Phishing is the efficient case of online social engineering. With the ease of sending phishing emails thanks to malware infected PCs -- spamonomics 101 -- as well as many other techniques for creating the pages and forwarders phishers use to trick users -- it's indisputable how much more profitable phishing is next to spam.
This is perhaps the most detailed summary of the emerging ecosystem I've read in a while. It walks the reader through the process of acquiring the resources for the attack and tracking down the results and provides overview of how malware authors, phishers and spammers work hand to hand due to the pressure put on their actions by the industry and, of course, the countless third-party researchers. Here's a summary :
"- Get an email list
- Develop the attack
- Locate sites to send phishing emails from
- Locate sites to host the phishing site
- Launch the attack
- Collect results"
Around the industry, security researchers are again signalling the ongoing use of popular sites such as MySpace for hosting phishing pages, phishers are going Web 2.0 and starting to use Google Maps, and seems like Castle Cops the anti-phishing community witnessed a demonstration of DDoS bandwidth power which is definitely the result of the consolidated anti-phishing initiative that they manage to keep on expanding. Moreover, yet another evidence of the developing ecosystem is the fact that spam and defaced sites aren't what they used to be, namely are turning into malicious attack vectors. Despite that everyone's claiming the commercialization of this entire ecosystem, hacktivism is not dead!
The "best" is yet to come, and let's hope a more suspicious common sense on the users' part too.
No comments:
Post a Comment