4. Example Attacks (Fraudulent Link) The link in the phishing attack will take you to a look-alike site source: The Anti-phishing group
5. Example Attacks (Fraudulent Link) Criminals capitalize on global events Global events such as a tsunami, crisis in the middle-east or Michael Jackson trial are all exploited to trick the user into submitting personal information. source: The Anti-phishing group
6.
7.
8. Example Attacks (Forms in Email) HTML enabled emails will deliver the phish within the body of the email The email requests the victim for personal information within the email message itself. source: The Anti-phishing group
9. Example Attacks (Address Bar Forgery) Address bar forgery succeeds because it relies on default desktop settings After the initial splash screen the phish proceeds to request personal information. Phished address bar Phished address bar again
10. Example Attack (Address Bar Forgery) Address bar forgery will even trick the user who relies on the site address to detect a phish source: The Anti-phishing group The unsuspecting user may not be able to detect that they are dealing with a phish. Address bar forgery again
11.
12.
13. Phishing Attack Lifecycle The crime syndicates are highly organized source: The FSTC Counter-phishing solution survey The phishers distribute automated tools and kits over the Internet to speed up each step in the lifecycle.
14. Phishing Kits Phishing kits contain the necessary content to launch a phishing attack Phishing kits are easily available on the Internet for as little as $150. The particular phishing kit shown below can be used to target up to 20 institutions.
15. Trojan Crimeware Kits Crimeware kits distribute and administer Trojans and collect personal information. Source: Enrique Gonzalez, Panda Software
16. Crimeware Tools Crimeware tools are sophisticated and easy to use
17. Crimeware is for Real Sophisticated screen scrappers bypass anti-keylogging mechanisms Source: Hispasec Sistemas/virustotal.com
23. Trends – Rise in Crimeware Financial Institutions are clearly the target and use of crimeware is increasing source: The Anti-phishing group
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34. Solution Categories Approximately 200 vendors seek to provide solution to phishing Vendors Matrix for each category available at the Antiphishing members only site - https://antiphishing.kavi.com/members, Solution Evaluation/Trial group