviimO64qA

10
Phishing Costs

2.8 billion in 2006
3.2 billion in 2007
350 - 1244 per victim
Most cost born by financial institutions

11
Phishing in 2009
APWG
12
Phishing Laws

CAN SPAM Act
Controls conditions under which unsolicited
commercial e-mail may be sent
Anti-phishing Act of 2004
Did not become law

13
Problems for Law Enforcement

Phishing web sites quickly move from one ISP to
another
7 different servers in 12 days
Average phishing web site active for only 54
hours
Web sites gone long before victim realizes he/she
is a victim
Webs sites have global location

14
Phishing Example
15
(No Transcript)
16
Phishing Example

URL - http//mail.opmcm.gov.np/locale/ar/LC_MESSAG
ES/online.lloydstsb.co.uk/customer.ibcWT.achpIBlo
gon/
202.45.147.69 is from Nepal(NP) in region
Southern and Eastern Asia

17
(No Transcript)
18
(No Transcript)
19
(No Transcript)
20
(No Transcript)
21
(No Transcript)
22
Pharming

Redirecting one web sites traffic to another web
site.

23
Nigerian 419s

An advance-fee fraud in which the target is
persuaded to advance sums of money in the hope of
realizing a significantly larger gain.

(Wikipedia.org)
24
Nigerian 419 e-mail scams

Advanced Fee Fraud - (AFF)
419 - Nigerian criminal code
Originated in early 1980s as Nigerian oil
profits declined
One of Nigerias most important export
industries
Many variations

25
419 Elements

Scammers use Internet Cafes / Spoofed web sites
Official sounding introduction and
correspondence
Uses name of real individual
May use religious theme

26
419 Elements cont.

Knows about a large sum of money that scammer
cannot directly access
Victim offered 10 - 40 of money for assisting
scammer
Victim asked to send money to assist scammer in
accessing large fund
Amount asked for may be large, but not in
comparison to promised portion
Funds transferred by untraceable wire transfer

27
419 Elements cont.

If victim is hooked, scammer will continue to ask
for funds for various purposes
Once victim has invested in scam, he/she will
feel the need to see the deal through
Victim may be scammed a second time by scammer
pretending to be law enforcement or government
official

28
Problems for Law Enforcement

Anonymity
Jurisdiction
Untraceable wire transfer
Prosecutions by Nigerian government have become
opportunities for bribery

29
Example Recent 419 Scam
30
High-Yield Investment Programs

A type of Ponzi scheme, which is an investment
scam that promises an unsustainably high return
on investment by paying previous investors with
the money invested by newcomers.
(Wikipedia.org)

31
Ponzi Scheme

Ponzi schemes are a type of illegal pyramid
scheme named for Charles Ponzi, who duped
thousands of New England residents into investing
in a postage stamp speculation scheme back in the
1920s. Ponzi thought he could take advantage of
differences between U.S. and foreign currencies
used to buy and sell international mail coupons.
Ponzi told investors that he could provide a 40
return in just 90 days compared with 5 for bank
savings accounts. Ponzi was deluged with funds
from investors, taking in 1 million during one
three-hour period and this was 1921! Though a few
early investors were paid off to make the scheme
look legitimate, an investigation found that
Ponzi had only purchased about 30 worth of the
international mail coupons.