Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type


Publication Date

White Paper

Technical Trends in Phishing Attacks

  • May 2005
  • By Jason Milletary
  • In this paper, Jason Milletary identifies technical capabilities used to conduct phishing scams, reviews trends, and discusses countermeasures.
  • Vulnerability Analysis
  • Publisher: Software Engineering Institute
  • Abstract

    The convenience of online commerce has been embraced by consumers and criminals alike. Phishing, the act of stealing personal information via the internet for the purpose of committing financial fraud, has become a significant criminal activity on the internet. There has been good progress in identifying the threat, educating businesses and customers, and identifying countermeasures. However, there has also been an increase in attack diversity and technical sophistication by the people conducting phishing and online financial fraud. Phishing has a negative impact on the economy through financial losses experienced by businesses and consumers, along with the adverse effect of decreasing consumer confidence in online commerce. Phishing scams have flourished in recent years due to favorable economic and technological conditions. The technical resources needed to execute phishing attacks can be readily acquired through public and private sources. Some technical resources have been streamlined and automated, allowing use by non-technical criminals. This makes phishing both economically and technically viable for a larger population of less sophisticated criminals. In this paper, we will identify several of the technical capabilities that are used to conduct phishing scams, review the trends in these capabilities over the past two years, and discuss currently deployed countermeasures.

  • Download