Anti-Phishing and WebFilter Real-time Rating Service
Blue Coat • Blue Coat WebFilter • Blue Coat ProxySG Appliances • Anti-Virus • URL Filtering
Phishing is an aptly named exploit that shares some elements with the similar sounding sporting activity. Both require a combination of expert casting and convincing bait. Casting is equivalent to a legitimate looking email or Web domain for phishers, the next step is to get the consumer/victim to click on the link – take the bait.
The email needs to look like it is from a trusted Web site. If the email is convincing enough, the consumer will click on the link which leads them to a Web site where they will likely be tricked into divulging financial data such as credit card numbers, account usernames, passwords and social security numbers.
The more popular form of phishery is the Web based phishing attack. No emails are involved with these phishing attacks as SPAM filters are getting better at catching them. A Web domain phishing attack is when a user typos a common Web domain, for example a bank domain, online shopping site domain and many others. Once Web surfer types their favorite Web site domain they could be taken to an infected site. Attackers know that compromising sites with generally good reputations coupled with more effective and targeted e-mail lures, can increase the success rate of attacks. The typo phishing attack and open hacking on popular sites to funnel users into a phishing site are more common today.
Phishing is all about getting the user to provide access credentials, identity information, or financial credentials by leveraging the trust model of a known brand. Time has evolved, people are getting smarter about these tricks and attacks have moved to key loggers loaded onto user PCs via browse-by installs from infected popular Web sites. So collecting valuable user information started out with phishing tricks to get the user to type it into a phony Web form/site, now the attacks have gone stealth, the user does not even know the malware loaded into their system when they visited a popular infected Web site, and that it has logged keystrokes and sent a file back to the “dark side”.
According to industry researchers, the average loss from phishing is now over $3,000 per incident and the total damages suffered by users victimized by phishing are well over $1 billion per year. Banking and retail sites, including Amazon.com, Ebay and PayPal, have been some of the most popular for criminals to impersonate with counterfeit sites using phishing schemes. Social networking sites, such as MySpace and Facebook, are also key targets for ‘social phishing’ since personal details included within such sites can be used in identity theft. Experiments show a success rate of over 70% for phishing attacks on social networks. Many phishers will try to get around anti-phishing solutions by using SSL encryption.
The Blue Coat Real-Time Anti-Phishing protection technology assesses the Web page being requested using Blue Coat WebFilter and Dynamic Real Time Rating (DRTR). Blue Coat WebFilter runs on current ProxySG appliances and uses Dynamic Real Time Rating technology to keep up with the ever-changing Internet and phishing sites. DRTR is based on patented technology that can ”on the fly” categorize new, unfamiliar Web sites as they are being requested and then block or allow user’s access according to the rating DRTR assigns and in accordance with the organization’s or user’s policies.
If the page is not found in the Blue Coat WebFilter database, a query is sent to Blue Coat Labs where the Web page is analyzed automatically in real time. Because these phishing Web sites are only up for a short time ranging from hours to minutes it’s hard for most anti-phishing databases to catch them. This is why having a solution that assess URL’s on the fly is essential. The service will then categorize the page based on its content, forms, links and originating URL. If the Web page is categorized as a phishing site, Blue Coat’s software will block the requested Web page or warn the user. The entire process can be completed in between 250-750 milliseconds.
So has phishing ran the course of time? Not really, as there is sucker born everyday that is new to the Internet, and old tricks still work. However the ROI for crime organizations is not very high with phishing as people are smarter and more defenses are in place, plus the phony Web site may leave tracks to the crime organization for law enforcement. Newer tactics have lower visibility, lower risk, and high return rates, which leads to more profits. Underground phishing is a business which requires …time and effort to gain profits.
Phishing attacks come in short bursts, hide their host & domain to avoid reputation filters and only real-time analysis can protect users.
Phishing is still a considerable threat. Fortunately, through real-time assessment, most ploys can be thwarted.
