Presentation SPAM / phishing
Download
Report
Transcript Presentation SPAM / phishing
Spam / Phishing
Björn Bittins
Sebastian Kühnau
FHTW-Berlin
Structure
Spam (Sebastian)
Definition
History
Types
Counteraction
Damage
Facts
Summary
Phishing (Björn)
Definition
History
Types
Counteraction
Damage
Facts
Summary
Spam
Björn Bittins
Sebastian Kühnau
FHTW-Berlin
Germany
Spam and
Phishing
Definition of SPAM
massmail, not personal addressed, unwanted (commercial)
content
„recipient's personal identity and context are irrelevant
because the message is equally applicable to many other
potential recipients“
www.spamhaus.org
Björn Bittins
Sebastian Kühnau
FHTW-Berlin
Germany
Spam and
Phishing
History
spam: trademark for
canned meat (spiced ham)
word
first used in a
Monty Python sketch
first spam mail in 1978:
Digital Equipment Corp.
sent commercial to 400
users of ARPANET
Björn Bittins
Sebastian Kühnau
FHTW-Berlin
Germany
Spam and
Phishing
Types
UBE (unsolicited bulk email)
UCE (unsolicited commercial email)
collateral spam
forum-spam
index spamming, wiki spam, spam over mobile phone (Spom)
phishing mails
own type of spam for every type of communication channel
Björn Bittins
Sebastian Kühnau
FHTW-Berlin
Germany
Spam and
Phishing
Counteraction
on user site:
using disposable mail adresses
post no mail adresses on public boards
trash-mail.com
on blog/wiki operator site
using „captchas“ for
posting messages
on mail server operator site
black-/white-/greylisting
using a secure configuration (no open relay)
Björn Bittins
Sebastian Kühnau
FHTW-Berlin
Germany
Spam and
Phishing
General counteraction
changes in protocols (SMTP)
legal basic conditions (laws)
use of spam filters (bayes filter)
Björn Bittins
Sebastian Kühnau
FHTW-Berlin
Germany
Spam and
Phishing
Damage
financial loss (for provider/receiver)
loss of time / productivity
slowdown of mail traffic /
breakdown of server
spam filters are needed
Björn Bittins
Sebastian Kühnau
FHTW-Berlin
Germany
Spam and
Phishing
Facts / Statistics
Spam Statistics – (2003)
10 worst Spam origin Countries – (2003)
Email considered Spam
40% of all email
Daily Spam emails sent
12,4 billion
Rank
Country
Number of current
known spam issues
1
United States
1993
Annual Spam recieved per person
2.200
2
China
448
Spam cost to all non corp users
$255 million
3
Russia
258
Spam cost to all U.S. Corporations in 2002
$8,9 billion
4
United Kingdom
213
States with Anti-Spam Laws
26
Email address changes due to spam
16%
5
South Korea
185
Estimated Spam increase by 2007
63%
6
Germany
177
7
Japan
171
Annual Spam in 1.000 employee company
2.1 million
Users who reply to Spam email
28%
8
Canada
149
Users who purchased from Spam email
8%
9
France
145
10
Italy
134
Corporate email that is considered Spam
15-20%
Wasted corporate time per Spam email
4-5 secounds
www.spam-filter-review.toptenreviews.com/spam-statistics.html
Björn Bittins
Sebastian Kühnau
FHTW-Berlin
Germany
www.spamhaus.org/statistics/countries.lasso
Spam and
Phishing
more Facts / Statistics
- 2006
www.computerbase.de
Björn Bittins
Sebastian Kühnau
FHTW-Berlin
Germany
Spam and
Phishing
Summary
unwanted mail, without preexisting relationship
almost every communication channel has it‘s own
type of spam
counteraction: on user/operator site
causes damage in many areas
Björn Bittins - FHTW
Spam / Phishing
FHTW-Berlin
Germany
Spam and
Phishing
Phishing
Björn Bittins - FHTW
Spam / Phishing
FHTW-Berlin
Germany
Spam and
Phishing
Definition of phishing
neogolism for password fishing
getting confidential personal
information from a user by pretending
to be a serious provider (e.g. bank, eBay)
Björn Bittins - FHTW
Spam / Phishing
FHTW-Berlin
Germany
Spam and
Phishing
History of phishing
1990‘s: AOL accounts were stolen to share illegal content (warez)
2001: first known phishing attack against payment service (E-gold)
since 2004: phishing is recognized as fully industrialized part of crime
scene
Björn Bittins - FHTW
Spam / Phishing
FHTW-Berlin
Germany
Spam and
Phishing
Types / Functionality
email phishing
sending mails that look
trustworthy to user
“man in the middle” – attack
uses trojan horses to
intercept personal information
Björn Bittins - FHTW
Spam / Phishing
FHTW-Berlin
Germany
Spam and
Phishing
Types / Functionality
Bjoern Bittins
Sebastian Kuehnau
FHTW-Berlin
Germany
Spam and
Phishing
Types / Functionality
email phishing
sending mails that look
trustworthy to user
“man in the middle” – attack
uses trojan horses to
intercept personal information
Björn Bittins - FHTW
Spam / Phishing
FHTW-Berlin
Germany
Spam and
Phishing
Types / Functionality
Bjoern Bittins
Sebastian Kuehnau
FHTW-Berlin
Germany
Spam and
Phishing
Counteraction / Protection
phishing filter
compares website with a black list
senses typical criteria of phishing mails
avoid clicking on
links from
untrustworthy sources
be sensible in publishing
private data
Björn Bittins - FHTW
Spam / Phishing
FHTW-Berlin
Germany
Spam and
Phishing
Counteraction / Protection
Bjoern Bittins
Sebastian Kuehnau
FHTW-Berlin
Germany
Spam and
Phishing
Damage
wide range of damage possible
denial of access to mail account
identitytheft (used to commit crime)
financial loss
US 04-05: 1.2 mio user suffered loss of $ 929mio
UK losses by bank fraud (mostly phishing)
2004: £ 12.2mio 2005: £ 23.2mio
Forrester survey (2005)
“trillion dollar problem”
Björn Bittins - FHTW
Spam / Phishing
FHTW-Berlin
Germany
Spam and
Phishing
Facts / Statistics
Björn Bittins - FHTW
Spam / Phishing
2004: one in every 943 mails
2005: one in every 304 mails
FHTW-Berlin
Germany
Spam and
Phishing
Facts / Statistics 2
origin of phishing attacks
Björn Bittins - FHTW
Spam / Phishing
FHTW-Berlin
Germany
Spam and
Phishing
Summary
getting confidential personal information
email phishing / “man in the middle” – attacks
amount of phishing attacks grows
phishing filter / user awareness
wide range of damage
Björn Bittins - FHTW
Spam / Phishing
FHTW-Berlin
Germany
Spam and
Phishing
The End
Questions?
Björn Bittins - FHTW
Spam / Phishing
FHTW-Berlin
Germany
Spam and
Phishing
Sources
Björn Bittins - FHTW
Spam / Phishing
http://www.forrester.com
http://www.bsi.de
http://www.spamhaus.org
http://www.spampolitik.de
http://en.wikipedia.org
FHTW-Berlin
Germany
Spam and
Phishing