Personal website of Jules Steevens MSc.

Phishing research - Master thesis

Posted: 3-11-2005

Summary

“Desktop security” – The protection of internet users against phishing

Student: Jules Steevens
Supervisor: Mr. Dr. Ir. Ir. L.M.M. Royakkers (website)

Download thesis

This graduation research is aimed to look for means to protect internet users from digital theft of personal (sensitive) data, called phishing. Phishing is defined as stealing personal (sensitive) data from internet users with which an attacker (in most cases) can capture money at the cost of the internet user.

The research states the anatomy of phishing attacks, gives the causes of the phenomenon, shows the possible set of measures to protect internet users against phishing and shows the effectiveness of the measures.

There are two types of phishing attacks who can be characterized as strategies. The first strategy consists of an deceiving e-mail in which internet users are led to a fake website to be mislead to hand over personal (sensitive) data.

The second strategy makes use of malware with the exact same purpose. Malware is malicious software, like viruses, Trojan horses and the like. Phishing attackers try to infect computers in several ways, for example through spamming of malicious websites. At this point, the malware can chose between two alternatives: Either it can log all keystrokes, analyze it and send all interesting details to the attacker or it can make sure that the internet user will be redirected to a malicious website when browsing to his (for example) personal banking website. In the last case the user will be deceived to hand over personal (sensitive) data just like the first strategy.

Out of the research have come eight main causes of the phishing phenomenon:

• Law enforcement departments have very limited possibilities to hunt down and prosecute digital criminals
• Online credit cards payments are easily defrauded
• Authentication of parties via communications channels (e-mail / websites) is very limited
• The safety of software (applications and operating systems) is very limited
• The yield of phishing attacks is very high
• There is only limited knowledge with internet users about the detection of phishing attacks
• Phishing attackers are professionalizing
• The safety of online banking authentication systems if limited

The phishing phenomena is a complex problem. This means that multiple actors play a role in the causing and possibly solving of the problem. There is no person or party (besides the attackers themselves) that has the power to take away all causes of phishing.

There are two victim parties in the phishing issue. These are the internet users (by losing their sensitive data and possibly money) and companies (who experience financial and loss of image).

In phishing attacks computers of third parties are used. These are hacked or malware infected computers of internet users on which applications like webservers or e-mail servers are installed. In some cases whole networks of computers are controlled and used to perform certain task. For example sending massive amounts of fake emails. In case a massive amount of computers is controlled by an attacker we call that network of computers a botnet.

In this research there has been looked for solutions from the viewpoint of the causes which led to the problem. The possible solutions are stated as measures in the categories judicial, technological and behaviorally changing measures. Besides that every actor has been given an advice about which measures should be taken by that actor to protect internet users.

After mapping out possible measures there has been taken a look at the effectiveness of those measures after which recommendations have been stated taking into account the limiting of the main problem.

The recommendations and the conclusion are at last criticized by two experts from the business, one expert from law enforcement and one from an ISP.