Slashdot Mirror


Honeynet Revealing Actual Phishing Techniques

edsonie writes "CircleID is reporting on the recent Honeynet Project, 'Know your Enemy: Phishing', aimed at discovering practical information on the practice of phishing. The study reports on a number of real world examples of phishing attacks and the typical activities performed by attackers during the full lifecycle of such incidents. The research also suggests that phishing attacks "are becoming more widespread and well organized". Also with regards to the speed of such attacks, "phishing attacks can occur very rapidly, with only limited elapsed time between the initial system intrusion and a phishing web site going online with supporting spam messages to advertise the web site, and that this speed can make such attacks hard to track and prevent." Check out the full report here presenting actual techniques and tools used by phishers."

1 of 155 comments (clear)

  1. Internet Darwinism by Nytewynd · · Score: 5, Interesting

    Anyone that falls for a phishing scam is too dumb to have their money anyway.

    At work, the security guys put together a phishing test. It looked exactly like our normal web page, they made is sound official by calling it some kind of Task Force, and then they emailed everyone a link to the password checker. It supposedly tested your password for security difficulty. You enter your ID and password and it would email you back the results.

    I sent the link to the security guys and got an "Attaboy". About half of the people ended up on the list of idiots that handed out their secure passwords over the internet.

    What goes through someone's head to enter passwords, bank account info, or personal identity information over the Internet? Don't people consider that the companies supposedly asking for this stuff should already have it. You bank is never going to ask you for your account number over email. They already have it!

    --
    /. ++