What Is Phishing?

* Phishing, also referred to as brand spoofing, as it is a

variation on “fishing,” the idea being that bait is thrown out with

the hopes that while most will ignore the bait, some will be

tempted into biting.
o Phishing is the act of sending a communication to a

user falsely claiming to be an established legitimate enterprise in

an attempt to scam the user into surrendering private information

that will be used for identity theft.
o The communication (usually email) directs the user to

visit a Web site where they are asked to update personal

information, such as passwords and credit card, social security,

and bank account numbers, that the legitimate organization already

has.
o The Web site, however, is bogus or hostile and set up

only to steal the user’s information.

How Phishers Operate

* Phisher develops phishing server
o CGI, PHP, HTML, images

* Phisher configures blind-drop
o Free email address or IRC channel

* Phisher configures hostile server (typically compromised)
o Hacked or stolen credit card from previous phish

* Phisher tests configuration
o Complex system (blind drop, hostile server, target,

email) requires testing

* Phisher sends bulk mailing

* Phisher collects data from blind drop

* Time..
o Create server: 1 week to 1 month
o Create blind-drop: 1 day to 1 week
o Hostile server config: 1 day to 1 week
o Test
+ Longest seen: 10 days
+ Shortest seen: 6 hours
o Bulk mailing: up to 8 hours, usually 1-2 hours
+ 50% of victims in first 24 hours
+ 99% of victims in first 48 hours
o Server take-down
+ 48-72 hours

Popularity: 14% [?]

Incoming search terms:

phishing ppt download|download phishing ppt|phishing ppt free downloading|phishing powerpoint templates free||

Tags: Clients, Credit card, Crime, E-mail address, Identity theft, Phishing, Theft