Phishing is an attack method, which sends a large number of deceptive spam messages claiming to come from banks or other well-known institutions, with the intention of luring the recipients to provide sensitive information (such as user name, password, account ID, ATM PIN code or credit card details). The most typical phishing attack is to lure the recipient to a phishing website that is very similar to the website of the target organization through careful design, and obtain the personal sensitive information input by the recipient on the website. Usually, this attack process will not alert the victims. This personal information is very attractive to hackers, because it enables them to impersonate the victim to conduct fraudulent financial transactions, thus gaining economic benefits. Victims often suffer heavy economic losses, or all personal information is stolen and used for criminal purposes. This paper "Know Your Enemy" aims to give some actual case studies of phishing attacks based on the attack data collected by the German Honeynet Project Team and the British Honeynet Project Team. This paper focuses on the real phishing attack cases discovered by the honeynet project team in the actual environment, but it will not cover all possible phishing attack methods and technologies. Attackers are also constantly innovating and developing technologies, and there should be new fishing technologies (not mentioned in this article) that are already being developed or even used.
After a brief introduction and background, we will review the techniques and tools actually used by anglers, and give three experimental research cases of using honeynet technology to capture phishing attacks in the real world. These attack cases will be described in detail, including system intrusion, phishing website settings, message dissemination and data collection. Then, it analyzes the trend of the integration of common technologies with phishing, spam, botnet and other technologies. We will also review phishing cases that use malicious software to collect email addresses and automatically send spam. We will also show our findings in network scanning technology and how hacked hosts are used to spread phishing emails and other spam. Finally, we give the conclusion of this paper, including our experience in the past six months and the objects we suggest to study further.
This article contains a lot of supporting information and provides some links, which contain more detailed data of specific phishing attack cases. Finally, during the research, we did not collect any confidential personal data. In some cases, we will directly contact organizations involved in phishing attacks or transmit data related to these attacks to local emergency response organizations.
introduce
The method of deceiving others to provide passwords or other sensitive information has a long history in the hacker world. Traditionally, this kind of behavior is generally carried out in the form of social engineering. In the 1990s, with the rapid growth of host systems and users connected to the Internet, attackers began to automate this process, thus attacking a large number of Internet users. The earliest systematic research on this kind of attack was published by Gordon and Chess in 1998. (Sarah Gordon, David M. Chess: There is no smoke without fire: the truth about Trojan horses on the Internet, published at the virus announcement meeting held in Munich, Germany on1October 1998) Gordon and Chess studied the malware against AOL, but in fact they were faced with phishing attempts, not their expected Trojan attacks. The term "password phishing" describes the attack mode of obtaining sensitive personal information such as passwords and credit card details. By cheating, you usually pretend to be a trusted party who really needs this information.