You are here >  theory >  security

Phishing

Phishing is the process of acquiring or stealing sensitive information. This sensitive information could then be reused or sold in the underground community deprending on what the attacker's intentions are. Phishing is generally done by masquerading as a legitimate corporation or its website and then asking for users to provide their sensitive matrials. Users might get mislead very easily by the phishing emails and phishing sites based on their legitimate looking appearance. This is exactly why phishing is considered to be one of the easiest and most used technique by the attackers to infiltrate into the enterprise and is considered as the main technique for an Advanced Persistent Threat (APT) to happen. Spear-phishing is a term for targeted phishing, used by the attackers against users of a specific enterprise that they wanted to target. In case of spear-phishing, the attackers make it look so real that an enterprise user (who is not educated with security awareness) might click on the link and provide all their information on.

In the current trend with the social networking and information sharing on public portals, attackers have gained more expertise on gathering passwords (and other sensitive information) from users through forged links, images and websites, email forgery, and other forms of text or image manipulations that deceives the users to believe and give away all the sensitive information to attackers. Phishtank is a great community project initiative that has been running for years, where users submit phished website links and email notifications that they have received. Hence, Phishtank has a ton of information (that could be used for research) on phished emails and forged websites. Although phishing is a whole different arena of information security, the reason for us to discuss about phishing in Password Analytics is to educate our users with the fact that that attackers always use easiest form of attacks (such as phishing) that would help them gain access to your information and privileges in very short duration.

EvilFingers Arsenal






























Socialize with RootkitAnalytics

Twitter Feed Blogspot

Socialize with EvilFingers

Twitter Feed Blogspot LinkedIn Delicious Google

Tweets