Phishing Exposed

The following Frequently Asked Questions, answered by the authors of this book, are designed to both measure your understanding of the concepts presented in this chapter and to assist you with real-life implementation of these concepts. To have your questions about this chapter answered by the author, browse to www.syngress.com/solutions and click on the Ask the Author form.
Q: What are the three attack vectors that were targeted in this chapter?
A: Redirects, Queries and 404 error pages.
Q: What is Consumer Mis-education?
A: Consumer Mis-education is the practice of legitimate commercial emails being delivered to their customers in a manner that inhibits phishing defenses.
Q: What is Cross-Site Scripting?
A: Cross-Site Scripting is an attack that utilizes trusted server vulnerabilities to inject un-trusted code into the trusted server. This injected code then attacks the browser when clicking on the poisoned link distributed via email or website blog.
Q: What is a header response injection?
A: Header response injections are when an attacker can inject specifically constructed control characters such as CRLF into a query in order to induce a misinterpretation by the server side code. The result is a server side header response of a carriage return and new line as well as successful injection of any input followed by the control characters.
Q: Why are arbitrary redirects dangerous?
A: Phishers can use it to redirect a user to a malicious site and launch cross-user attacks.