Resources for Federal Financial Institutions Examination Council (FFIEC)

Phishers Could Trawl With Pre-Phishing Attacks

www.securitypronews.com

f a pre-phishing attack works, it gives up a couple of pieces of information to the attacker: a username and password combo for a 'non-critical' website, and the fact the recipient might be credulous enough to fall for other phishing attacks.Patience may be a virtue for some online criminals. A minor phishing attempt could lead to a greater payoff later, setting the scenario for future attempts to make illicit financial gains.
Symantec researcher Nick Sullivan discussed the concept of pre-phishing on their Security Response Weblog. This reconnaissance lets the attacker find out just how successful other phishes could be, if a non-critical site phish works first. "A site is considered non-critical if access does not give an attacker an immediate financial payoff. Examples of non-critical sites are Web-based email accounts and social networking sites," Sullivan said.

View the Resource

Share or bookmarklet this web page at: