TITLE

Tackling Phishing

AUTHOR(S)
Wetzel, Rebecca
PUB. DATE
February 2005
SOURCE
Business Communications Review;Feb2005, Vol. 35 Issue 2, p46
SOURCE TYPE
Trade Publication
DOC. TYPE
Article
ABSTRACT
The article presents information on the problem of phishing in reference to the credential theft from databases or via non-electronic means. To help dissect the problem of phishing and provide a common language to describe attacks and countermeasures, the Financial Services Technology Consortium recently developed taxonomy of phishing attacks. This taxonomy helps make sense of the complex nature of the problem by mapping out a common attack life cycle, and a predictable set of activities attackers engage in within each life cycle phase. It is important to note that phishing does not include credential theft from databases or via non-electronic means, so those activities are not included in the taxonomy, even though they may result in similar patterns of financial fraud. During the initial planning phase, the attacker decides whom to attack, what to steal, how to steal it, and what ruse to use. During the setup phase, the attacker creates attack mechanisms, and in the attack phase makes contact with prospective victims. This contact aims to lure people into taking actions that allow the attacker to steal credentials during the collection phase. Next, during the fraud phase, the attacker sells, trades or directly uses the stolen credentials for fraudulent purposes. Following that, in the post attack phase, attackers deactivate the attack mechanisms, cover their tracks, assess the attack's success, monitor attack responses and apply lessons learned to planning the next attack.
ACCESSION #
15951335

 

Share

Read the Article

Courtesy of THE LIBRARY OF VIRGINIA

Sorry, but this item is not currently available from your library.

Try another library?
Sign out of this library

Other Topics