How to Phry Phish

Really…..how much of a threat is phishing to your corporate network? Here are some examples that will make you think twice.

Last October, the FBI announced a major cybercrime take down called Operation Phish Phry. The investigation uncovered a sophisticated international “phishing” operation that collected personal information from thousands of victims. The FBI says Operation Phish Phry is the largest cybercrime investigation to date in the U.S., with 53 defendants charged in U.S District Court.

According to the indictment, Egyptian-based hackers used phishing techniques to obtain bank account numbers and related personal identification information from bank customers. Phishing attacks frequently begin with an e-mail message purporting to be from a trusted source that actually contains a malicious link. The link directs users to a "spoofed" Web site that looks legitimate but is designed to trick users into disclosing personal information.

Unfortunately, nearly nine in 10 Web users in the U.S. are at risk of online fraud because they can't identify the different forms of phishing currently happening online, according to a YouGov survey. Of the 7 countries included in the research —- the U.S., Germany, Sweden, Australia, India, Denmark and the U.K. — U.S. respondents were least likely to identify the signs of phishing.

The research asked respondents to identify which of two Web site images presented side by side was a fraudulent phishing site. The most frequently missed telltale indicator was misspelling on the site, with 88 percent failing to spot the mistakes that often identify a phishing site. Other indicators that were missed by respondents included the lack of a padlock symbol in the browser address bar (68 percent), a URL containing an unspecified, numerical, domain name (42 percent) and unnecessary requests for additional account information (33 percent).

Fake Messages, Real Danger

Cybercriminals also use a number of other techniques to lure victims into clicking malicious links or opening attachments that carry malware. Fake messages that seem to signal a package pick-up from popular couriers are infected with Trojans. Fake receipts sent via e-mail are infected with malware that leave users vulnerable to identity theft. E-cards are another common source of phishing scams.

Cybercriminals use bogus discounts and promos to lure victims into clicking malicious links, or entering confidential information into fake sites. Often hot retail items are featured in such schemes -- and often prove irresistible. For instance, when the Apple iPhone was new, fake advertisements and Web sites for it infected users with the Trojan TROJ_AYFONE.

Users who fill out seemingly harmless online surveys in exchange for gift cards, cash, free items or special promotions risk identity theft. Compromised survey pages are actually phishing sites designed to steal confidential information.

Cybercriminals also prey on users’ generosity, using fake charity sites for a variety of scams: spammers send out messages pleading for donations to help victims of newsworthy calamities. Generous users who open the message and click on the link to donate end up robbed of cash and confidential information.

Social Networking Scams Surge

The FBI warns that there has been an increase in the hijacking of social networking accounts, citing a growing number of reports to the Internet Crime Complaint Center (IC3) about cybercriminals hijacking accounts and sending out distress messages claiming they are in some sort of legal or medical peril and requesting money from their social networking contacts. Nearly 3,200 cases of account hijackings have been reported to the IC3 since 2006.

Cybercriminals are also using spam to promote phishing sites, claiming a violation of the terms of service agreement or creating some other issue that needs to be resolved. Other spam entices users to download an application or view a video. Some of these messages appear to be sent from friends, giving the perception of legitimacy. Once the user responds to a phishing site, downloads an application, or clicks on a video link, the electronic device they’re using becomes infected with malicious code.

According to industry researchers, the average loss from phishing is now over $3,000 per incident and the total damages suffered by users victimized by phishing are well over $1 billion per year. Banking and retail sites, including Amazon.com, Ebay and PayPal, have been some of the most popular for criminals to impersonate with counterfeit sites using phishing schemes.

Social networking sites, such as MySpace and Facebook, are also key targets for ”social phishing” since personal details included within such sites can be used in identity theft. Experiments show a success rate of over 70 percent for phishing attacks on social networks. Many phishers will try to get around anti-phishing solutions by using SSL encryption.

Blue Coat to the Rescue — in Real Time

Blue Coat's WebFilter™ is the next generation of Web filtering, created by combining URL filtering and anti-malware technologies together into a collaborative cloud defense architecture.

The Blue Coat Real-Time Anti-Phishing protection technology assesses the Web page being requested using Blue Coat WebFilter and Dynamic Real Time Rating (DRTR). Blue Coat WebFilter runs on current ProxySG appliances and uses Dynamic Real Time Rating technology to keep up with the ever-changing Internet and phishing sites. DRTR is based on patented technology that can categorize ”on the fly” new, unfamiliar Web sites as they are being requested; it then blocks or allows a user’s access according to the rating DRTR assigns and in accordance with the organization’s or user’s policies. The entire dynamic content filtering process can be completed in 250 to 750 milliseconds.

If the page is not found in the Blue Coat WebFilter database, a query is sent to Blue Coat Labs where the Web page is analyzed automatically in real time. Because these phishing Web sites are only up for a short time — ranging from hours to minutes — it’s hard for most anti-phishing databases to catch them. This is why having a solution that assess URLs on the fly is essential.

Blue Coat WebFilter™ is continuously updated by the WebPulse community watch cloud defense that detects hidden malware and provides reputation and Web content analysis. WebFilter is 100% user -driven for relevance, creating an unmatched real-time Web content rating service. WebPulse uses Dynamic Link Analysis (DLA) to check popular Web sites for attack injections and search engine results for bait pages, both of which lead to Web threats via dynamic links. WebPulse provides cloud intelligence to ProxySG Web gateways, and to ProxyClient and K9 Web Protection remote clients.
WebFilter provides over 7 billion ratings per day for over 62 million users located in the largest enterprise and service provider networks around the world.

Yes, phishing really is considerable threat; fortunately most ploys can be thwarted through real-time assessment. For more information in implementing a Blue Coat solution to protect your enterprise, call Milestone Systems, Inc.  ##