Coined in 1996 by computer hackers.
Hackers use e-mail to fish the internet hoping to hook
users into supplying them the logins, passwords and/or
credit card information.
In a typical phishing attack a user will receive an e-mail
message impersonated to be sent by a financial
1%-20% users respond to such attacks.
Phishing attacks are combined with malicious code
attacks such as Mimail, Bank Withdrawal Trojan,
Mydoom.m worm etc
In such blended attacks these virus/worms carry the
payloads which harness email addresses from the
internet and affected systems and further launch
APWG is an industry association focused on eliminating
the identity theft and fraud that result from phishing and
This group provides forums to discuss phishing issues,
trials and evaluations of potential technology solutions.
Publish Phishing Attack Trends Report
Ultimate solution is training the end users not to reveal
any sensitive information.
Basic approach for an effective anti-phishing effort
includes detection, prevention and awareness.
Counter measures are in the form of technological
solutions, policy guidelines and user awareness.
• Anti-phishing solution includes:
a.Detection: scanning, flitering and alerting
b.Mail server authentication
c. Secure web-authentication
d.Digitally signed e-mail
e.Mail gateway filtering
f. Desktop filtering
The phishing attacks are major threat to e-commerce and
e-banking applications. The scammers are making huge
losses by stealing financial data from the users. There is
need for adoption of counter-measure steps by the
financial institutions and individual customers for fighting
phishing attacks. Digital signature usage should be
promoted for secure mail transactions.