This document discusses phishing and defines it as a cybercrime where targets are contacted via email, phone, or text by someone posing as a legitimate institution to obtain sensitive personal or financial information. The information is then used to access important accounts and can result in identity theft and financial loss. It also describes how phishing works, including the planning, setup, attack, collection, and identity theft/fraud stages of a phishing attempt. Honeypots are discussed as an anti-phishing tool used to detect new phishing sites and gather intelligence on phishers.
2. PHISHING
DEFINITION
*Phishing is a cybercrime in which a target or targets are contacted by email,
telephone or text message by someone posing as a legitimate institution to lure
individuals into providing sensitive data such as personally identifiable information,
banking and credit card details, and passwords.
*The information is then used to access important accounts and can result in identity
theft and financial loss.
3. FLOW OF THE CRIME (PHISHING)
• As a powerful anti-phishing tool, honeypots have been
widely used by security service providers and financial
institutes to collect phishing mails, so that new phishing
sites can be earlier detected and quickly shut down.
• Another popular use of honeypots is to collect useful
information about phishers' activities, which is used to
make various kinds of statistics for the purposes of
research and forensics.
• Recently, it has also been proposed to actively feed
phishers with honeytokens.
• A phishing detector is used to automatically detect
suspicious phishers' attempts of stealing money from
victims' accounts, and then ask for the potential victims'
reconfirmation. This leads to a novel anti-phishing
framework based on honeypots.
4. STEPS OF (PHISHING)
Planning. Phishers decide which business to target and determine how to
get e-mail addresses for the customers of that business. They often use
the same mass-mailing and address collection techniques as spammers.
Setup. Once they know which business to spoof and who their victims
are, phishers create methods for delivering the message and collecting
the data. Most often, this involves e-mail addresses and a Web page.
Attack. This is the step people are most familiar with -- the phisher
sends a phony message that appears to be from a reputable source.
Collection. Phishers record the information victims enter into Web pages
or popup windows.
Identify theft and Fraud. The phishers use the information they've
gathered to make illegal purchases or otherwise commit fraud. As many
as a fourth of the victims never fully recover