Phishing Exposed

Chapter 2: Go Phish!

Introduction

This chapter illustrates the basic cradle-to-grave process for the three basic, most commonly used types of phishing attack. We take the perspective of the phisher and his or her arsenal, with some comments here and there about specific methods that you should take note of later. Ultimately, you need to consider your attacker s maneuvers before you can engage in defense. One of the major problems we face today, due to the sudden and overwhelming amount of phishing that has occurred, is the lack of detailed understanding of phishers and the tools they use.

We ll approach this subject within the analogy of robbing a bank highlighting a screen shot of a phisher s e-mail, then showing the fake target site they set up to capture user information. Our bank-robbing analogy is apt, since that is essentially what the attacker is doing, only electronically instead of physically. We will perform basic reconnaissance and prepare, test, and then attack. It is important to note that different phishers have different styles, but all have similar techniques and tools. We ll first look at an attack by an individual phisher, even though the majority of phishing attacks are facilitated by groups rather than individuals. This individual style, popular in Romania and Estonia, is a quick and simple method; we ll look at more advanced techniques in the latter chapters of this book.

First, let s examine three of the most popular methods phishers employ:

  • Impersonation

  • Forwarding

  • Popups

Impersonation is the most popular and the most simple method of...

UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Category: Network Security Services
Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.