Phishing to Fraud What if they don’t want one person’s account? Lee Heath ([email protected])
-
Upload
myron-walters -
Category
Documents
-
view
214 -
download
0
Transcript of Phishing to Fraud What if they don’t want one person’s account? Lee Heath ([email protected])
![Page 2: Phishing to Fraud What if they don’t want one person’s account? Lee Heath (madhat@gmail.com)](https://reader035.fdocuments.us/reader035/viewer/2022072116/5697bff31a28abf838cbc59a/html5/thumbnails/2.jpg)
Phishing to Fraud
• Introduction • The Phishing Hole• New Targets – Beyond Banks• Fraud• Cash• Cracking• Downfall
![Page 3: Phishing to Fraud What if they don’t want one person’s account? Lee Heath (madhat@gmail.com)](https://reader035.fdocuments.us/reader035/viewer/2022072116/5697bff31a28abf838cbc59a/html5/thumbnails/3.jpg)
Phishing to Fraud
• Phishing• Fraud• Credit Cards– Sources– Card Not Present– Carding– BINs– CCV/CVC
![Page 4: Phishing to Fraud What if they don’t want one person’s account? Lee Heath (madhat@gmail.com)](https://reader035.fdocuments.us/reader035/viewer/2022072116/5697bff31a28abf838cbc59a/html5/thumbnails/4.jpg)
Phishing to Fraud• Phishing Hole – Compromised Server– Old School– Extremely Common– More Obvious
• Phishing Hole – Phished/New Hosting Account– Brandjacking– Register.com– GoDaddy– Yahoo!
• Scripting• Packageify it…
![Page 5: Phishing to Fraud What if they don’t want one person’s account? Lee Heath (madhat@gmail.com)](https://reader035.fdocuments.us/reader035/viewer/2022072116/5697bff31a28abf838cbc59a/html5/thumbnails/5.jpg)
Phishing to Fraud• Payment Processors
– PayPal– BoA Merchant Services– Chase Paymentech– Intuit Payment Solutions– Merchant One
• Hosting/Registrars– GoDaddy– Register.com– Intuit– Yahoo!
• Vulnerability Assessment Providers– Qualys– Trustwave
![Page 6: Phishing to Fraud What if they don’t want one person’s account? Lee Heath (madhat@gmail.com)](https://reader035.fdocuments.us/reader035/viewer/2022072116/5697bff31a28abf838cbc59a/html5/thumbnails/6.jpg)
Phishing to Fraud
• How are the CC’s used?– Purchasing– Selling to card numbers– Cash
• How to get Cash?– Refunds– Transfers– Phishing
![Page 7: Phishing to Fraud What if they don’t want one person’s account? Lee Heath (madhat@gmail.com)](https://reader035.fdocuments.us/reader035/viewer/2022072116/5697bff31a28abf838cbc59a/html5/thumbnails/7.jpg)
Phishing to Fraud
• Payment Processors– Credit Card No. Generation– Cracking CVV/CVC– Carding– BIN Attacks
![Page 8: Phishing to Fraud What if they don’t want one person’s account? Lee Heath (madhat@gmail.com)](https://reader035.fdocuments.us/reader035/viewer/2022072116/5697bff31a28abf838cbc59a/html5/thumbnails/8.jpg)
Phishing to Fraud• How they get caught…– Trending– Referencing Hosted Data
• Images• Javascript• CSS
• What is wrong with this picture?– Too many transactions per second– Too many authorizations – Sudden increase in cost to the victim merchant
![Page 9: Phishing to Fraud What if they don’t want one person’s account? Lee Heath (madhat@gmail.com)](https://reader035.fdocuments.us/reader035/viewer/2022072116/5697bff31a28abf838cbc59a/html5/thumbnails/9.jpg)
Phishing to Fraud
• Conclusion