Phishing Attack
CHAPTER 1 INTRODUCTION
In the field of computer security, Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Phishing is a fraudulent e-mail that attempts to get you to divulge personal data that can then be used for illegitimate purposes. There are many variations on this scheme. It is possible to Phish for other information in additions to usernames and passwords such as credit card numbers, bank account numbers, social security numbers and mothers’ maiden names. Phishing presents direct risks through the use of stolen credentials and indirect risk to institutions that conduct business on line through erosion of customer confidence. The damage caused by Phishing ranges from denial of access to e-mail to substantial financial loss.
[pic] Fig 1.1 the simplified flow of information in a Phishing attack
1. A deceptive message is sent from the Phishers to the user.
2. A user provides confidential information to a Phishing server (normally after some interaction with the server).
3. The Phishers obtains the confidential information from the server.
4. The confidential information is used to impersonate the user.
5. The Phishers obtains illicit monetary gain. Steps 3 and 5 are of interest primarily to law enforcement personnel to identify and prosecute Phishers. The discussion of technology countermeasures will center on ways to disrupt steps 1, 2 and 4, as well as related technologies outside the information flow proper.
CHAPTER 2 PHISHING TECHNIQUES
Phishers use a wide variety of techniques, with one common thread.
LINK MANIPULATION Most methods of Phishing use some form of technical deception designed to make a link in an e-mail appear to belong to the spoofed organization. Misspelled URLs or the use of sub
In the field of computer security, Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Phishing is a fraudulent e-mail that attempts to get you to divulge personal data that can then be used for illegitimate purposes. There are many variations on this scheme. It is possible to Phish for other information in additions to usernames and passwords such as credit card numbers, bank account numbers, social security numbers and mothers’ maiden names. Phishing presents direct risks through the use of stolen credentials and indirect risk to institutions that conduct business on line through erosion of customer confidence. The damage caused by Phishing ranges from denial of access to e-mail to substantial financial loss.
[pic] Fig 1.1 the simplified flow of information in a Phishing attack
1. A deceptive message is sent from the Phishers to the user.
2. A user provides confidential information to a Phishing server (normally after some interaction with the server).
3. The Phishers obtains the confidential information from the server.
4. The confidential information is used to impersonate the user.
5. The Phishers obtains illicit monetary gain. Steps 3 and 5 are of interest primarily to law enforcement personnel to identify and prosecute Phishers. The discussion of technology countermeasures will center on ways to disrupt steps 1, 2 and 4, as well as related technologies outside the information flow proper.
CHAPTER 2 PHISHING TECHNIQUES
Phishers use a wide variety of techniques, with one common thread.
LINK MANIPULATION Most methods of Phishing use some form of technical deception designed to make a link in an e-mail appear to belong to the spoofed organization. Misspelled URLs or the use of sub
Bibliography: [1] http://en.wikipedia.org/ [2] http://webopedia.com/ [3] http://computerworld.com/ [4] http://www.anti-phishing.info/ [5] http://lorrie.cranor.org/ ----------------------- Not the real address bar Not the proper domain for peoples.com