Capstone Project: Techniques of Computer Forensics for Preventing Email Phishing

Pages: 17 (4655 words)  ·  Bibliography Sources: 10  ·  Level: College Senior  ·  Topic: Education - Computers  ·  Buy This Paper

¶ … Computer Forensics for Preventing Email Phishing

It is no secret that white-collar crime has experienced rapid growth since the advent of the Internet. Reports state that white-collar crime costs average approximately twenty times more than the costs associated with street crime annually. Fraud is a "generic term" that "embraces all multifarious means which human ingenuity can devise, which are resorted to by one individual, to get an advantage over another by false representations." (Singleton, Singleton, and Bologna, 2006) This may include "surprise, trick, cunning and unfair ways by which another is cheated." (Singleton, Singleton, and Bologna, 2006)

Fraud according to the U.S. Supreme Court involves the following variables:

(1) That the individual has made a representation in regard to a material fact;

(2) That such representation is false;

(3) That such representation was not actually believed by the defendant on reasonable grounds, to be true;

(4) That it was made with intent that it should be acted on;

(5) That it was acted on by complainant to his damage; and (6) That in so acting on it the complainant was ignorant of its falsity and reasonably believed it to be true. (Singleton, Singleton, and Bologna, 2006)

Email phishing is one form of fraud as described just above. Email phishing involves the sending of emails that are misrepresentative in some way for the purpose of cheating the recipient of the email. Phishing emails have cost individuals and companies both in monetary terms and in terms of privacy violations and issues. The work of Watson, Holz, and Mueller (2005) entitled "Know Your Enemy: Phishing" states that email phishing is

"…the practice of sending out fake emails, or spam, written to appear as if they have been sent by banks or other reputable organizations, with the intent of luring the recipient into revealing sensitive information such as usernames, passwords, account IDs, ATM PINs or credit card details. Typically, phishing attacks will direct the recipient to a web page designed to mimic a target organization's own visual identity and to harvest the user's personal information, often leaving the victim unaware of the attack.' (Watson, Holz, and Mueller, 2005)

Jakobsson and Soghoian (2009) write in the chapter entitled 'Social Engineering in Phishing' and report that social engineering is a term "used to describe psychological tricks aimed at making victims agree to things they would not have done normally. Phishing is the theft of user credentials, such as passwords, social security numbers, PINs and answers to security questions." (Jakobsson and Soghoian, 2009) Social engineering is stated to have "become prevalent around 2003, it is a crime that is on everybody's lips." (Jakobsson and Soghoian, 2009) in fact, many online crimes are reliant on inducing the victim to take action in some way through "convincing him to do so." (Jakobsson and Soghoian, 2009)

It is necessary to understand the risks faced by consumers to deception and for this needed is an approach that is proactive in nature "in which the expected vulnerabilities are minimized by the selection and deployment of appropriate e-mail and web templates and the use of appropriate e-mail and web templates, and the use of appropriate manners of interaction." (Jakobsson and Soghoian, 2009)

Those who are specifically knowledgeable in terms of technical and technological applications often fail to grasp the average consumer can be protected thorough the security measures they themselves use for protection. However, the average consumer is much more susceptible to social engineering type attacks. It is related that a study involving 2500 subjects and reported by Fogg et al. (2001, 2003) "investigated how different elements of web sites affect people's perception of web sites." (Jakobsson and Soghoian, 2009) Findings show that 23% of individuals in the study overlooked browser-based security clues such as the address bar, the status bar, and the SSL lock icon, and 40% of subjects made the wrong security decision." (Jakobsson and Soghoian, 2009)

II. Project scope proposal

The purpose of this study is to review and examine techniques of computer forensics for email phishing. Towards this end this work will review publicly available information such as is located online via the Internet including company reports, news reports, journal articles, and other such information. Included will be any information assurance risk analyses should consider legitimate, known threats, which pertain to the subject organization, based on the research information gathered, the presumed process strengths and vulnerabilities or any organizational computing and networking infrastructure will be identified in depth.

III. Forensic Methodology, Requirements, Issues and Trends

According to the Frost and Sullivan work entitled "Key Challenges in Fighting Phishing and Pharming" phishers in avoidance of anti-phishing text techniques of anti-phishing systems scans over websites, use several Flash-based websites methods hiding a multimedia object. (paraphrased) as well, for avoiding the anti-phishing filters current used, "phishers are using images instead of text to make it harder to detect text commonly used in phishing emails. A user facing a phishing site should be able to differentiate what text is and what an image is." (nd) Additionally reported is that "new and improved telecommunications infrastructure gives to phishers the ability to control and access in new ways with new techniques for cybercrime." (nd) Large Internet-based companies including those such as "AOL, MySpace, and Paypal, and retailers such as TJX Companies, have been victims and have had to spend large amounts of capital -- and jeopardized branding -- due to phishing attacks." (Frost and Sullivan, nd)

The specific incidents reported in the Frost and Sullivan report are those as follows:

1. Early phishing in AOL: Posing as an AOL staff member sending an instant message to a potential victim, phishers ask users to reveal passwords in order to "verify your account" or "confirm billing information. This way, hackers used phishing to obtain legitimate AOL accounts (1990).

2. PayPal: Users were redirecting to a fake site in an attempt to collect password details (2005).

3. MySpace: A computer worm altered links to redirect visitors to designed websites, stealing login details (2006).

4. Banamex: Despite all preventive phishing attacks through the use of OTP tokens (One-Time Passwords and keys for a single use), in 2006 phishers attacked the Banamex OTP token (named NetKey), using it as an excuse of the system itself, based on the token, to generate confusion among users and ask them to provide the passwords. This is not the first attack to this entity. (2006)

5. Banco Chile: A phishing email with the bank's logo: "During our regular maintenance and verification processes, we have detected an error in the information we have associated with your account." The mail content specifies some factors which could provoke the error and contains a phishing link at the bottom of the email. (2008)

6. Twitter: A phishing scam spreading quickly via direct message, "Hi, this you on here?," and providing a phishing link which can take your personal information and hijack accounts.(2009) (Frost and Sullivan, nd)

It is reported in a Symantec Blog article written by Antonio Forzieri (2008) that there are specific dilution strategies which are classified by the type of data provided to the phishing site:

(1) Random Data -- a large amount of random unformatted data is submitted. This strategy attempts to fill up the collection point, but has a drawback in that the fraudsters can easily identify fake data.

(2) Properly Formatted Data: a large amount of properly formatted data is submitted. This process avoids the drawback of the first dilution type, but still fills up the collection point.

(3) Tag Data: this time, the fake data submitted is indeed valid and accepted by the institution's website. The injection of this data allows financial institutions to more easily track criminals and gain additional forensic information. (Forzieri, 2008)

Frost and Sullivan report that there are several classifications of 'phishing' which include the following types of phishing:

1. Deceptive Phishing: It is the most common one. Consists of a deceptive email masquerading as a trusted company. The recipient clicks on the link contained in the message, unconsciously being readdressed to a fraudulent website.

2. Malware-Based Phishing: Refers to a variant of phishing attacks that involves the execution of malicious software on the user's computer. The user must perform some functions that allow the execution of the malware on the computer (open an attachment, visit a website and download a program, etc.).

3. Keyloggers / Screen loggers: Keyloggers are programs that record keystrokes when installed in the computer, with access to a registered website. Data are recorded by the program and sent to the phisher over Internet. Screen loggers have the same function, but capture screen images.

4. Session Hijacking: Describes the assault that occurs once the user has accessed any website registered by the software. These programs are often disguised as browser components.

5. Web Trojans: Program with pop-up screen appearance over legitimate web pages validations. The user might think he or she is entering details on a real website, while in reality it is being done in the malware.

6. System Reconfiguration Attacks:… [END OF PREVIEW]

Incident Response and Computer Forensic Investigation Research Paper


Computer Surveillance Term Paper


Evidence Elimination Tools Essay


IT Security Lang, David. A Graphic Picture Term Paper


Digital Forensics: Issues and Developments Case Study


View 58 other related papers  >>

Cite This Capstone Project:

APA Format

Techniques of Computer Forensics for Preventing Email Phishing.  (2010, July 7).  Retrieved November 14, 2019, from https://www.essaytown.com/subjects/paper/techniques-computer-forensics-preventing/6224053

MLA Format

"Techniques of Computer Forensics for Preventing Email Phishing."  7 July 2010.  Web.  14 November 2019. <https://www.essaytown.com/subjects/paper/techniques-computer-forensics-preventing/6224053>.

Chicago Format

"Techniques of Computer Forensics for Preventing Email Phishing."  Essaytown.com.  July 7, 2010.  Accessed November 14, 2019.
https://www.essaytown.com/subjects/paper/techniques-computer-forensics-preventing/6224053.