Ichthyological anatomy, or a study of phish

Michael Morgan IBM CERT A/NZ

This paper describes the progression of techniques at financial fraud using social engineering and other methods to obtain financial credentials, and proceeds to cover options available to financial institutions to defend themselves and their clients from exploitation of stolen credentials.

The examples are based on actual phishing expeditions against international banks and the steps taken in investigating and responding to these attacks, including the problems of obtaining a 'get out of jail free' card in such circumstances, and the embarrassment this might present.

The attacks reported range from emails inviting prospective victims to visit a fake website, emails incorporating logon processes within themselves, hijacking web-browsing activity, to keyloggers targeting specific financial institutions.

We conclude with some speculation on future vectors and possible steps to prevent widespread use of these vectors. These steps cover public education, supplementary authentication factors, behavioural analysis, and denial of services to potential perpetrators.

VB Conferences

VB2011 (Barcelona)

VB2010 (Vancouver)

VB2009 (Geneva)

VB2008 (Ottawa)

VB2007 (Vienna)

VB2006 (Montréal)

VB2005 (Dublin)

VB2004 (Chicago)

VB2003 (Toronto)

VB2002 (New Orleans)

VB2001 (Prague)

VB2000 (Orlando)

VB99 (Vancouver)

VB98 (Munich)

VB97 (San Francisco)

VB96 (Brighton)

VB95 (Boston)

VB94 (Jersey)

VB93 (Amsterdam)

VB92 (Edinburgh)

VB91 (Jersey)

‘I attend a variety of security conferences and events each year and VB continues to be my favourite. Great content, great networking, great organisation.’

Poll

Do you use the same password(s) across multiple websites?

Leave a comment
View 4 comments

VB2010

VB2010 will take place 29 September-1 October 2009 at the Westin Bayshore, Vancouver, BC, Canada. Early bird discount available until 15th June 2010.

Virus Bulletin currently has 190,938 registered users.

Fighting malware and spam