Reminiscing about the tale of the two brothers who abandoned their fishing net by the Sea of Galilee to become the fishers of men, it comes to mind that men these days have abandoned their conscience to become phishers of passwords in the cyber ecosystem. In this regard, what is phishing? Who are phishers? How and why do they phish? And when are you likely to be phished?
In the interest of non-technical users of computing devices or systems, phishing is an email fraud method in which the perpetrator known as the phisher sends out legitimate looking emails in an attempt to gather personal and financial information from recipients. Typically, the method appears to come from well known or trustworthy websites. Phishing could also be viewed as the act of luring unsuspecting people to provide sensitive information such as usernames, passwords, and credit card data via seemingly trustworthy electronic communication.
The phisher entices online users to go to a web page controlled by him and fill in a form or trick the user to download and install tiny software known as Trojan that can send information from your computer to the phisher’s computer via email. The phisher can also trick you to download tiny software known as “keylogger” that sends every key you punch on your keyboard to the phisher. In computing terminology software like these are known as “scripts” and are written by programmers known as “coders”.
Phishing is now the number one web threat on the Internet targeted at individual consumers as well as corporate organizations. In corporate organizations, phishers target employees with sensitive information like the accountant or HR manager. It is important to note that even IT security specialist can be fooled by phishers, no one is immune.
The first half of 2012 saw a 19 percent increase in global phishing attacks with businesses suffering an estimated $2.1 billion in phishing related losses (RSA October, 2012). Also, approximately 156 million phishing emails are sent on daily basis, and close to 1 million are clicked on by users (cybersafe, February 2012).
In order to get a clear picture of a phishing attack, I would like to dissect the anatomy of a typical phishing attack from inception to the maturity of the cash, which is mostly the end product of phishing these days. The factors driving moderately determined phishers is that phishing attacks are relatively easy to execute, they generally work; you don’t need to be very sophisticated, and finally, you just need some determination, the right software, greed and a criminal mind to take off.
Before moving into phishing attacks proper, permit me a chance to make an explanation on how computers communicate, this will certainly enhance our level of assimilation with respect to phishing attacks, since these attacks are perpetrated using computers. Computers are the people of the Internet world, because it is the millions of computers there are that form the Internet. For a computer to communicate with another it need two things: a number called an Internet Protocol address (IP for short), and a name called computer name or domain name when it is representing an organization or group of computers. The physical component or hardware that enables a computer to communicate with other computers is called a “LAN Card”. The IP address resides in the LAN Card and the computer name resides in the hard disk. If two computers are able to talk to each other successfully, they form a Network, therefore the Internet is a network but in this case the largest network in the world.
The Internet is a military technology built by the US military, because the military then wanted to build a network that could stand a nuclear war. The military built TCP/IP stack – tiny software which every computer must have installed to participate on the Internet. The TCP/IP stack is what I referred to as the IP address number needed for computer communication which is in a software format.
Now, let’s continue our computer class. The Internet is also referred to as a packet switch network, why? This is because when you send a picture to a friend in the UK for instance, the picture will burst into thousands of pieces from the sending computer. Each piece will be numbered so as to allow for easy reassembly at the receiving computer, since a formula will go along that will help reassemble the pieces. If one piece misses along the way, the formula will tell the receiving computer to request for that single piece from the sending computer. A simple analogy will help. Let’s say in a Chelsea VS Barcelona match after half time, the referee realizes that one of the players say Messi did not return. All he has to do is to communicate with the Barcelona coach and the coach will simply take a number 10 jersey, put it on a player and send him in to take the place of Messi.
To send pictures or files on the Internet, you need a good bandwidth to communicate effectively. What is bandwidth? Let me use this analogy to explain it: Let’s say in a family dinner mummy served a big bowl of milk, and shares different sizes of straw to everyone on the table. If everyone is going to seep at the same time from the bowl, it means those with bigger straws have big bandwidths and those with smaller straws have small bandwidths. Therefore, take the bowl of milk as the Internet and the straws to be our different connections to various ISPs.
Having explained all this concepts let me now tell you the problem with the Internet. Let’s go back to the IP address. The IP address software stack which allows computers to communicate with each other has a slight problem. In the jargon of my trade we call it a “technical design flaw”. The problem is that the IP software cannot authenticate the source IP address. I will explain: computers on a network can claim each other’s IP address and we call this “Spoofing”. If there are three computers on a network say 1, 2, and 3, computer 3 can disguise as 2 in order to deceive computer 1 while computer 2 is still on the network. Imagine in a household where a security guard can claim to be the husband or the nanny disguising as the wife and the husband doesn’t know – you see how dangerous this could be. This is where I regard computers as stupid. This problem necessitated software developers to intervene by building technologies, like SSL, HTTPS, CA, EVSSL, etc, to manage identity problems on the Internet. Even though we are making progress to patch this problem, we aren’t yet there.
Finally, I will like to round up my computer class on IP address. Remember I told you that the Internet was developed by the US military. In order to participate on the Internet you need an IP address and a computer name (or a domain name). Historically, the US government hijacked the Internet from the military and handed it over to the Department of Commerce in order to commercialize it. The Department of Commerce through a body called ICANN made the IPs available to agents for sale, since the IPs are limited in supply. The IP is being sold by ISPs and the domain names are being sold by hosting companies.
Therefore, when you enter a domain name in your computer’s address bar like www.cnn.com, you are not to know that www.cnn.com is actually a number in this case the IP as well as a domain name. If you know the number and insert it in the address bar, CNN’s website will still come up. Immediately you are on www.cnn.com, it means you are accessing a computer called Web server belonging to CNN or its agent. The reason why we don’t use numbers is because we can easily mix them up. People like to use easily remembered names, whereas digital machines such as computers like to use numbers (IP addresses). For the Internet to function, we need servers called DNS server across the globe that will help resolve names for numbers. DNS is simply the go-between, allowing us to enter a name into a Web browser’s address bar or e-mail address instead of a cryptic number.
For instance, if I want to visit www.abuzaria.com, let us follow the steps of how my Web browser accomplishes that:
I type www.abuzaria.com in the Web browser. The Web browser then asks my computer whether it can provide the IP address linked to www.abuzaria.com in order to display a webpage since computers maintain host files of name to IPs. If my computer can, it queries a DNS server in my ISP. My ISP’s DNS server should be able to provide the IP, but if it can’t, it will now ask the DNS server for other ISPs since they talk to each other regularly. Your ISP’s DNS server will ask the closest DNS server, ‘hey dude, do you know the IP of a guy called www.abuzaria.com. If it has it, it will update your ISP’s DNS server, and your computer will be provided with the IP and subsequently the webpage will display on your computer. All these happen within the twinkle of an eye.
The sophisticated phisher can make incorrect entries in the DNS server belonging to your ISP. This is how it happens. The criminal phisher will configure a server in his room close to your ISP to make the DNS server in your ISP update your bank’s website with a wrong IP address. When this happens in computing, we say the DNS server has been poisoned. Therefore the next time you try to visit your bank’s site a page will come up that looks just like your bank’s site, but it is actually the phisher’s site. But with adequate protection from your ISP, it will be very difficult for the phisher to fool your ISP’s DNS server.
We now know that a phisher leads people to a fraudulent website to get them enter personal account information. Most phishers possess a phishing kit or phishing software that they plant on systems that don’t belong to them to exploit user’s personal information. The phishing software transfers the stolen data to the phisher’s email address. Also, the phisher has several hundred email addresses which are disposable after using them on specific number of victims so as not to leave foot prints. It is also important to note that phishers never use these emails for personal needs but strictly for “business”.
About the Author
Ahmed Aliyu is the author of the book Hack No More.