Wednesday 5 October 15:00 - 15:30, Green roomCristian Dantus (Bitdefender)
Marius Tibeica (Bitdefender)Phishing is a widespread phenomenon that is steadily growing. Professional individuals use advanced tools like phishing kits and automated mailers to cause substantial financial losses. There are even Facebook groups where they share mail lists and compromised servers or GitHub repositories with toolkits.Phishers' methods may be growing in sophistication, but we can use some of their own tools — such as various tracking services that check the impact of their phishing campaigns — to find ways to identify them.The first part of this paper aims to present the specifics of some of the most prolific phishers and fraudsters. We will analyse their preferences — what institutions, services or industries they choose to impersonate, whether they have servers hosted only in certain countries, whether they prefer certain TLDs. We will analyse their technical competencies — whether they prefer to hack websites or create new domains, whether the templates they use are simple or whether they use HTML obfuscation techniques (JavaScript encoding, images that replace words, frames), and whether they block the IPs of security companies. We will also learn if they are careful about their real identity or if we can find out who they are.The second part of the paper is focused on offering a possible solution for protection against phishing at browser level. We will see how generating a blacklist of tracking IDs used in malicious websites fares in detecting new phishing campaigns and the limits of this approach. We will also perform an analysis of the identified phishers, which includes the average usage time of the same ID, variation of phishing templates, frequency of new phishing domains launched, IPs and TLDs analysis, and so on.Click here for more details about the conference.