Phishing to Fraud What if they don’t want one person’s account? Lee Heath ([email protected])

9
Phishing to Fraud What if they don’t want one person’s account? Lee Heath ([email protected])

Transcript of Phishing to Fraud What if they don’t want one person’s account? Lee Heath ([email protected])

Page 1: Phishing to Fraud What if they don’t want one person’s account? Lee Heath (madhat@gmail.com)

Phishing to Fraud

What if they don’t want one person’s account?

Lee Heath ([email protected])

Page 2: Phishing to Fraud What if they don’t want one person’s account? Lee Heath (madhat@gmail.com)

Phishing to Fraud

• Introduction • The Phishing Hole• New Targets – Beyond Banks• Fraud• Cash• Cracking• Downfall

Page 3: Phishing to Fraud What if they don’t want one person’s account? Lee Heath (madhat@gmail.com)

Phishing to Fraud

• Phishing• Fraud• Credit Cards– Sources– Card Not Present– Carding– BINs– CCV/CVC

Page 4: Phishing to Fraud What if they don’t want one person’s account? Lee Heath (madhat@gmail.com)

Phishing to Fraud• Phishing Hole – Compromised Server– Old School– Extremely Common– More Obvious

• Phishing Hole – Phished/New Hosting Account– Brandjacking– Register.com– GoDaddy– Yahoo!

• Scripting• Packageify it…

Page 5: Phishing to Fraud What if they don’t want one person’s account? Lee Heath (madhat@gmail.com)

Phishing to Fraud• Payment Processors

– PayPal– BoA Merchant Services– Chase Paymentech– Intuit Payment Solutions– Merchant One

• Hosting/Registrars– GoDaddy– Register.com– Intuit– Yahoo!

• Vulnerability Assessment Providers– Qualys– Trustwave

Page 6: Phishing to Fraud What if they don’t want one person’s account? Lee Heath (madhat@gmail.com)

Phishing to Fraud

• How are the CC’s used?– Purchasing– Selling to card numbers– Cash

• How to get Cash?– Refunds– Transfers– Phishing

Page 7: Phishing to Fraud What if they don’t want one person’s account? Lee Heath (madhat@gmail.com)

Phishing to Fraud

• Payment Processors– Credit Card No. Generation– Cracking CVV/CVC– Carding– BIN Attacks

Page 8: Phishing to Fraud What if they don’t want one person’s account? Lee Heath (madhat@gmail.com)

Phishing to Fraud• How they get caught…– Trending– Referencing Hosted Data

• Images• Javascript• CSS

• What is wrong with this picture?– Too many transactions per second– Too many authorizations – Sudden increase in cost to the victim merchant

Page 9: Phishing to Fraud What if they don’t want one person’s account? Lee Heath (madhat@gmail.com)

Phishing to Fraud

• Conclusion


Madhat e sarwar by raja rasheed mahmood naat vol 19

Madhat e sarwar by raja rasheed mahmood naat vol 19

Phishing techniques

Phishing techniques

Who is Fighting Phishing: An Overview of the Phishing Lifecycle

Who is Fighting Phishing: An Overview of the Phishing Lifecycle

AWARENESS OF PHISHING SCENARIO - CYBERWISER.eu · 2020. 11. 19. · Phishing attack exercise •Identify phishing indicators in an email. •Distinguish phishing from legitimate emails.

AWARENESS OF PHISHING SCENARIO - CYBERWISER.eu · 2020. 11. 19. · Phishing attack exercise •Identify phishing indicators in an email. •Distinguish phishing from legitimate emails.

My Phishing

My Phishing

Phishing attack

Phishing attack

Phishing Email Attacks - AVAREN ITfor spear phishing attacks. Spear phishing is nearly identical to standard email . phishing – except it is more targeted. Rather than sending the

Phishing Email Attacks - AVAREN ITfor spear phishing attacks. Spear phishing is nearly identical to standard email . phishing – except it is more targeted. Rather than sending the

Holy Land Peace Project “Apartheid”stopbds.com/HLPP.Apartheid.pdfOne person’s terrorist can be another person’s freedom fighter One person’s terrorist can be another person’s

Holy Land Peace Project “Apartheid”stopbds.com/HLPP.Apartheid.pdfOne person’s terrorist can be another person’s freedom fighter One person’s terrorist can be another person’s

Phishing and Anti-phishing techniques

Phishing and Anti-phishing techniques

CAPTCHA & PHISHING

CAPTCHA & PHISHING

Detecting a Phishing Attack with Phishing Intelligence ... · Detecting a Phishing Attack with Phishing Intelligence Engine (PIE) 1 Phishing Statistics: What Every Business Needs

Detecting a Phishing Attack with Phishing Intelligence ... · Detecting a Phishing Attack with Phishing Intelligence Engine (PIE) 1 Phishing Statistics: What Every Business Needs

How to Spot Phishing Attacks - MicroAge · How to Spot Phishing Attacks What is Spear Phishing? Like phishing ploys, spear phishing scams are designed to obtain sensitive information

How to Spot Phishing Attacks - MicroAge · How to Spot Phishing Attacks What is Spear Phishing? Like phishing ploys, spear phishing scams are designed to obtain sensitive information

SPEAR PHISHING - dandh.com...SPEAR PHISHING VS PHISHING Spear phishing and phishing attacks both leverage impersonation to commit fraud. The difference between the two is that spear

SPEAR PHISHING - dandh.com...SPEAR PHISHING VS PHISHING Spear phishing and phishing attacks both leverage impersonation to commit fraud. The difference between the two is that spear

Combating Phishing: A Proactive Approach Phishing... · COMBATING PHISHING: A PROACTIVE APPROACH | 4 Phishing: on the rise and more sophisticated As a well-known and trusted brand,

Combating Phishing: A Proactive Approach Phishing... · COMBATING PHISHING: A PROACTIVE APPROACH | 4 Phishing: on the rise and more sophisticated As a well-known and trusted brand,

What is Phishing | How to Spot a Phishing email or Website 2020 | Antivirus for Phishing Attack

What is Phishing | How to Spot a Phishing email or Website 2020 | Antivirus for Phishing Attack

Phishing and Trust. Agenda Questions? Questions? Phishing Phishing Project feedback Project feedback Trust Trust.

Phishing and Trust. Agenda Questions? Questions? Phishing Phishing Project feedback Project feedback Trust Trust.

Phishing - CERT.hr · 2018. 5. 29. · phishing poruku uvjerljivijom. 2.1.1 Lažno predstavljanje Kako bi phishing poruka bila uvjerljiva, i time cijeli phishing napad uspio, prvi

Phishing - CERT.hr · 2018. 5. 29. · phishing poruku uvjerljivijom. 2.1.1 Lažno predstavljanje Kako bi phishing poruka bila uvjerljiva, i time cijeli phishing napad uspio, prvi

Gone Phishing, an Anti-Phishing Program Journey€¦ · Gone Phishing, an Anti-Phishing Program Journey Ava Logan-Woods, Information Security Specialist Eshante Lovett, Information

Gone Phishing, an Anti-Phishing Program Journey€¦ · Gone Phishing, an Anti-Phishing Program Journey Ava Logan-Woods, Information Security Specialist Eshante Lovett, Information

COMBATTING MODERN EMAIL PHISHING ATTACKS · 2016-11-07 · Combatting modern email phishing attacks More effective than traditional phishing scams, spear-phishing attacks are carefully

COMBATTING MODERN EMAIL PHISHING ATTACKS · 2016-11-07 · Combatting modern email phishing attacks More effective than traditional phishing scams, spear-phishing attacks are carefully

Phishing Awareness - Valdosta State University€¦ · Types of Phishing Attacks Spear phishing - Phishing attempts directed at specific individuals or companies have been termed

Phishing Awareness - Valdosta State University€¦ · Types of Phishing Attacks Spear phishing - Phishing attempts directed at specific individuals or companies have been termed