i.e. modifying the domain name system. in-depth Computer Forensics: Communication of Methods, Processes and Procedures
7. DNS-Based Phishing ("Pharming"): This offense is based on interference in the domain name searching process by modifying the domain name resolution sending the user to a different IP address.
8. Content-Injection Phishing: The phisher introduces fraudulent content into a legitimate website.
9. Data Theft: Malicious code that collects sensitive information stored within the machines in which it is installed.
10. Man-in-the-Middle Phishing: The phisher takes a position between user's PC and the server filtering, reading and modifying information.
11. Hosts File Poisoning: This is another option for pharming. In this case the attack is carried out by the host's card index hosted on DNS' servers.
12. Spear Phishing: One of the newest phishing strategies. It targets a specific company and uses e-mails to train individuals at various locations. (Frost and Sullivan, nd)
It is reported that the types of websites attacked by phishers include such as banks and customers with online payment services. The general method of attack is carried out through an email or instant message that persuades users to enter personal details at a fraudulent website that appears to be a legitimate one. The majority of phishing attacks use "misspelled URLs or use sub-domains provided in emails which appear to belong to the legitimate organization. Another form of phishing known as IDN spoofing involves the use of URLs and IDNs by phishers in web browsers that appear identical to those of a trusted organization however, the open URL redirectors are used for disguising malicious URLs with a trusted domain. It is reported that certificates fail to address this problem since the phisher can purchase a valid certificate which can be modified in order to spoof a real website.
Other attacks include 'cross-site scripting' which is reported as a "type of an attack which is very difficult to spot without a specialist's knowledge; this is when phishers use errors in a trusted website's own scripts against the victim. The script directs the user to sign in at their own web page (the web address and security certificates seem to be correct), but in reality the link to the website is crafted to carry out the attack." (Frost and Sullivan, nd) Finally, another technique used is popup windows that request the individual's credentials "on top of the legitimate website, in a way that seems that the website is requesting this sensitive information." (Frost and Sullivan, nd) This is a technique reported to be used primarily in banks.
The report of Frost and Sullivan states that challenges include those of:
(1) Lack of knowledge in the differentiation of threats;
(2) Perception of high prices;
(3) Lack of quantifiable ROI; and (4) Fear of outsourcing security. (Frost and Sullivan, nd)
Trends and technologies reported by Sullivan and Frost include those related to the evolution of phishing attacks in the short, medium and long-term. Included in short-term phishing evolution is stated to be the increase in the "volume and degree of vulnerabilities and attacks is turning electronic security into an increasingly complex and broad issue, so the need for specialized professionals and solutions reinforcing network and electronic security is becoming clearer to companies." (Frost and Sullivan, nd)
It is reported that another strong driver of growth of the internet security market in view of the short-term is the "pressure of regulatory acts, such as the Sarbanes-Oxley, Basel II, and compliance with payment card industry international regulations (PCI)…" (Frost and Sullivan, nd) it is additionally reported that the "enterprise scope turn virtual by incorporating mobile workers, remote sites, home-offices and even vendors and partners within the same corporate network. In this context, security solutions appear as a strategic tool for a reliable and efficient network operation." (Frost and Sullivan, nd) in the analysis of industries it is reported that ISPs as well as banking and ...
Frost and Sullivan report that there are several forensic applications that can be used for detecting phishing including those as follows:
(1) Detect Monitoring Service -- work through identification accuracy checking and used for addressing phishing issues. This is a real-time connection monitoring service that is in receipt of transactional sites on the client side, with the client's information "correlated with data obtained from malicious activity in the industry. (Frost and Sullivan, nd)
(2) Early Notification -- Detect CA proprietary methodology that has the capacity to identify "specific patterns and behaviors that typically occur at the early stages of a phishing attack, providing a way to stop an attack even before it becomes a real threat." (Frost and Sullivan, nd)
(3) Malware Monitoring Services - monitors on a daily basis hundreds of samples of new financially-motivated malware which enables the company to proactively and quickly implement an action plan when a malicious code is attacking clients. (Frost and Sullivan, nd)
(4) Phishing Alerts - prevents, detects and recovers from phishing and malware attacks. The solution addresses the entire lifecycle of an alert, providing the right, just-in-time help when clients need it most. (Frost and Sullivan, nd)
The work of Abu-Nimeh, Nappa, Wang and Nair (2007) entitled "A Comparison of Machine Learning Techniques for Phishing Detection" reports that there are three main categories of phishing and fraud defense mechanisms:
(2) preventive; and (3) corrective. (Abu-Nimeh, Nappa, Wang and Nair, 2007)
These solutions include such as 'anti-phishing toolbars' which are used for attempting to alleviate the problem of phishing. According to Abu-Nimeh, Nappa, Wang and Nair Although these toolbars help mitigate the problem, many research studies have demonstrated the ineffectiveness of such techniques." (2007)
Two primary problems with this solution are those of:
(1) quite often the spoofed link is tested without any consideration to the context in which it was presented to the user thereby losing accuracy; and (2) once the user enters the address of the phishing site in the browser address bar, the user is exposed immediately to any attack carried by the site. (Abu-Nimeh, Nappa, Wang and Nair, 2007)
The phishing and fraud solutions in the three categories are listed in the table below.
Categories of Phishing and Fraud Solutions
Source: Abu-Nimeh, Nappa, Wang and Nair (2007)
The work of Wu, et al.
(2006) conducted an evaluation of the effectiveness of security toolbars in the prevention of phishing attacks. Experiments were performed on three security toolbars, as well as the browsers address bar and the status bar. Included in the study were 30 individuals which all showed that the toolbars that were tested were "ineffective in preventing phishing attacks. Users were spoofed 34% of the time. 20 out of 30 users got spoofed by at least one phishing attack. 85% of the spoofed users thought that websites look legitimate or exactly the same as they visited before. 40% of the spoofed users were tricked because of poorly designed websites, especially when using improper redirections." (Abu-Nimeh, Nappa, Wang and Nair, 2007) Two primary reasons that users fell under these attacks are stated to be those as follows:
(1) users discarded the toolbar display, as the content of the web pages looks legitimate or professional; and (2) companies do not follow good practice in designing their websites and the toolbar cannot help users distinguish poorly designed website from malicious phishing attacks. (Abu-Nimeh, Nappa, Wang and Nair, 2007)
The work of Knickerbocker, Yu, and Li (2009) entitled "Humboldt: A Distributed Phishing Disruption System" states that conventional techniques "for combating phishing have focused primarily on detecting phishing web sites and preventing users from revealing their passwords to such sites." This type of protection is stated to be inherently "incomplete and does nothing to protect users that do not reveal their passwords. Combating the phishing threat requires more than simple avoidance -- it requires a more active approach to disrupting even successful phishing operations." (Knickerbocker, Yu and Li, 2009)
The anti-phishing system introduced by Knickerbocker, Yu and Li (2009) is that called "Humboldt" which is similar to another system 'BogusBiter' which "…poisons the data that phishers obtain en masse in order to actively disrupt phishing activity." (Knickerbocker, Yu and Li, 2009) Specifically it is stated that Humboldt "…takes a different approach to injecting fraudulent submissions into the phishing site's collected data. It relies…
in-depth Computer Forensics: Communication of Methods, Processes and Procedures
Typically, a database uses either the simple recovery model or the full recovery model. The full recovery model can be supplemented by switching to the bulk-logged recovery model before bulk operations." (Microsoft, 2010 P. 2). Meanwhile, our company will need to implement the full back up safeguard all our data. Under the full recovery model, the first step is to back up the transaction log. Combination of full back-up with
computer forensics tools and processes used by investigators continually evolve and change over time. Although the material published in the 2008 version of the United States Attorneys' Bulletin includes some stalwart information regarding processes and procedures, the specific issues at stake will have changed drastically in the nearly 8 years since the issue was published. For example, the operating systems and encryption methods would have completely changed from 2008
Studies suggest that even "more "omniscient" technology is likely to be developed" in the near future (Lyon, 2002). Cookies were perhaps the first form of internet surveillance, developed in 1994 as a means for websites to track visitors logging in so they could provide more optimal service (Lyon, 2002). Now cookies have transformed the shape of communication and have further advanced the ability of criminals to survey individual user functions
roles of forensic accountants in preventing and detecting fraud within a business community. The paper highlights the requisites and basic responsibilities of a forensic accountant. The paper also makes references on the special cases where forensic accountants have assisted in fraud detection and prevention. Overview of Forensic Accounting Forensic accounting is the specialty area of accounting used to train an individual to develop the special accounting skills to detect and prevent
Benchmarking Keyloggers for Gathering Digital Evidence on Personal Computers Keyloggers refers to the hardware or software programs, which examine keyboard and mouse activity on a computer in a secretive manner so that the owner of the computer is not aware that their actions are monitored. The keyloggers accumulate the recorded keystrokes for later recovery or remotely convey it to the person employing them. Keyloggers aimed to serve as spyware and currently
Criminal Justice Computers and Their Effects upon Police Efficiency Computer technology has transformed the modern day police department. Numerous systems now provide assistance in fields ranging from communication, to information storage and retrieval, and even allocation of personnel. Properly designed, computer applications save time and energy. They permit police officers to do the work they were hired to do - police. The various articles in this report both feature and support the