Statistics and Overview of Phishing Attacks
Is a form of criminal conduct which constitutes a growing threat to user’s financial institutions, and businesses, internet users and social media. Because it does not appear that the risks and damage to phishing in decline in but on the contrary it is becoming increasingly complex, the implementation of the law and government agencies and the private sector at the global level – it has to cooperate in their efforts to combat phishing.
Where the advent of the Internet and expansion in the computer-based technology in the modern days the number of Internet users has increased in the past few years and this means the threats we are going to face them they grown. Development of means of computer hackers day after day, to deceive others in order to obtain their password or any sensitive information one of the most important of these tricks is spread recently across social media sites and e-mail known as (Phishing Attack). Phishing also it called electronic fraud, it means the person or spoofing, cheating the company by sending an e-mail message claiming to be from the regular company liked to the recipients of the message to the company, and asks him to get some personal information such as bank account details, Passwords, credit card details [1].These are some of the institutions and companies that are struggling trolling all over the world, Anti-Phishing Working Group (APWG), China Internet Network Information Center (CNNIC),Anti-Phishing Alliance of China (APAC) and private sources across the world. My opinion, Is a person or deception, cheating the company by sending an e-mail message claiming that it is a regular company linked to the recipients of the letter to the company, and asks him to get some personal information such as bank account details, passwords and credit card details…etc. This is done in several ways, most notably: the demand to respond to the message, or put a link in the message to page a fake, and then uses the information to access to bank accounts over the Internet, or access to corporate sites that request personal data to allow access to the site.
Anti-Phishing system issued a number of times about the attack on the computers of users of Kaspersky Lab program has been a number of attacks in 2016 32,363,492 times, which is 2.6 million less than the previous quarter. Overall 8.7% of the attacked Kaspersky Lab users by phishers in 2016 [2].
2.1. Geography OF attacks
Most of the country that may be affected by the attacks on users in 2016 are China and the percentage of those who attacked by (20.22%) [2].
Figure 1Geography of phishing attacks
The number of users that have been employed on the anti-phishing system and the photo shows the total number of users of Kaspersky Lab in the country. The proportion of the attack in Brazil told by a 2.87 18.63% supplied to Brazil in second place in the standings. And it finished third in the State of Algeria (14.3%) after a 2.92 increase in their share from the previous quarter.
The number of attacks in Russia to 7.74% in the third quarter and 7.16%, followed by Canada, the United States 6.56% and the United Kingdom 6.42%Â [2].
2.2. TOP 3 attacked organizations
The fraudsters focus on the most popular sites, to increase their chances of a successful phishing attack. Many of half of all undiscovered element Kaspersky Lab heuristic anti-phishing is a phishing pages hiding behind less than 15 company names [2].
2.3. Proportion of spam in email traffic in 2015
In 2015, the proportion of spam in e-mail traffic 55.28%, which is 11.48
Lower than a year earlier percentage points [3].
Figure 2 the proportion of spam in email traffic, 2015
In the first months of the beginning of the 2015 drop was recorded, 61.68% in January to 53.63% in April.
2.4. Sources of spam by country in 2015
There was a slight change to the top three spam sources, in 2015: China has been low since the issuance of the decision of non-spam messages in which the proportion of the country published by 0.59 percentage points China dropped to fourth place at the rate of (6.12%). Vietnam ranked third by (6.13%), and got a 1.92 percentage points. Russia remained in second place by (6.15%) and an increase of 0.22 percentage points. The United States got in the first place, and maintained by arrangement (15.16%), despite a decline of 1.5 percentage points [3].
Figure 3 Sources of spam by country
2.5. The size of spam emails in 2015
Figure 4 The size of spam emails in 2015
In 2015 e-mail messages is desired proportion (less than 2 kilobytes), and averaged 77.26%, while the e-mail messages to the size 2-5 KB decreased to 9.08% [3].
It supports the use of phishing e-mails containing false links to websites aim to get internet user information, but in the recent years, phishing process has evolved to include new techniques to gain access to victims, these are some of them:-
3.1. Clone Phishing
In this genre, the scammer constructing electronic mail or reproduced link from email legitimate, and within the email are replaced by the link with malicious copy and then send it via e-mail spoofed so that it appears it’s coming from the same transmitter, it does so to get the personal information from the victim. It may claim to be a re-send of the original or an updated version to the original [4].
3.2. Spear Phishing
It is a type phishing is it carefully and determine prior these people. Usually the victim is a company or group of dignitaries. Worksite looked like 100% commercial site and be content page request information or enter data update or add a credit card, and sends the message exactly similar to the messages the company or organization and be content in the request on the link to update the data [4].
The image that is shown above is explaining for Prankster fraud link.
4.1. Email Spoofing
It is that the scammer claims to be a legitimate sender, sends a message makes victims believed in the instructions for taking the style used deceptively sends e-mail message fake with a simple change of legitimate e-mail in order to trick recipients. Where fraud Email Sender because it did not contain because of Simple Mail Transfer Protocol (SMTP) [4].
4.2. Web Spoofing
Can prankster set up a Web site that looks similar to a legitimate site, and also makes the victim believe this is the site and this makes the victim enter passwords and personal information the goes into the prankster [4].
4.2.1. How attack works
The attacker failed continent goes process, be between the Web and the victim and had the nickname of this type (man in the middle attack) in information security. However, the victim requested access to the site through a browser on the Internet, such as Google Chrome or Firefox … etc. by typing the address URL, for example, (www.yahoo.com) the first part of a www and Part II DNS (yahoo.com). Also in addition to that when he enters the victim to the site asks your browser commonly used DNS to determine IP address of the host (www) in the field (yahoo.com). The first trick is do it scammer instead of the real Web server, for example, the title of real URL is http://www.yahoo.com and the scammer rewrites address URL to add http://www.Phisheing.com to the front part URL http://www.Phisheing.com http://www.yahoo.com and the victim will think that the browser (Phisheing.com) is a web server and then will ask for it [5]. See fig 6 for more details.
4.3. DNS Cache Poisoning
DNS cache poisoning is a way to feed the local DNS cache of replacement of the incorrect records works “DNS through UDP and easy to spoof the source address of the UDP packet” [6]. The hacker change the real IP for the IP address it on its own DNS address [6].
4.3.1. How attack works
The hacker amendment cache server DNS to IP address fake. When catching the victim wants to get to (www.bing.com), the browser will ask DNS cache to providing IP address. Here it will be IP address leads to the victim the fake website that is provided by the hacker to steal information from the victim. This type is usually when hacker attacks DNS server and modify IP address. More is known about these cause problems and called the attack (Pharming).
The hacker attacks the DNS server for modification the ligament IP address to his IP address, which gives him to steal information from the victims.
5.1. Phishing Attack on Facebook
Has been detected by some information security experts say there are attacks in the name of cyber-attack are spread too quickly reduce that there is a victim every 20 seconds. It was found that up messages to Facebook users from people who have jobs on the social network, that this letter to steal user accounts will be published infection for a way to send the message to the victim and his friends. Between the 24th and 27th June, things were going well and suddenly received thousands of Facebook users a message from a friend mentioned in the comments,” explains the cyber security company. It was, in fact, the start of the message from the attackers to attack the two phases the first phase downloading by the victim of the virus Trojan on your computer. The second phase steals account when you log on again to Facebook. The injured nearly 10,000 Facebook account in Europe, Tunisia, and South America, often occurring in Brazil, does not show that the incident had reached the United Kingdom [7].
5.2. Attack on the site Natfilex
Some security experts discovered FireEye that have been targeted users Netflix by pranksters in the deception campaign, The plan was a steal credit cards to subscribers in the Netflix and other personal information using modern techniques with a strong attack. The beginning of the attack is to send a message via e-mail require users Netflix entry on the link that leads to the registration page like the truth, Then ask users to update their personal information such as invoice numbers and payment and Date of Birth … etc., before being transferred to a site Netflix Forensic [8].
Figure 8 Attack on the site Natfilex
An example of a spoofed page that appears from Netflix, which asks the user to enter Username and Password.
5.3. Phishing Attack on Dropbox
The use of Dropbox file storage to a phishing attack via e-mail message and a fake page, but this attack was quickly closed according to Symantec.
Said security vendor that discovered a set of mail to electronic fake and the message contains a large file and a link to a page Dropbox, the message claims that a document can be viewed them by clicking on the runway link in the message and the link is logged on a fake page on Dropbox itself [9].
5.4. Phishing Attack on Twitter
Said in a statement by the information security manager Twitter was hacked about 250.000 uses. E-mail messages and other information He said the attack, which happened last similar attack that took place on two newspapers Wall Street Journal and New York Times. Some US newspapers reported that the attack was carried out by Chinese hackers. Also the root of the expert in information security Professor Alan Woodward from University of surrey that users be careful of the messages sent to them by phishers with Twitter itself [10].
The growing use of digital technology as the communication medium of entertainment, a tool for the completion of various transactions increased the risks and problems of the diversity may result from this use, and most importantly what is known as phishing email, which can be defined as a fraudulent process in which access to personal information by giving the impression that he trusted entity that in the digital space. There are dozens of smart ideas that help you to protect your personal credit and your identity online, in order to protect yourself Follow these are advices.
6.1. Phishing through scare tactics
Usually, the fraudster sends via e-mail that the prosecutor mail from a businessman or an organization is likely that you are dealing with it like a bank, or the Internet service provider you have, or online payment service, or a travel agency, or even a government agency. And he asks you to update or validate, or confirm your account information. Some fraud messages threatening dire consequences if you do not respond. Mail will send you to a site look just like the organization’s website or the original side. Such mail is a phishing scam [11].
6.2. Messages avoid “phishing”
is when people assume personal bank sends you an prompts you for the information about your bank account or credit card under the pretext of making sure of the numbers, relying on the bank’s logo and other graphics and images to make you think that the message sent by the bank itself. You should not respond to such messages and make sure that the bank and banking institutions do not need to communicate with you to make sure your banking information [11].
6.3. Do not click on the link
Easy enticing you to provide a link attractively Instead of clicking on the link provided, use your browser to go to a known and trusted site by typing the address in your web browser. For example, take this link: https://www.google.com If you click this, it will not take you to Google, and it will take you to a completely different place. The scammers use this trick all the time to cheat you to go to malicious sites. As you can know where the link will take you provided you go through your mouse over the link without clicking on it, if you do it on the link above you will see “infosec.kku.edu.sa” at the bottom of your browser. If you are using a smart phone, click and hold on the link provided so that shows you the fund shows you the true destination of the link.
6.4. Avoid suspicious responses on online advertising
You may need days to publish an online ad for sale for what purpose, then you will receive inevitably letters from interested Among them may be fraudulent messages to send you a buyer crook imminent in another currency worth more than the amount requested by arguing that it was unable to currency conversion and then prompts you to send the rest. When send him a rest you will discover that you check who sent fake.
6.5. E-mail contain misspellings
Be wary of e-mail messages that claim to be from organizations or official bodies however contain grammatical errors or mistakes in the use of words, spelling or punctuation. Most official bodies reviewing what is transmitted several times before sending it to the public, is usually crisp, debugging and removed during this process.
7.1. Survey results
The majority from ICT, because I went to the department ICT and published them my questions and has the discussion with them after they finish Questions.
The majority from trimester 5, because I went to them and explain the my objective (phishing) and give them my questions.
The majority chose NO in the rate of (56.25%), this indicates a lack of studies (phishing) in the previous semesters or not to search for it in books or on the Internet, unlike those who chose (YES) by (43.75%), and this shows that they have been search for it on the Internet or books.
The majority chose NO in the rate of (68.75%), this shows that students are eager to use their information protection programs (phishing) this is a good indicator of students (ICT).
The majority in the rate of (62.5%) chose YES, This is a good rate for students ICT also indicates that their thinking to protect their information and keeping it from phishing by attackers.
The majority in the rate of (58.82%) chose NO, This indicates a lack of study material for protection by.
Now, at the present time there are digital world That made people’s lives is simple and easy to make to find the information and communication between the people and the majority of devices used by people, such as computers and smartphones, we use the internet for information and technical information and the curriculum and learning and creation of scientific research or academic and communicate with our friends and our families, such as Google scholar, Google books, YouTube, Skype, WhatsApp, Facebook and Snapchat. However, most hackers had started to develop piracy methods that can be used to steal information from computer users.
Phishing is a way of attacking people on their own specific information such as username, password, and credit card. Phishing is also the most widely used method that has been found in the early discovery of computers. Additionally, it has this trick has increased in the past years, using several methods including fake page and a Man in the middle which made this trick to succeed and be used in most is ignorance of computer users. Phishing exploits points weaken people like to deal with them through any kind of kinds to get their own information. Besides, it is known there are a lot sites on the internet, making it difficult to find and prevent phishing sites or blocked, however, it applied most of the host site technical solutions that can mask the phishing sites. In addition, computer users should teach about how to detect phantom site and use the correct web sites.
[1]”Phishing Attack Victims Likely Targets for Identity Theft.” [Online]. Available: https://www.gartner.com/doc/431660/phishing-attack-victims-likely-targets. [Accessed: 15-Jan-2017].
[2]D. Gudkova, M. Vergelis, N. Demidova, and T. Shcherbakova, “Spam and phishing in Q1 2016,” AO Kapersky Lab, 2016.
[3]M. Vergelis, D. Gudkova, N. Demidova, and T. Shcherbakova, “SPAM AND PHISHING IN 2015,” AO Kapersky Lab, p. 25, 2015.
[4]A. A. Khan, “Preventing phishing attacks using one time password and user machine identification,” ArXiv Prepr. ArXiv13052704, 2013.
[5]P. Kalola, S. Patel, and C. Jagani, “Web Spoofing For User Security Awareness.”
[6]M. N. Banu and S. M. Banu, “A comprehensive study of phishing attacks,” Int. J. Comput. Sci. Inf. Technol., vol. 4, no. 6, pp. 783-786, 2013.
[7]”Facebook ‘fake friend’ phishing attack uncovered – here’s how to spot it.” [Online]. Available: http://www.telegraph.co.uk/technology/2016/07/06/facebook-fake-friend-phishing-attack-uncovered—heres-how-to-sp/. [Accessed: 21-Jan-2017].
[8]”Netflix phishing scam goes after credit card data, personal info,” WGAL, 12-Jan-2017. [Online]. Available: http://www.wgal.com/article/netflix-phishing-scam-goes-after-credit-card-data-personal-info/8591111. [Accessed: 22-Jan-2017].
[9]”One of the most convincing phishing attacks yet tricks you with Dropbox sharing,” PCWorld, 20-Oct-2014. [Online]. Available: http://www.pcworld.com/article/2835892/dropbox-used-for-convincing-phishing-attack.html. [Accessed: 25-Jan-2017].
[10]D. Lee, “Twitter: Hackers target 250,000 users,” BBC News, 02-Feb-2013.
[11]”7 Tips To Protect Against Phishing | Norton.” [Online]. Available: https://us.norton.com/7-tips-to-protect-against-phishing/article. [Accessed: 04-Feb-2017].