Sciweavers

USS
2008

There Is No Free Phish: An Analysis of "Free" and Live Phishing Kits

14 years 2 months ago
There Is No Free Phish: An Analysis of "Free" and Live Phishing Kits
Phishing is a form of identity theft in which an attacker attempts to elicit confidential information from unsuspecting victims. While in the past there has been significant work on defending from phishing, much less is known about the tools and techniques used by attackers, i.e., phishers. Of particular importance to understanding the phishers' methods and motivations are phishing kits, packages that contain complete phishing web sites in an easy-to-deploy format. In this paper, we study in detail the kits distributed for free in underground circles and those obtained by crawling live phishing sites. We notice that phishing kits often contain backdoors that send the entered information to third parties. We conclude that phishing kits target two classes of victims: the gullible users from whom they extort valuable information and the unexperienced phishers who deploy them.
Marco Cova, Christopher Kruegel, Giovanni Vigna
Added 02 Oct 2010
Updated 02 Oct 2010
Type Conference
Year 2008
Where USS
Authors Marco Cova, Christopher Kruegel, Giovanni Vigna
Comments (0)