Phishing is an attack method that sends a large number of deceptive spam messages claiming to come from banks or other well-known institutions, with the intention of luring the recipients to give sensitive information (such as user name, password, account ID, ATM PIN code or credit card details). The most typical phishing attack lures the recipient to a phishing website that is very similar to the website of the target organization through careful design, and obtains the personal sensitive information input by the recipient on this website. Usually, this attack process will not alert the victim. This personal information is very attractive to hackers, because it enables them to impersonate the victim to conduct fraudulent financial transactions, thus gaining economic benefits. Victims often suffer significant economic losses or all personal information is stolen and used for criminal purposes. This article "Know Your Enemy" aims to give some actual case studies of phishing attacks based on the attack data collected by the German Honeynet Project Team and the British Honeynet Project Team. This article focuses on the real phishing attack cases discovered by the honeynet project team in the actual environment, but it will not cover all possible phishing attack methods and technologies. Attackers are also constantly innovating and developing technology, and there should be new phishing technologies (not mentioned in this article) that are already under development or even in use.
After giving a brief introduction and background, we will review the techniques and tools actually used by anglers, and give three experimental research cases of using honeynet technology to capture phishing attacks in the real world. These attack cases will be described in detail, including system intrusion, phishing website setup, message dissemination and data collection. Then, it will analyze the trend of the integration of commonly used technologies and technologies such as phishing, spam and botnet. Cases of phishing using malware to collect Email addresses and send spam automatically will also be reviewed, and we will also show our findings on network scanning technology and how compromised hosts are used to spread phishing emails and other spam. Finally, we give the conclusion of this paper, including our experience in the last six months and the objects we suggest for further research.
This article includes a wealth of supporting information, and provides links with more detailed data of specific phishing attack cases. Finally, we didn't collect any confidential personal data during the research. In some cases, we have directly contacted organizations involved in phishing attacks, or transferred the data related to these attacks to local emergency response organizations.
introduction
The method of tricking others into giving passwords or other sensitive information has a long history in the hacker world. Traditionally, this behavior is generally carried out in the form of social engineering. In the 1990s, with the rapid growth of host systems and users connected to the Internet, attackers began to automate this process, thus attacking a huge number of Internet users. The earliest systematic research work on this kind of attack was published by Gordon and Chess in 1998. ( Sarah Gordon, David M. Chess: Where There's Smoke, There's Mirrors: The Truth about Trojan Horses on the Internet , Presented at the virus bulletin conference in Munich, Germany, October1998) Gordon and Chess studied malware against AOL, but in fact they were faced with phishing attempts rather than Trojan attacks they expected. The word "password Phishing" describes the attack mode of obtaining sensitive personal information such as passwords, credit card details, etc. by deception, which is generally pretending to be a trusted party who really needs this information.