Honeynet Revealing Actual Phishing Techniques

edsonie writes "CircleID is reporting on the recent Honeynet Project, 'Know your Enemy: Phishing', aimed at discovering practical information on the practice of phishing. The study reports on a number of real world examples of phishing attacks and the typical activities performed by attackers during the full lifecycle of such incidents. The research also suggests that phishing attacks "are becoming more widespread and well organized". Also with regards to the speed of such attacks, "phishing attacks can occur very rapidly, with only limited elapsed time between the initial system intrusion and a phishing web site going online with supporting spam messages to advertise the web site, and that this speed can make such attacks hard to track and prevent." Check out the full report here presenting actual techniques and tools used by phishers."

Hmm, can't be bothered to read TFA fully but...

this whole honeynet project seems really spooky to me and actually quite intrusive.

There seems to be an awful lot of people now jumping on the security bandwagon and offering security services, security auditing anti virus, anti spyware etc etc etc. I know honeynet have been around for a while and claim to be a no profit org, but who actually nominated to them to bait these people into acts of cyber crime ?

Baiting in law enforcement circles is an incredibly controversial subject, especially where things like potential sex offenders are concerned.

I'm not really sure I like the idea of honeypots to attract, spy on, record and potentially convict people.

The best way forward with all of these security maters IS education, not a pre-emptive style thought police roaming the net.

Personally I put honeynet's morals on about the same level as phishers.