White Papers for Federal Information Security Management Act (FISMA)

Phishing Detection and Prevention

Tipping point

Phishing is an automated form of identity theft, targeted primarily at the casual e-mail user. As a successful and lucrative form of financial fraud, phishing made its mark on the networked landscape in 2004. Today, it is a booming segment of the identity theft “industry”. In January of 2004, there were 174 phishing Web sites identified by the cross-vendor Anti-Phishing Working Group. By December, there were over 1700. Finally, that year, the reported consumer loss due to Internet-based fraud was estimated between US$500 million (according to the Federal Trade Commission) and US$2 billion (according to the Anti-Phishing Working Group). Financial institutions and law enforcement agencies alike were ill-prepared to deal with organized,
technically literate, internationally-based criminals.This paper will detail the technical aspects of typical phishing campaigns, focusing on the tactics, methodology, and unique features of the phishing e-mail and the phishing Web site. It will outline how automated, inline network-based solutions, built on existing intrusion prevention technology, can be leveraged to assist network defenders protect their constituencies from online fraud.

View the White Paper

Share or bookmarklet this web page at: