Internet Vulnerabilities & Criminal Activity - PowerPoint PPT Presentation

1 / 37
About This Presentation
Title:

Internet Vulnerabilities & Criminal Activity

Description:

Internet Vulnerabilities & Criminal Activity Phishing, Nigerian 419 s, & High-Yield Investment Programs (HYIP) 8.1 3/22/10 HYIP Web Site Start Your Own HYIP HYIP ... – PowerPoint PPT presentation

Number of Views:47
Avg rating:3.0/5.0
Slides: 38
Provided by: ttswComSu
Category:

less

Transcript and Presenter's Notes

Title: Internet Vulnerabilities & Criminal Activity


1
Internet Vulnerabilities Criminal Activity
  • Phishing, Nigerian 419s, High-Yield Investment
    Programs (HYIP)
  • 8.1
  • 3/22/10

2
Phishing
  • The criminally fraudulent process of attempting
    to acquire sensitive information such as
    usernames, passwords and credit card details by
    masquerading as a trustworthy entity in an
    electronic communication.

(Wikipedia.org)
3
Why ph ? Phishing History
  • Original hackers
  • phone freaks phreakers
  • Term first used 1996
  • Coined by hackers who conned AOL users into
    divulging their passwords
  • Phish hacked account
  • Phish traded as currency among hackers by 1997

4
How Phishing Works
  • Victim receives an official looking e-mail from
    and ISP, online bank, or government agency
  • Victim advised he/she must validate or his/her
    information to prevent dire consequences
  • Victim clicks on provided link and is taken to a
    spoofed website
  • Victim asked to enter personal information to
    validate/update his/her account
  • User name, account number, credit card number,
    password, etc.

5
Phishing Techniques
  • Social engineering
  • Subject To restore access to your bank
    account..
  • Link manipulation
  • Casual observation leads victim to believe the
    link in e-mail is to legitimate web page
  • Filter evasion
  • Use of images rather than text

6
Phishing Techniques cont.
  • Website forgery
  • Address bar forgery
  • Cross-scripting
  • Man-in-the-middle attacks
  • Phone phishing
  • Phone message apparently from bank has victim
    call phishers using VOIP
  • Vishing
  • Other techniques
  • Pop-up windows over legitimate bank sites

7
Spear Phishing
  • An e-mail spoofing fraud attempt that targets a
    specific organization, seeking unauthorized
    access to confidential data
  • E-mail appears to come from a trusted source
    usually within ones own company
  • Likely to be conducted by "sophisticated groups
    out for financial gain, trade secrets or military
    information. NY Times
  • Overcomes normal suspicions

8
Rock Phish
  • No one really sure what it is
  • Wikipedia - phishing tool
  • Others - one of the most prominent phishing
    groups in operation
  • Techno-savvy
  • Specializes in European and U.S. financial
    institutions
  • Responsible for 1/3 to 1/2 of all phishing
    e-mails sent in any given day
  • Credit card fraud, money laundering

9
Rock Phish Demo
  • http//www.youtube.com/watch?v6NviimO64qA

10
Phishing Costs
  • 2.8 billion in 2006
  • 3.2 billion in 2007
  • 350 - 1244 per victim
  • Most cost born by financial institutions

11
Phishing in 2009
APWG
12
Phishing Laws
  • CAN SPAM Act
  • Controls conditions under which unsolicited
    commercial e-mail may be sent
  • Anti-phishing Act of 2004
  • Did not become law

13
Problems for Law Enforcement
  • Phishing web sites quickly move from one ISP to
    another
  • 7 different servers in 12 days
  • Average phishing web site active for only 54
    hours
  • Web sites gone long before victim realizes he/she
    is a victim
  • Webs sites have global location

14
Phishing Example
15
(No Transcript)
16
Phishing Example
  • URL - http//mail.opmcm.gov.np/locale/ar/LC_MESSAG
    ES/online.lloydstsb.co.uk/customer.ibcWT.achpIBlo
    gon/
  • 202.45.147.69 is from Nepal(NP) in region
    Southern and Eastern Asia

17
(No Transcript)
18
(No Transcript)
19
(No Transcript)
20
(No Transcript)
21
(No Transcript)
22
Pharming
  • Redirecting one web sites traffic to another web
    site.

23
Nigerian 419s
  • An advance-fee fraud in which the target is
    persuaded to advance sums of money in the hope of
    realizing a significantly larger gain.

(Wikipedia.org)
24
Nigerian 419 e-mail scams
  • Advanced Fee Fraud - (AFF)
  • 419 - Nigerian criminal code
  • Originated in early 1980s as Nigerian oil
    profits declined
  • One of Nigerias most important export
    industries
  • Many variations

25
419 Elements
  • Scammers use Internet Cafes / Spoofed web sites
  • Official sounding introduction and
    correspondence
  • Uses name of real individual
  • May use religious theme

26
419 Elements cont.
  • Knows about a large sum of money that scammer
    cannot directly access
  • Victim offered 10 - 40 of money for assisting
    scammer
  • Victim asked to send money to assist scammer in
    accessing large fund
  • Amount asked for may be large, but not in
    comparison to promised portion
  • Funds transferred by untraceable wire transfer

27
419 Elements cont.
  • If victim is hooked, scammer will continue to ask
    for funds for various purposes
  • Once victim has invested in scam, he/she will
    feel the need to see the deal through
  • Victim may be scammed a second time by scammer
    pretending to be law enforcement or government
    official

28
Problems for Law Enforcement
  • Anonymity
  • Jurisdiction
  • Untraceable wire transfer
  • Prosecutions by Nigerian government have become
    opportunities for bribery

29
Example Recent 419 Scam
30
High-Yield Investment Programs
  • A type of Ponzi scheme, which is an investment
    scam that promises an unsustainably high return
    on investment by paying previous investors with
    the money invested by newcomers.
  • (Wikipedia.org)

31
Ponzi Scheme
  • Ponzi schemes are a type of illegal pyramid
    scheme named for Charles Ponzi, who duped
    thousands of New England residents into investing
    in a postage stamp speculation scheme back in the
    1920s. Ponzi thought he could take advantage of
    differences between U.S. and foreign currencies
    used to buy and sell international mail coupons.
    Ponzi told investors that he could provide a 40
    return in just 90 days compared with 5 for bank
    savings accounts. Ponzi was deluged with funds
    from investors, taking in 1 million during one
    three-hour period and this was 1921! Though a few
    early investors were paid off to make the scheme
    look legitimate, an investigation found that
    Ponzi had only purchased about 30 worth of the
    international mail coupons.

32
HYIP Operators
  • Set up web site offering investments
  • Promised returns of 45 per month, 6 per day
  • No details offered on underlying investments
  • Incorporate in countries with lax investment laws
  • Web sites frequently infect visitors with malware

33
HYIP Monitor Sites
http//lifehyips.net/
34
HYIP Web Site
35
(No Transcript)
36
Start Your Own HYIP
37
HYIP and US Law
  • HYIP is a fraud
  • Prosecution by the SEC - Security Exchange
    Commission
  • Problems
  • Anonymity
  • Jurisdiction
Write a Comment
User Comments (0)
About PowerShow.com