From US-CERT | Sep 18, 2009
The convenience of online commerce has been embraced by consumers and criminals
alike. Phishing, the act of stealing personal information via the Internet for the
purpose of committing financial fraud, has become a significant criminal activity on
the Internet.
There has been good progress in identifying the threat, educating businesses and
customers, and identifying countermeasures. However, there has also been an increase in
attack diversity and technical sophistication by the people conducting phishing and
online financial fraud. Phishing has a negative impact on the economy through financial
losses experienced by businesses and consumers, along with the adverse effect of
decreasing consumer confidence in online commerce.
Phishing scams have flourished in recent years due to favorable economic and
technological conditions. The technical resources needed to execute phishing attacks
can be readily acquired through public and private sources. Some technical resources
have been streamlined and automated, allowing use by non-technical criminals. This
makes phishing both economically and technically viable for a larger population of less
sophisticated criminals.
This research by U.S. CERT identifies several of the technical capabilities that are
used to conduct phishing scams, reviews the trends in these capabilities over the past
two years, and discusses currently deployed countermeasures.
The attached Zip file includes:
- Intro Page.doc
- Cover Sheet and Terms.pdf
- Technical Trends in Phishing Attacks.pdf
