An analysis of the phishing community presented at Virus Bulletin 2006

by Mark Stemm (Cloudmark inc.),

Tags: Security


Summary : Today, with more than one in five PC users receiving at least five phishing emails each day,
phishing is becoming one of the most prevalent personal security threats for email users.
Phishers use social engineering tactics to send emails and pose as legitimate institutions
requesting sensitive information from their customers. Phishing has eroded consumer
confidence in conducting business over the Internet through diminished vendor credibility
and subsequent brand erosion. Restored confidence is critical to the continued growth of
e-commerce and e-banking.Phishing has been defined as the fraudulent acquisition of personal information by tricking
an individual into believing the attacker is a trustworthy entity. In order to develop
effective strategies and solutions to combat the phishing problem, one needs to understand
the infrastructure in which phishing economies thrive.We have conducted extensive research to uncover phishing networks. The result is detailed
analysis from millions of phishing emails, messages collected from key phishing-related
chat rooms which were spidered across multiple chat networks and compromised hosts used in
This paper presents the findings from this research as well as an analysis of the
phishing infrastructure.