Cyber Security Expo
 
The Phishing Guide by Gunter Ollmann on 27/09/04

Throughout the centuries, identity theft has always been high on a criminal’s agenda. By gaining access to someone else’s personal data and impersonating them, a criminal may pursue a crime in near anonymity. In today’s 21st Century world, electronic identity theft has never been easier.

Hidden away amongst the mounds of electronic junk mail, and bypassing many of today’s best anti-spam filters, a new attack vector lies in wait to steal confidential personal information. What originally began as a malicious hobby, utilising many of the most popular Internet communication channels, professional criminals are now using spoofed messages to lure victims into traps specifically designed to steal their electronic identity.

The name on the (electronic) street is Phishing; the process of tricking or socially engineering an organisations customers into imparting their confidential information for nefarious use. Riding on the back of mass-mailings such as Spam, or using ‘bots to automatically target victims, any online business may find Phishers masquerading as them and targeting their customer base. Organisational size doesn’t matter; the quality of the personal information reaped from the attack has a value all in itself to the criminals.

This document is in PDF format. To view it click here.

Rate this article

All images, content & text (unless other ownership applies) are © copyrighted 2000 -  , Infosecwriters.com. All rights reserved. Comments are property of the respective posters.