Abstract
Identity theft and identity fraud are terms used to refer to all types of crime in which someone wrongfully obtains and uses another person’s personal data in some way that involves fraud or deception, typically for economic gain. In spite of the different possible attacks discussed in later chapters, this chapter can focus on phishing attacks – a form of indirect attacks– such as an act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. Phishing attacks use ‘spoofed’ e-mails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, social security numbers, et cetera. The vulnerabilities on various phishing methods such as domain name spoofing, URL obfuscation, susceptive e-mails, spoofed DNS and IP addresses, and cross site scripting are analyzed, and the chapter concludes that an integrated approach is required to mitigate phishing attacks.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
