Spam / Phishing Björn Bittins Sebastian Kühnau FHTW-Berlin.
-
Upload
horatio-charles -
Category
Documents
-
view
215 -
download
0
Transcript of Spam / Phishing Björn Bittins Sebastian Kühnau FHTW-Berlin.
![Page 1: Spam / Phishing Björn Bittins Sebastian Kühnau FHTW-Berlin.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e175503460f94b02254/html5/thumbnails/1.jpg)
Spam / Phishing
Björn Bittins
Sebastian Kühnau
FHTW-Berlin
![Page 2: Spam / Phishing Björn Bittins Sebastian Kühnau FHTW-Berlin.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e175503460f94b02254/html5/thumbnails/2.jpg)
Structure
Spam (Sebastian) Definition History Types Counteraction Damage Facts Summary
Phishing (Björn) Definition History Types Counteraction Damage Facts Summary
![Page 3: Spam / Phishing Björn Bittins Sebastian Kühnau FHTW-Berlin.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e175503460f94b02254/html5/thumbnails/3.jpg)
FHTW-BerlinGermany
Spam and Phishing
Spam
Björn BittinsSebastian Kühnau
![Page 4: Spam / Phishing Björn Bittins Sebastian Kühnau FHTW-Berlin.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e175503460f94b02254/html5/thumbnails/4.jpg)
FHTW-BerlinGermany
Spam and Phishing
Definition of SPAM
massmail, not personal addressed, unwanted (commercial) content
„recipient's personal identity and context are irrelevant because the message is equally applicable to many other potential recipients“
www.spamhaus.org
Björn Bittins Sebastian Kühnau
![Page 5: Spam / Phishing Björn Bittins Sebastian Kühnau FHTW-Berlin.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e175503460f94b02254/html5/thumbnails/5.jpg)
FHTW-BerlinGermany
Spam and Phishing
History
spam: trademark for canned meat (spiced ham)
word first used in a Monty Python sketch
first spam mail in 1978:Digital Equipment Corp. sent commercial to 400users of ARPANET
Björn Bittins Sebastian Kühnau
![Page 6: Spam / Phishing Björn Bittins Sebastian Kühnau FHTW-Berlin.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e175503460f94b02254/html5/thumbnails/6.jpg)
FHTW-BerlinGermany
Spam and Phishing
Types
UBE (unsolicited bulk email)
UCE (unsolicited commercial email)
collateral spam
forum-spam
index spamming, wiki spam, spam over mobile phone (Spom)
phishing mails
own type of spam for every type of communication channel
Björn Bittins Sebastian Kühnau
![Page 7: Spam / Phishing Björn Bittins Sebastian Kühnau FHTW-Berlin.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e175503460f94b02254/html5/thumbnails/7.jpg)
FHTW-BerlinGermany
Spam and Phishing
Counteraction
on user site: using disposable mail adresses post no mail adresses on public boards
trash-mail.com
on blog/wiki operator site using „captchas“ for
posting messages
on mail server operator site black-/white-/greylisting using a secure configuration (no open relay)
Björn Bittins Sebastian Kühnau
![Page 8: Spam / Phishing Björn Bittins Sebastian Kühnau FHTW-Berlin.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e175503460f94b02254/html5/thumbnails/8.jpg)
FHTW-BerlinGermany
Spam and Phishing
General counteraction
changes in protocols (SMTP)
legal basic conditions (laws)
use of spam filters (bayes filter)
Björn Bittins Sebastian Kühnau
![Page 9: Spam / Phishing Björn Bittins Sebastian Kühnau FHTW-Berlin.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e175503460f94b02254/html5/thumbnails/9.jpg)
FHTW-BerlinGermany
Spam and Phishing
Damage
Björn Bittins Sebastian Kühnau
financial loss (for provider/receiver)
loss of time / productivity
slowdown of mail traffic / breakdown of server
spam filters are needed
![Page 10: Spam / Phishing Björn Bittins Sebastian Kühnau FHTW-Berlin.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e175503460f94b02254/html5/thumbnails/10.jpg)
FHTW-BerlinGermany
Spam and Phishing
Facts / Statistics
Spam Statistics – (2003)Email considered Spam 40% of all
Daily Spam emails sent 12,4 billion
Annual Spam recieved per person 2.200
Spam cost to all non corp users $255 million
Spam cost to all U.S. Corporations in 2002
$8,9 billion
States with Anti-Spam Laws 26
Email address changes due to spam 16%
Estimated Spam increase by 2007 63%
Annual Spam in 1.000 employee company
2.1 million
Users who reply to Spam email 28%
Users who purchased from Spam email 8%
Corporate email that is considered Spam
15-20%
Wasted corporate time per Spam email 4-5 secounds
10 worst Spam origin Countries – (2003)Rank Country Number of current
known spam issues
1 United States 1993
2 China 448
3 Russia 258
4 United Kingdom 213
5 South Korea 185
6 Germany 177
7 Japan 171
8 Canada 149
9 France 145
10 Italy 134
www.spam-filter-review.toptenreviews.com/spam-statistics.html www.spamhaus.org/statistics/countries.lasso
Björn Bittins Sebastian Kühnau
![Page 11: Spam / Phishing Björn Bittins Sebastian Kühnau FHTW-Berlin.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e175503460f94b02254/html5/thumbnails/11.jpg)
FHTW-BerlinGermany
Spam and Phishing
more Facts / Statistics
Björn BittinsSebastian Kühnau
www.computerbase.de
- 2006
![Page 12: Spam / Phishing Björn Bittins Sebastian Kühnau FHTW-Berlin.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e175503460f94b02254/html5/thumbnails/12.jpg)
FHTW-BerlinGermany
Spam and Phishing
Summary
Björn Bittins - FHTWSpam / Phishing
unwanted mail, without preexisting relationship
almost every communication channel has it‘s own type of spam
counteraction: on user/operator site
causes damage in many areas
![Page 13: Spam / Phishing Björn Bittins Sebastian Kühnau FHTW-Berlin.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e175503460f94b02254/html5/thumbnails/13.jpg)
FHTW-BerlinGermany
Spam and Phishing
Phishing
Björn Bittins - FHTWSpam / Phishing
![Page 14: Spam / Phishing Björn Bittins Sebastian Kühnau FHTW-Berlin.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e175503460f94b02254/html5/thumbnails/14.jpg)
FHTW-BerlinGermany
Spam and Phishing
Definition of phishing
Björn Bittins - FHTWSpam / Phishing
neogolism for password fishing
getting confidential personal information from a user by pretending to be a serious provider (e.g. bank, eBay)
![Page 15: Spam / Phishing Björn Bittins Sebastian Kühnau FHTW-Berlin.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e175503460f94b02254/html5/thumbnails/15.jpg)
FHTW-BerlinGermany
Spam and Phishing
History of phishing
Björn Bittins - FHTWSpam / Phishing
1990‘s: AOL accounts were stolen to share illegal content (warez)
2001: first known phishing attack against payment service (E-gold)
since 2004: phishing is recognized as fully industrialized part of crime scene
![Page 16: Spam / Phishing Björn Bittins Sebastian Kühnau FHTW-Berlin.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e175503460f94b02254/html5/thumbnails/16.jpg)
FHTW-BerlinGermany
Spam and Phishing
Types / Functionality
Björn Bittins - FHTWSpam / Phishing
email phishing sending mails that look
trustworthy to user
“man in the middle” – attack uses trojan horses to
intercept personal information
![Page 17: Spam / Phishing Björn Bittins Sebastian Kühnau FHTW-Berlin.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e175503460f94b02254/html5/thumbnails/17.jpg)
FHTW-BerlinGermany
Spam and Phishing
Types / Functionality
Bjoern BittinsSebastian Kuehnau
![Page 18: Spam / Phishing Björn Bittins Sebastian Kühnau FHTW-Berlin.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e175503460f94b02254/html5/thumbnails/18.jpg)
FHTW-BerlinGermany
Spam and Phishing
Types / Functionality
Björn Bittins - FHTWSpam / Phishing
email phishing sending mails that look
trustworthy to user
“man in the middle” – attack uses trojan horses to
intercept personal information
![Page 19: Spam / Phishing Björn Bittins Sebastian Kühnau FHTW-Berlin.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e175503460f94b02254/html5/thumbnails/19.jpg)
FHTW-BerlinGermany
Spam and Phishing
Types / Functionality
Bjoern BittinsSebastian Kuehnau
![Page 20: Spam / Phishing Björn Bittins Sebastian Kühnau FHTW-Berlin.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e175503460f94b02254/html5/thumbnails/20.jpg)
FHTW-BerlinGermany
Spam and Phishing
Counteraction / Protection
Björn Bittins - FHTWSpam / Phishing
phishing filtercompares website with a black listsenses typical criteria of phishing mails
avoid clicking on links from untrustworthy sources
be sensible in publishingprivate data
![Page 21: Spam / Phishing Björn Bittins Sebastian Kühnau FHTW-Berlin.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e175503460f94b02254/html5/thumbnails/21.jpg)
FHTW-BerlinGermany
Spam and Phishing
Counteraction / Protection
Bjoern BittinsSebastian Kuehnau
![Page 22: Spam / Phishing Björn Bittins Sebastian Kühnau FHTW-Berlin.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e175503460f94b02254/html5/thumbnails/22.jpg)
FHTW-BerlinGermany
Spam and Phishing
Damage
Björn Bittins - FHTWSpam / Phishing
wide range of damage possible denial of access to mail account identitytheft (used to commit crime) financial loss
US 04-05: 1.2 mio user suffered loss of $ 929mio UK losses by bank fraud (mostly phishing)
2004: £ 12.2mio 2005: £ 23.2mio
Forrester survey (2005) “trillion dollar problem”
![Page 23: Spam / Phishing Björn Bittins Sebastian Kühnau FHTW-Berlin.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e175503460f94b02254/html5/thumbnails/23.jpg)
FHTW-BerlinGermany
Spam and Phishing
Facts / Statistics
Björn Bittins - FHTWSpam / Phishing
2004: one in every 943 mails
2005: one in every 304 mails
![Page 24: Spam / Phishing Björn Bittins Sebastian Kühnau FHTW-Berlin.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e175503460f94b02254/html5/thumbnails/24.jpg)
FHTW-BerlinGermany
Spam and Phishing
Facts / Statistics 2
Björn Bittins - FHTWSpam / Phishing
origin of phishing attacks
![Page 25: Spam / Phishing Björn Bittins Sebastian Kühnau FHTW-Berlin.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e175503460f94b02254/html5/thumbnails/25.jpg)
FHTW-BerlinGermany
Spam and Phishing
Summary
Björn Bittins - FHTWSpam / Phishing
getting confidential personal information
email phishing / “man in the middle” – attacks
amount of phishing attacks grows
phishing filter / user awareness
wide range of damage
![Page 26: Spam / Phishing Björn Bittins Sebastian Kühnau FHTW-Berlin.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e175503460f94b02254/html5/thumbnails/26.jpg)
FHTW-BerlinGermany
Spam and Phishing
The End
Questions?
Björn Bittins - FHTWSpam / Phishing
![Page 27: Spam / Phishing Björn Bittins Sebastian Kühnau FHTW-Berlin.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e175503460f94b02254/html5/thumbnails/27.jpg)
FHTW-BerlinGermany
Spam and Phishing
Sources
http://www.forrester.com
http://www.bsi.de
http://www.spamhaus.org
http://www.spampolitik.de
http://en.wikipedia.org
Björn Bittins - FHTWSpam / Phishing