The Undertaking will be on Phishing, and how Phishing has become a large portion of the Internet. The Internet is now used around the universe, but small do we cognize of what is in shop for us or what dangers may lie within the cyberspace. As portion of this thesis, it will look into Phishing, a cozenage used by con creative persons to roll up personal informations from unsuspecting victims. This is by and large carried out through the usage of electronic mails directing you to a cozenage web site where you are asked to give out personal inside informations such as recognition card inside informations, bank history and pin inside informations. The con creative person will so utilize the inside informations for their ain usage to take financess from person ‘s histories, launder money, or even use for a deceitful loan. ( www.bitpipe.com/ )
Phishing has been around since 1996 and is now going a turning concern, for non lone persons but for companies who trade online, and whose trade name possibly used as a Phishing cozenage. The banking industry is besides concerned about Phishing and its turning development as Phishing Scam has become more sophisticated and the figure of Phishing sites doubled. ( hypertext transfer protocol: /www.antiphishing.org/reports/apwg_report_april_2007.pdf )
The forensic tools used to follow Phishing Sites and groups or persons are besides going more luxuriant and are turn uping the conceivers more efficaciously.
This thesis will besides look at Internet Technologies and mobile phone communications, which are the chief focal point on Phishing Scam. The specific attending will be given to e-mail engineerings.
We will look at forensic techniques for following conceivers of the Phishing cozenage every bit good as methods for the harvest home of the electronic mail references, and so package, processes, and systems for protection against phishing. After garnering the right information, a comprehensive study will be produced on Phishing, such as how it can be recognised and how companies and persons can forestall themselves from going victims to this cozenage.
2. Aims & A ; Aims
My purposes and aims for this Dissertation Topic is to look into the turning jobs of Phishing and the technique involved in masking arising IP references. Then to speak about the growing across engineerings including the nomadic phone sphere, so how engineerings to battle phishing are bettering. The study will besides look at forensics and legal prosecution to see what is in topographic point and what the jurisprudence may fall short on.
The Dissertation subject will besides travel into talk about security of the Internet and so online trading which is one of the biggest concerns when it comes to phishing onslaught. How the addition in Phishing onslaughts and sites weakens assurance in the security of online concern.
The focal point of this subject will besides travel on to speak about how Phishing works across E-mails, Internet, and nomadic phones. This research will besides include statistics on the growing of Phishing developing in the approaching old ages in footings of demoing the figure of victims, scam web sites, and branded/fake companies being impersonated.
The Dissertation looks at Phishing in order to reply the undermentioned inquiries
What is Phishing and what can be done about it?
How does Phishing work?
Why is it so successful and why is it turning in such a gait?
What engineerings are available to prevent/protect against Phishing onslaughts?
What forensic engineering is available to follow Phishers?
Where do most victimize originate and where are the bulk of victims from?
What consequence does Phishing hold on persons and establishment and estispecially Bankss for the usage of the Internet and Online Trading?
What is the hereafter of Phishing?
3. Literature Review / Background
A figure of beginnings will be used to bring forth the study, including information from Magazines, books, newspapers, imperativeness releases and the Internet.
Phishing exposed by Lance James ( Published by Syngress )
This book investigates Phishing from both sides, one side which is by and large speaking about how Phishing scams work, so the other side of Phishing which is making forensic and security methods to bring out cozenages and protect ourselves against Phishing.
This book besides looks at how engineering enables Phishing to be used, and so it looks at how Phishing is used for money laundering cozenage. ( hypertext transfer protocol: //www.syngress.com/catalog/ ? pid=3350 )
“ Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft ” by Markus Jacobsson
This book presents the history of Phishing and how the figure of onslaughts have grown and mounted over the old ages.
It besides looks at how corporations who ‘s resources are been used in onslaughts. It discusses why and how Phishing is a menace so it looks at the countermeasures that can be taken and what the authorities can make to help in battling this turning job within Phishing and the gluey state of affairs that it has caused. ( http: //www.amazon.co.uk/Phishing-Countermeasures-Understanding-Increasing- ) ( Electronic/dp/0471782459/ref=sr_1_2? ie=UTF8 & A ; s=books & A ; qid=1200837930 & A ; sr=1-2 )
“ Phishing: Cuting the Identity Theft Line ” by Rachael Liniger
This book looks at Phishing from a protection and bar position point, and so supplying a measure by measure inside informations for persons on how to avoid being caught by Phishing, every bit good as what to make if you are caught by a Phishing cozenage. It besides provides information for corporations on what they need to make and how they need to procure there server against Phishing cozenages. ( hypertext transfer protocol: //netsecurity.about.com/od/16/fr/aabrphishing.htm )
Microsoft Corp – This page provides information on anti Phishing and how to avoid being a victim. It besides provides information on package ‘s that can be used to forestall and protect users against onslaughts. ( hypertext transfer protocol: //www.microsoft.com/protect/yourself/phishing/identify.mspx )
Anti Phishing Working Group – This is a website “ committed to pass overing out cyberspace fraud and cozenage ”
Here they provide information on most recent onslaughts, up to day of the month information on bar and offense every bit good as illustrations of cozenages and archives of cozenages. ( hypertext transfer protocol: //www.antiphishing.org/crimeware.html )
UK Honeypot Project – This web site is set up to “ supply information environing security menaces and exposures that are in topographic point and are active within the UK Networks today. ( hypertext transfer protocol: //www.ukhoneynet.org/ )
White Documents and Documents
“ A Forensic Framework for Tracing Phishers ” by Dominik Birk, Sebastian Gajek, Felix GrA?obert, and Ahmad-Reza Sadeghi
This white paper contains information on how Phishing is used with electronic footmarks to follow the beginnings of Phishing cozenages and provides a forensic way of grounds that can be used in the prosecution of Phishing groups. ( hypertext transfer protocol: //www.cs.kau.se/IFIP summerschool/papers/S01_P1_Sebastian_Gajek.pdf )
“ Computer Misuse Act 1990 ( c18 ) ”
This papers provides the current jurisprudence used for prosecuting Phishers and other people misapplying the cyberspace.
The “ Police and Justice Bill 2006 ” updated the computing machine Misuse Act
( hypertext transfer protocol: //www.openrightsgroup.org/orgwiki/index.php/Police_and_Justice_Bill_2006 )
“ Using the Mobile Phone in two-factor Authentication ” Anders Moen Hagalisletto A· Arne Riiber
This white paper negotiations about how Phishing can take topographic point on a Mobile Phone.
The type of Methodology that has been decided to be used for this Dissertation subject is the Qualitative Research Methodology. This will able to be the chance to interview a Banking representative or legal specializers who deal in calculating offense, in order to derive a farther penetration into current issues and tendencies and there chief concern around Phishing. It is suggested to me that if non two but at least one out of the two industries should be interviewed, the interview inquiries will be targeted to assist me derive a better apprehension of Phishing and besides assist me reply some of the inquiry that need replying based on Phishing.
A Quantitative Research Methodology will besides be used to give another chance to bespeak information from computer/internet security companies straight in the signifier of a questionnaire. The returned questionnaires are hopefully able to supply valuable back uping information. The questionnaires will besides be formed from information investigated and required to reply the inquiries specific to the research.
Reason why these types of Methodologies has been chosen for the research is to assist me derive a better apprehension on Phishing and how it can be prevented from keep go oning. Although books and the cyberspace is a good beginning of research method for me to happen appropriate information on Phishing and Protection and Prevention of Phishing, the information may still non be accurate adequate which is why by questioning an Administration such as a Bank or a legal specializer will assist supply accurate information that is needed for the psyche intent of this research.
5. Ethical Considerations
As portion of my Ethical Considerations it is likely that during this research those single inside informations will be uncovered. It will non be ethical to print individualities within this study, and it will non be ethical to place administrations that have been helping Phishing run. So in other words alternate individualities will be used.
If an interview is decided to take topographic point within an administration it will be non Ethical if a tape recording equipment is taken in to enter the interview so the information must be used for research intent and it must non be passed on to any other parties without consent, it must non be sold to anyone or advertised.
The type of resources such as equipment and stuffs that I will be utilizing will be a Personal computer with Internet entree, and so books and magazines will be used to supply and back up me with information that is required. A pressman will besides come in ready to hand to publish material out.
The Dissertation subject will non merely be Literature Based, an interview is likely to take topographic point within an administration such as a bank or a legal specializer that trade with calculating offense. A questionnaire will besides be formed to bespeak information from a computer/internet security company, but apart from that there is no other practical component involved for this Dissertation subject. There is besides no experimental component involved which means there are no other resources that are required to be used for this Dissertation.
7. Work Plan
As portion of this work program a clip plan/chart will be created to demo you precisely what is intended to be done for this Dissertation, and so the clip that is expected it to be done by, but the clip slots have n’t been put in for when each of the steps/processes are expected to be done by because of the deficiency of truth that possibly given for the clip proposed for completion, plus whether it be certain that the stairss will be done by that done.
Date Proposed for Completion
Identity What Phishing is
Finding information about what Phishing is, but non merely supplying a Description about Phishing but besides a history of Phishing.
Describe how Phishing works
Investigating the proficient rules behind Phishing and besides supplying illustrations.
Investigate the success of Phishing and where scams originate. Then what consequence does Phishing hold on its victims
First to look at the history of Phishing scam success. Investigating the usage of machine-controlled kits ( hypertext transfer protocol: //www.eweek.com/c/a/Security/Going-Undercover-in-the-Slimy-World-of-Phishing/ )
Investigate how security systems can be improved to protect against Phishing.
To look into how successful prosecutions are and what alterations have been made in the jurisprudence.
Investigate the debut of methods to make forensic grounds and methods of following Phishing conceivers.
Summarizing the hereafter of Phishing and whether it can be stopped.
Describe results/finding of this probe.
Anti Phishing Working Group APWG Phishing Trends Activity Report for April ( 2007 ) . ( Online ) Available ( hypertext transfer protocol: /www.antiphishing.org/reports/apwg_report_april_2007.pdf )
Bradley, T ( 2005 ) Phishing, ( online ) Book Review available ( hypertext transfer protocol: //netsecurity.about.com/od/16/fr/aabrphishing.htm, ) day of the month accessed 19/01/08
Microsoft, ( 2006 ) , Acknowledging Phishing cozenages and Fraudulent electronic mails, ( online ) available ( hypertext transfer protocol: //www.microsoft.com/protect/yourself/phishing/identify.mspx ) day of the month accessed 20/01/08
Anti Phishing Working Group, ( 2008 ) , Crimeware Map, ( online ) ( hypertext transfer protocol: //www.antiphishing.org/crimeware.html ) Date accessed 20/01/08
Honeynet, ( 2005 ) , UK Honeynet Project, ( online ) ( hypertext transfer protocol: //www.ukhoneynet.org/ )
Birk, D and Gajek, S et Al, ( 2006 ) A Forensic Model for Tracing Phishers, ( online ) Paper, ( hypertext transfer protocol: //www.cs.kau.se/IFIP-summerschool/papers/S01_P1_Sebastian_Gajek.pdf, ) Date accessed 20/01/08
Anon, ( 2007 ) , Police and Justice Bill 2006, ( online ) Legal Bill Overview, ( hypertext transfer protocol: //www.openrightsgroup.org/orgwiki/index.php/Police_and_Justice_Bill_2006, ) Date accessed 20/01/08
Vaas, L, ( 2007 ) Traveling Undercover in the Slimy World of Phishing, ( online ) Article available ( http: //www.eweek.com/c/a/Security/Going-Undercover-in-the-Slimy-World-of-Phishing/ )