Accueil > The pishing guide

The pishing guide

Publié le jeudi 23 septembre 2004, mis à jour le mercredi 20 juillet 2005

The pishing guide

http://www.ngssoftware.com/papers/NISR-WP-Phishing.pdf

Abstract

Phishing is the new 21st century crime. The global media runs stories on an almost daily basis covering the latest organisation to have their customers targeted and how many victims succumbed to the attack. While the Phishers develop evermore sophisticated attack vectors, businesses flounder to protect their customers’ personal data and look to external experts for improving email security. Customers too have become wary of "official" email, and organisations struggle to install confidence in their communications.

While various governments and industry groups battle their way in preventing Spam, organisations can in the meantime take a proactive approach in combating the phishing threat. By understanding the tools and techniques used by professional criminals, and analysing flaws in their own perimeter security or applications, organisations can prevent many of the most popular and successful phishing attack vectors.

This paper covers the technologies and security flaws Phishers exploit to conduct their attacks, and provides detailed vendor-neutral advice on what organisations can do to prevent future attacks. Security professionals and customers can use this comprehensive analysis to arm themselves against the next phishing scam to reach their in-tray.