Phishing in depth

Abstract

If an email that we receive appears actually to have been sent by our bank, we are less likely to question its authenticity, says Dario Forte, but we may still be the target of a phishing attack, whose objective is to trick us into revealing sensitive information. In the second part of a two-part article, he analyses the mechanics of a phishing attack as used in everyday cybercrime, and shows just how devious the proponents of this mature but still-effective method can be in their tactics. In the first of this two-part series, published last month, we explained the initial process of how phishers prepare the ground for their attacks. As stated in that article, phishing attacks can be subdivided into three phases: •Creation of a bogus web site that mimics the web site of the bank that is the target of the attack.•Uploading of the page onto one's own site or else the compromising of an existing site.•Mass emailing to lure the unwary to the bogus site. Creation of a bogus web site that mimics the web site of the bank that is the target of the attack. Uploading of the page onto one's own site or else the compromising of an existing site. Mass emailing to lure the unwary to the bogus site. The combination of these three elements allows an attacker to carry out an attack. The success of the attack depends on many factors, such as the credibility of the site, the contents of the email message, and the final user's critical analysis capacity and IT proficiency. This article will go into more depth on these issues.