Date post: | 26-Dec-2015 |
Category: |
Documents |
Upload: | horatio-charles |
View: | 215 times |
Download: | 0 times |
Spam / Phishing
Björn Bittins
Sebastian Kühnau
FHTW-Berlin
Structure
Spam (Sebastian) Definition History Types Counteraction Damage Facts Summary
Phishing (Björn) Definition History Types Counteraction Damage Facts Summary
FHTW-BerlinGermany
Spam and Phishing
Spam
Björn BittinsSebastian Kühnau
FHTW-BerlinGermany
Spam and Phishing
Definition of SPAM
massmail, not personal addressed, unwanted (commercial) content
„recipient's personal identity and context are irrelevant because the message is equally applicable to many other potential recipients“
www.spamhaus.org
Björn Bittins Sebastian Kühnau
FHTW-BerlinGermany
Spam and Phishing
History
spam: trademark for canned meat (spiced ham)
word first used in a Monty Python sketch
first spam mail in 1978:Digital Equipment Corp. sent commercial to 400users of ARPANET
Björn Bittins Sebastian Kühnau
FHTW-BerlinGermany
Spam and Phishing
Types
UBE (unsolicited bulk email)
UCE (unsolicited commercial email)
collateral spam
forum-spam
index spamming, wiki spam, spam over mobile phone (Spom)
phishing mails
own type of spam for every type of communication channel
Björn Bittins Sebastian Kühnau
FHTW-BerlinGermany
Spam and Phishing
Counteraction
on user site: using disposable mail adresses post no mail adresses on public boards
trash-mail.com
on blog/wiki operator site using „captchas“ for
posting messages
on mail server operator site black-/white-/greylisting using a secure configuration (no open relay)
Björn Bittins Sebastian Kühnau
FHTW-BerlinGermany
Spam and Phishing
General counteraction
changes in protocols (SMTP)
legal basic conditions (laws)
use of spam filters (bayes filter)
Björn Bittins Sebastian Kühnau
FHTW-BerlinGermany
Spam and Phishing
Damage
Björn Bittins Sebastian Kühnau
financial loss (for provider/receiver)
loss of time / productivity
slowdown of mail traffic / breakdown of server
spam filters are needed
FHTW-BerlinGermany
Spam and Phishing
Facts / Statistics
Spam Statistics – (2003)Email considered Spam 40% of all
Daily Spam emails sent 12,4 billion
Annual Spam recieved per person 2.200
Spam cost to all non corp users $255 million
Spam cost to all U.S. Corporations in 2002
$8,9 billion
States with Anti-Spam Laws 26
Email address changes due to spam 16%
Estimated Spam increase by 2007 63%
Annual Spam in 1.000 employee company
2.1 million
Users who reply to Spam email 28%
Users who purchased from Spam email 8%
Corporate email that is considered Spam
15-20%
Wasted corporate time per Spam email 4-5 secounds
10 worst Spam origin Countries – (2003)Rank Country Number of current
known spam issues
1 United States 1993
2 China 448
3 Russia 258
4 United Kingdom 213
5 South Korea 185
6 Germany 177
7 Japan 171
8 Canada 149
9 France 145
10 Italy 134
www.spam-filter-review.toptenreviews.com/spam-statistics.html www.spamhaus.org/statistics/countries.lasso
Björn Bittins Sebastian Kühnau
FHTW-BerlinGermany
Spam and Phishing
more Facts / Statistics
Björn BittinsSebastian Kühnau
www.computerbase.de
- 2006
FHTW-BerlinGermany
Spam and Phishing
Summary
Björn Bittins - FHTWSpam / Phishing
unwanted mail, without preexisting relationship
almost every communication channel has it‘s own type of spam
counteraction: on user/operator site
causes damage in many areas
FHTW-BerlinGermany
Spam and Phishing
Phishing
Björn Bittins - FHTWSpam / Phishing
FHTW-BerlinGermany
Spam and Phishing
Definition of phishing
Björn Bittins - FHTWSpam / Phishing
neogolism for password fishing
getting confidential personal information from a user by pretending to be a serious provider (e.g. bank, eBay)
FHTW-BerlinGermany
Spam and Phishing
History of phishing
Björn Bittins - FHTWSpam / Phishing
1990‘s: AOL accounts were stolen to share illegal content (warez)
2001: first known phishing attack against payment service (E-gold)
since 2004: phishing is recognized as fully industrialized part of crime scene
FHTW-BerlinGermany
Spam and Phishing
Types / Functionality
Björn Bittins - FHTWSpam / Phishing
email phishing sending mails that look
trustworthy to user
“man in the middle” – attack uses trojan horses to
intercept personal information
FHTW-BerlinGermany
Spam and Phishing
Types / Functionality
Bjoern BittinsSebastian Kuehnau
FHTW-BerlinGermany
Spam and Phishing
Types / Functionality
Björn Bittins - FHTWSpam / Phishing
email phishing sending mails that look
trustworthy to user
“man in the middle” – attack uses trojan horses to
intercept personal information
FHTW-BerlinGermany
Spam and Phishing
Types / Functionality
Bjoern BittinsSebastian Kuehnau
FHTW-BerlinGermany
Spam and Phishing
Counteraction / Protection
Björn Bittins - FHTWSpam / Phishing
phishing filtercompares website with a black listsenses typical criteria of phishing mails
avoid clicking on links from untrustworthy sources
be sensible in publishingprivate data
FHTW-BerlinGermany
Spam and Phishing
Counteraction / Protection
Bjoern BittinsSebastian Kuehnau
FHTW-BerlinGermany
Spam and Phishing
Damage
Björn Bittins - FHTWSpam / Phishing
wide range of damage possible denial of access to mail account identitytheft (used to commit crime) financial loss
US 04-05: 1.2 mio user suffered loss of $ 929mio UK losses by bank fraud (mostly phishing)
2004: £ 12.2mio 2005: £ 23.2mio
Forrester survey (2005) “trillion dollar problem”
FHTW-BerlinGermany
Spam and Phishing
Facts / Statistics
Björn Bittins - FHTWSpam / Phishing
2004: one in every 943 mails
2005: one in every 304 mails
FHTW-BerlinGermany
Spam and Phishing
Facts / Statistics 2
Björn Bittins - FHTWSpam / Phishing
origin of phishing attacks
FHTW-BerlinGermany
Spam and Phishing
Summary
Björn Bittins - FHTWSpam / Phishing
getting confidential personal information
email phishing / “man in the middle” – attacks
amount of phishing attacks grows
phishing filter / user awareness
wide range of damage
FHTW-BerlinGermany
Spam and Phishing
The End
Questions?
Björn Bittins - FHTWSpam / Phishing
FHTW-BerlinGermany
Spam and Phishing
Sources
http://www.forrester.com
http://www.bsi.de
http://www.spamhaus.org
http://www.spampolitik.de
http://en.wikipedia.org
Björn Bittins - FHTWSpam / Phishing