History of Phishing and Development - Research Paper Example

History of Phishing and Development 1. Introduction This paper will present a detailed analysis of using phishing for/in website verification. This research is aimed at discussing and elaborating the phishing technique, its main implementation areas, functions, possible advantages, disadvantages and its utilization for the website verification. Phishing is an emerging problem regarding the online data security and information safety. There are several cases of the identity theft and online frauds using phishing and other hacking techniques, but this paper will concentrate mainly on the positive aspects of the phishing like that its usage for the website verification. And then it will discuss different ways and methods through which we can make use of phishing for better website security implementation and website verification. 2. Executive Summary As technology grows, it brings lot of facilities and easiness regarding the better online communication, data transfer, business, marketing, management, etc. This enhancement and advancement of technology also brought few problems regarding the online working. Online frauds are the new shape of the online criminal activities. That engrosses the information and data handing and later on use of that information to carry out the prohibited operations. This can be cash based scandals. Various contemporary and up-to-date technologies in the industrial time have fashioned innovative openings for carrying out criminal activities. Information Technology, especially Internet is open for everyone and it also give the opportunities to criminal people, to steal, new ways to steal them, and new techniques to harm others (Laudon & Laudon 1999, p. 147). Computer crime is acknowledged as the unlawful activities by making use of a computer or against a computer system. The Internet's user-friendliness and convenience have fashioned modern ways for computer crime, well-known forms of which is phishing (Laudon & Laudon 1999, p. 147). Phishing is a most commonly used term for the online criminal and negative activities. This paper outlines the most important concerns those are growing with the technology augmentation. At the present time, we are no more secure in the web based environment. We are facing online criminal attacks from different sides. It is time now to think about these diverse shapes of online criminal activities and try to avoid them. 3. History of Phishing and its development This section presents the detailed historical analysis of the online crime and negative activities. The 1980s was the starting of the substantial marketplace application of the WWW (World Wide Web). By means of its success and procedure there took place a development in the means to infect mass quantities of computers systems. All the way through transferring SPAM crafted to seem alike to an approved demand from any organization like that an online university or bank, we might be trapped in to by using a web based link to an internet site that was hosting malware or some infection that transfers to our system. This in point of fact could have the similar consequences as we click on a dirty email file attached to any message (Rodriguez, 2007). The subculture transformed once more in the 1990s in the way of financiers. By means of the related elementary technique, that employs the transmission of the email SPAM formed to seem similar to it was derived through an officially authorized organization as well as in that way trapping us to go after a web-link to a wrong website that had been shaped to as well seem similar to it belonged to a valid organization, we could be trapped in to sensational individual data and information regarding our-self that is also acknowledged as the Phishing (Rodriguez, 2007). The recompense was twofold. The executor of this act could go behind doesn't matter what economic capital we had like that our credit or debit card number, bank account, etc or they could copy or steal an adequate amount of data and information from our computer to get hold of our identity. This category of online fraud is acknowledged as the identity theft. Identity theft possibly being even further shocking to the actual person for the reason that a hacker could make use of our individuality to open up credit and debit cards, bank accounts as well as carry out further negative activities and crimes concealed at the back of our identity (Rodriguez, 2007). 4. Crime Rate According to an online research carried out by the FTC, more than 670,000 customer online frauds of identity theft complaints in the US were reported in year 2006. The sufferers of these frauds encompass 29 percent of people those are between the ages of 18 to 29 (National Criminal Justice reference Service, 2008). Here we have five percent people those have age above 30. This demonstrates that the intention of these types of crimes is youngsters. There are more terrible facts in the later years. This situation is going to be serious with the passage of time. At the present time, lots of steps have been taken by the government of different nations for the establishment of the criminal acts and punishments for these activities (National Criminal Justice reference Service, 2008). 5. Introduction to Phishing In the field of the online computer technology and security, phishing is the illegitimately to be regarded with suspicion procedure of trying to get hold of sensitive data and information like that passwords, usernames, and credit card information through hidden and fake means as a trustworthy entity in an online and electronic communication (Tan, 2006). Online communications declaring to be from acknowledged community websites, online disbursement processors, public sale sites, or else Information Technology managers are in general betrothed to attract the innocent community (Tan, 2006). Phishing is normally carried out through E-mail or else through the instant messaging, as well as it generally directs online system users to go through particulars at a false website whose appearance or interface are approximately alike to the actual one. Even when carrying out server verification, it can demand great expertise or knowledge to make a distinction that the website is false. Phishing is a case of community engineering methods which are used to make fool to online users, as well as exploits the concentrated usability of present web safety expertise. Effort to tackle the growing amount of reported phishing events needs public awareness, user training, legislation, as well as technical safety procedures (Tan, 2006). 6. Process of phishing This section covers the detailed analysis of the process of the phishing. In this process every step entails particular skills from other associates of the web community. In the section below I will present the different steps or stages of the phishing process. a. Planning This is the preliminary step of the phishing process that engrosses the planning regarding the attack on the particular organization, community, group, or person. In this phase phisher will necessitate information to be collected, like that target scam page templates, e–mail lists as well as challenging information from customers of phishing identification. Wide-ranging data and information like that indented e–mail files as well as scam page patterns requirements to be gathered. The Phisher has no need to be proficient at internet design, on the other hand in its place that should be able to accomplish a previously employed scam page. Pages for the SACM as well as e–mail patterns are broadly accessible inside the group of people. If additional superior templates methods are favored, professional website designers who presents on recognized fraud associated environments can be hired (Abad, 2006). b. Setup In this second phase of the phishing the phisher needs to make sure the apposite scam page communications on the negotiated hosts utilized in the phishing hit. Planning a course of action, to send back qualifications to a nameless chat room or an email address. In this step phisher necessitates insignificant mechanical knowledge as well as engross small or additional than uploading online site data, as well as locating up what is known as an egg-drop or an easy email-mail structure. An egg-drop bot employed for the reason of yielding recognition from a phishing page apparatus could be designed to depend the composed data and information support to an online user or send to chat-room demand (Abad, 2006). c. Attack For making this phase of the phishing effortless a variety of programs have been developed to hold group mailings, as well as there are money-making applications which as well generate group mails. As by means of the previous steps of the phishing process the phisher does not have need of definite information to propel out emails en masse as well as merely requires getting hold of the correct tool. Essential information of HTML facilitates the phisher to reproduce the style and formatting of apposite emails from the banking organization (Abad, 2006). d. Collection This step of the phishing process engrosses the phished files is frequently executed in secret; for instance, a course of action on the scam page hosting contraption rarely drives reverse phished files to unfamiliar web-based email records. These financial statements are then contacted through a proxy server or derived to an online chat-room through an egg-drop conversation bot. It is as well probable to place the files into a comprehensible listing on the web-based server as well as download up-to-date information explicitly from a browser critical to the apposite index where the files are stocked up (Abad, 2006). e. Cashing This is frequently the finishing step of the line for the phisher. At the present time, phishers are contributing the files goods by means of an imperfect supply of clients. Customers of monetary organization recommendation are identified as cashers. The casher’s most important role is to get hold of the phished files as well as accomplish cash straightly from the economic records attached to the files. Phishing as well as cashing are dissimilar as well as normally split positions (Abad, 2006). 7. Importance of phishing In this section I will talk about the detailed analysis of the importance of phishing. Mainly phishing is considered as a harmful action across the internet because the phisher’s more dependence is on e-mail movements. Phishing is normally well thought-out as a dividing up of the additional wide-ranging spam difficulty. On the other hand unlike spam promotions that accomplish millions, messages/ phishing are disposed to be derived to merely tens of thousands of clients. Phishing is frequently used as a most favorite procedure for the website verification and security analysis. For this purpose, we can make use of this technique for the enhanced website assessment. In this way we can become aware of any probable security holes in the website cash transfer functionality. The procedure of phishing is also used in opposition to any criminal drive. If we want to take out some indispensable information regarding some suspects, in this way we can have a comprehensive collection of information and data about them. We can make use of this information for the superior handling of the case. The phishing process also provides advantage for achieving the elevated “click through rate”. The click through rate produced by the technique of the spamming is a little bit short as compared to the phishing. Phishing technique can also be used at higher level for getting valuable and useful data and information regarding any specific individual or organization. In this way we can without doubt perceive any hidden aims of the people (Rodriguez, 2007). 8. Phishing is important in websites This section presents the analysis of the Phishing in websites. Here I will explain ways in which we need phishing for websites. A phishing technique with a disconcerting trend is to utilize the Internets identification structure as well known as Domain Name System (DNS) to inexplicable the performer at the back a botnet load of victims (Rodriguez, 2007). Altering among negotiated computer to put together it seem comparable to an ever unstable catalog of computers are carrying out the Spaming (this makes use of Domain Name System for Phishing, which is described as Rock or fast-flux Phishing following the illicit group that complete it well-known) (Rodriguez, 2007). This creates it hard for law enforcement to set down the accurate performer (as well illustrated the influence and organize center) for the reason that it appears to be a moving goals (Phishing2, 2009). A method which is acknowledged as Pharming makes use of Domain Name System cache fatal to forward you to a malware software hosting website exclusive of you together with clicked on some website link (Rodriguez, 2007). This advancement assault generally will employ adapting a local Domain Name System file on a negotiated computer or negotiating a Domain Name System server that will be supplying out invalid Domain Name System entrances when permissible websites are requested (Rodriguez, 2007). 9. Types of Phishing In this section I will discuss different types of the phishing. I will explore the most important techniques and areas that are targeted for the information hacking and online information exploitation. There are diverse kinds of phishing attacks which have currently been known. I will present and explore some of well known types below: 9.1- Deceptive Phishing This procedure of phishing generally referred to information theft by means of fake and instant messaging on the other hand the majority extensive broadcast technique at the present time is a deceptive email phishing that makes use of email message for this function. Messages on the subject of the need to authenticate or verify the user bank, credit or any payment account information, system breakdown necessitates clients to re-enter their data and information, fabricated payment account payments, unwanted account transforms, up-to-date free of charge services necessitates fast action, as well as a lot of other scams are transmitted to an extensive group of receivers by means of the anticipation that the innocent will react through clicking a fake link to or logging in onto a fake site where their secret data and information could be gathered (Attacks, 2009). 9.2- Malware Based Phishing Malware Based Phishing method engrosses the scams that require running fake and malicious application software on client’s PCs. This Malware software can be initiated as a fake email message that holds file attachment, as well as downloadable malware software file from a website, or else through abusing recognized safety vulnerabilities: a meticulous matter for medium and small businesses that are not eternally competent to preserve their online software and business related applications advancement (Attacks, 2009). 9.3- Screenloggers and Keyloggers Screenloggers and Keyloggers is another form of online phishing. In this method a hidden application (malware software) is inserted into the client system that keeps track user inputs all the way through the keyboard as well as broadcasts the noteworthy data and information to the hacker by means of the online connection (Internet). They would be able to entrench themselves into client’ internet browsers in the structure of minute helpfulness application programs that illustrates its characteristics as the collaborator objects that executes devoid of human intervention when the internet browser is initiated as well as into system information and files since device drivers or else screen monitors (Attacks P. , 2009). 9.4- Session Hijacking Session Hijacking is also another well-known phishing method that engrosses an online attack where client’s operations and activities are monitored in anticipation of they log in to an indented user payment or information account or business transaction as well as set up their authentic verification. At that position this hidden application (malicious software) occupies and can be able to carry out prohibited actions, like that relocating funds, with no the user's information (Attacks P. , 2009). 9.5- Web Trojans Web Trojans is also another familiar phishing technique that engages the popup imperceptibly enters into user system when users make an effort to sign in. They get together the client’s recommendation close by as well as broadcast them to the hacker/phisher (Attacks P. , 2009). 9.6- Hosts File Poisoning When a client types a website address to visit an online-site it can initially be decoded into an IP address earlier than its broadcasts in excess of the web. The preponderance of SMB client’ system’s running a MS Windows OS to begin with seem up these host identities in their client file previous to activating a DNS search for. Throughout exterminating the client’s information and data file, phisher/hackers have fake web address broadcasting, appealing the client merely to a bogus emerges similar online website where their information and data could be stolen (Attacks P. , 2009).. 9.7- System Reconfiguration Attacks System Reconfiguration Attacks are also major phishing technique that engrosses the hacking user information. In this technique the unknown application comes into the user system and modifies system settings on a client’s system for cruel reasons. For instance website email address in a favorites data file could be customized to express client to seem similar websites. For instance: an online bank site address (URL) can be changed from "abcbank.com" to abccbank.com (Attacks P. , 2009). 9.8- Data Theft The phishing also comprises the data theft through the fake ids and online address. This encompasses the a smaller amount protected systems those are frequently hold subsets of responsive data and information stocked up somewhere else on protected servers. Without doubt systems are employed to contact similar servers as well as can simply be compromised. Information and data stealing is an extensively employed technique to industry intelligence. Through theft of personal infrastructure, plan credentials, officially permitted estimations, worker associated records, etc., information robber’s proceeds from promotion to those who can want to make self-conscious or reason economic harm or to contestants (Attacks P. , 2009). 9.9- Pharming- Domain Name Server Based Phishing Pharming is a category of the hacking attacks which is designed to forward a website's load or traffic to a diverse fake website. Pharming is carried out in the course of changing the host’s user file on a target’s system or by making use of the susceptibility in Domain Name Server (DNS) software. Domain Name Server is computer in charge for checking Internet website names into their authentic online addresses. They are the "signposts" of the web based environment. Compromised Domain Name Server are rarely accredited as "poisoned" (Scams?, 2005). The name pharming is a combination of two terms farming as well as phishing. Phishing (which has been described above) is a kind of public engineering assault to get right of entry credentials like that passwords and usernames. At the present time, hackers utilize grouping of both phishing and pharming for online individuality stealing data and information. Pharming has turned out to be a most important apprehension to online banking websites as well as business hosting ecommerce. Complicated actions acknowledged as anti-pharming are mandatory to defend beside this grave danger (Scams?, 2005). Spyware removal software and Antivirus software are not able to defend in opposition to pharming (Scams?, 2005). Pharming hits are more often than not premeditated on the online shopping and banking services and facilities. 9.10- Content Injection Phishing Content Injection Phishing is another type of Phishing that engrosses a state of affairs where information or data phisher/hackers replace fraction of the user data and file content of an officially authorized website with bogus data and content intended to misdirect or mislead the client into giving up their secret and private data and information to the phisher/hackers. For instance hackers can put in malicious information hacking code to sign in user's secret information or superimpose that would be able to clandestinely gathered information as well as disperse it to the phisher/hackers's phishing server (Attacks P. , 2009). 9.11- Man-in-the-Middle Phishing Man-in-the-Middle Phishing attack is more complicated to observe than a lot of other shapes of phishing. In these hits hackers spots themselves among the client as well as the legally recognized website or arrangement. They trace the data and information transports comes in on the other hand carry on to bypass it on as a result that client’s dealings are not embellished. Afterward they would be able to sell or make use of the data, credentials or information collected when the client is not active on the system (Attacks P. , 2009). 9.12- Search Engine Phishing In this type of phishing takes place when phishers create websites by means of good-looking web design resonance presents as well as have them indexed legally using search engines. Client observes the websites in the standard ways of searching for services or products as well as is deceived into openhanded up their data and information. For case in point, scammers have arrangement fake banking websites contributing lesser praise expenses or improved interest charges than new banks. Victims who make use of these websites to build up or put together extra from interest rates are confident to relocate obtainable accounts as well as mislead into giving up their particulars (Attacks P. , 2009). 10. Phishing for/in website verification This section presents the analysis of the phishing for/in website verification. The majority extensive technique employed to offer confirmation of an online website is to make use of Secure Sockets Layer. SSL normally make use of cryptology to proffer not merely confirmation, on the other hand confidentiality because data transmits among browser as well as online websites are encrypted. The intact industry that carries out monetary dealings over the web makes use of the Secure Sockets Layer for these reasons (Monk et al, 2009). Because phishing employs the utilization or exploitation of the confirmation module of Secure Sockets Layer, it is momentous to study ways of authentications of the Secure Sockets Layer information we are obtainable through (Phishing1, 2009). Acknowledgment and elimination of phishing websites is a most important concern, a supply’s significance relies leading the pace by means of which websites are accounted as well as consequently established demands numerous clients to select initiates imperative holdups. On standard, PhishTank acquiescences get hold of about to be confirmed. A small number of cases gain an extremely extended time to be established, which biases the standard (Clayton, 2008). PhishTank requests its clients to select on each exclusive URL that is offered. Unfortunately, this entails a tremendously massive as well as preventable load on its volunteers. The faction of scandalous who commits phishing hits on a massive scale (Clayton, 2008). As a substitute of negotiating technology for hosting forged HTML in an unintentional method, the group originally buys a numeral of website domains by means of identifications comparable to lof80.info (Clayton, 2008). They then develop email spam by means of an extensive website address of the appearance website named”http://www.bank.com.id123.lof80.info/vr”. This contains a distinctive identifier; the entire alternatives are determined to an exacting IP address by means of ‘wildcard DNS’. Equal to 25 banks are imitated within every domain (Clayton, 2008). Website CVCs or Content Verification Certificates facilitates the authentication of "website page content". Since an X509 agreeable credential kind, Content Verification Certificates are produced, dispersed, as well as invalidated by means of well-known Public Key Infrastructure techniques to proffer the highest order of safety for website page content, facilitating the action of confirmed established routing, panes, login boxes, confirmed trade brands as well as confirmed official approval/relationship logos. Joint through absolutely distributable tools similar to VEngine, Content Verification Certificates permit project to achieve a realistic blocking response to phishing hits. Protecting the content of a website page as well as permitting confirmation (Verification, 2009). For the website content to turning out to be confirmable through the clients it has to be (Verification, 2009):- 1) In the approved manner multifaceted similar that it should not simply be spoofed (No cut and paste potential) 2) Straight associated to the website page upon that it is to be exhibited 3) Specified an authority stage linked to its procedure. 11. Twelve ways to avoid phishing Here I will present 12 steps regarding the avoidance of phishing; these steps are given below; 1. Make use of anti spyware software 2. Get training about phishing 3. Protect the hosts file (Johanson. 2009) 4. Firewall 5. Do not click on hyperlinks in e-mails 6. Take benefit of anti-spam applications/software 7. Confirm https (SSL) (Monk et al, 2009) 8. Defend beside DNS pharming attacks 9. Carry on antivirus up to date 10. Don't enter perceptive or economic information into pop-up windows 11. Make use of the MBSA (Microsoft Baseline Security Analyzer ) 12. Make use of backup system images (Johanson. 2009) 12. Identity and Privacy Crisis This section covers the main identity and privacy Crisis that are most important subjects at the present time. This crisis is due to lot of reasons. These reasons are given below (Cavoukian, 2006); Getting higher identification requirements create privacy troubles Web based fraud as well as safety alarms are restrained self-assurance, faith and the expansion of e-commerce; Fears of online observation and extreme gathering, utilization and revelation of identity data and information through others are also retreating self-assurance in the Internet; Should have private user control and empowerment online over one’s own private information; Password exhaustion: reused, weak passwords Here what should be done? We have to take care for following things on the subject of the effective online security implementation and execution (Cavoukian, 2006): An enhanced user control, Data minimization techniques Privacy protection, and Stronger security 13. Phishing Identification In this section I will present the some identification of the websites those are performing phishing. Here in the image below I will present an email message to demonstrate the phishing email. Phishing Email Figure 1 Phishing email. [source: http://techrepublic.com.com/i/tr/cms/contentPics/clip_image002.jpg ] The above given image is an example of the phishing email that ask the user to update there credit card information. If user replies this message the all the information goes to hacker and he will use that information in a wrong way. Phishing Browser In the image below I will present a phishing browser that can give information us regarding the phishing website. Figure 2 Phishing Browser [source: http://techrepublic.com.com/i/tr/cms/contentPics/clip_image004.jpg] Some time a web browser automatically opens to user system and asks for the some information. This type of browser is initiates through clicking on some malicious link. The address bar of the window shows a fake email address. These types of browsers are aimed at performing the identity theft. Phishing Links In this section I will present the Phishing link that misguides the people regarding the fake website of the any company. Figure 3 Phishing Links source: http://techrepublic.com.com/i/tr/cms/contentPics/clip_image003.jpg The above link is an example of fake Ebuy sign in page. When user sigh in to page like this, the password and user name will be hacked by the hacker and can be used in a wrong way. Phishing Website Image given below demonstrates the fake website that is developed to misguide people regarding the finical fraud. Figure 4- Phishing Website [source: http://techrepublic.com.com/i/tr/cms/contentPics/clip_image005.jpg] The above image demonstrtes the a face Yahoo website. Its address bar shows an addres that starts with w.yahoo.com. This is not a valied link and developed to damge the user inforation and data. Figure 5 Phishing Website [source http://www.fraudwatchinternational.com/phishing-fraud/phishing-web-site-methods/] In the above given website the hacker genrates a fake website that looks similer to your bank’s webiste. Here a fake pop-up appres that asks for the user bank account number, user PIN or password and chnges PIN. This information is saved to fake website datbase. The hacker use this information to hack the account of the user. In this way user is ignorent about the attack and hacker hackes the entire data and information. 14. Online Security Measures In this section I will discuss about a number of the security measures that we can take regarding the safety for the online Phishing. Pharming hits be able to be hard to identify as well as to beat matters similar to DNS cache poisoning, a safe edition of Domain Name System safety Extensions (DNSSEC) could be put into practice for enhanced online security. For the superior security and its successful accomplishment can be achieved through the apposite utilization of the of anti products comparable to Symantec Multi-tier defense could to a sure level stop malware similar to zero-day threats, trojans, worms, adware, viruses, bots, spyware, and rootkits. Also the utilization of proxy servers employing Websense and Microsoft ISA server could protect clients from phishing hits. Proxy servers give support to to build up protection through malicious software and filtering website content (Schacko, 2007). The use of the Websense Web safety set offers security in opposition to malicious mobile code, spyware, as well as phishing hits; Web based threats, bots, and other new threats. Websense ThreatSeeker attribute, proactively finds out web safety threats through scrutinizing 600 million websites for each week (Schacko, 2007). This application as well identifies malicious protocols, websites, HTTP traffic and applications; this system also blocks the right of entry at the Internet gateway (Schacko, 2007). Primary level protection in opposition to the phishing is to protect the computer by means of group policies, antivirus software, spyware prevention tools; windows safety models service packs in addition to safety patches, etc. Execution IDS and honey can very much augment protection besides the phishing attacks (Schacko, 2007). 15. Personal Security Measures For the personal security accomplishment from phishing, spamming, and other online threats we have to take actions for the superior security implementation. Now I will present the main steps for the successful security implementation at user level and detection of the potential hazards and threats. A Phishing Filter attribute is accessible on the IE which facilitates to make a distinction between phishing entity and websites. A phishing detection filter carries outs three steps to make a distinction and defend phishing scams. Almost straight away the website address goes through the phishing detection processor: the authority would be weighed up by means of a directory of officially permitted websites reported to Microsoft that is accumulated nearby in the computer (Schacko, 2007). After that position is to inspect websites by means of widespread uniqueness of a phishing site. In the previous step by means of clients permission filer drives website addresses to Microsoft for additional confirmation beside stated phishing sites (Schacko, 2007). If that exacting website occurs to be in the catalog of stated phishing sites, Internet Explorer will give you a warning (Schacko, 2007). When Phishing Filter transmits address of a site to Microsoft, it holds the client IP address, Internet Explorer or browser class and Phishing Filter edition. IE 7 outlines an additional layer of defense when we go to a websites that makes use of the EV or Extended Validation SSL Certificates; address bar turns out into the green and outlines further information comparable to individuality of the website proprietor (Schacko, 2007). The majority e-mail application approach through built-in anti-phishing detection by design removes the email message or shifts it to the junk folder relying on the SCL or Spam Control Level (Schacko, 2007). 16. Keeping information protected This section outlines few steps regarding the better information safety. In all types of the online hacking and criminal activities one thing is imperative that is information. Hackers regain information to give a danger for the individual. These steps will provide better understanding regarding the development of the better information safety and preservation. Main steps are given below these can be effective for organizational information safety: (Bonnette, 2008): Uncompromisingly save from harm mobile devices that hold responsive information. Update safety constantly as well as update of change passwords regularly (Johanson. 2009). Store responsive information and data in a password sheltered region of the system, as well as allowance right of entry on a need only basis. Stock up paper credentials in safe cabinets Place glare safeguards on laptops and computer screens. Encrypt every wireless network link Bound data exhibit as well as revelations Consult with IT experts regarding utilization of security software. Construct as well as utilize virtual isolation networks addicted to office workstations For an organization it is necessary to hire an information security officer. Train the staff in the confidentiality strategies of the office. 17. Conclusion In this report I have presented a detailed analysis of phishing and its concerned terminologies. I have discussed the whole paradigm of phishing. In this research I have mainly concentrated on the use of phishing for/in website verification. Then, I have presented different types of the phishing their areas of impact in the society. This research also spotlighted the main advantages regarding the techniques of the phishing. This research concentrated on both positive and negative impacts of these techniques of the phishing. This research provides a deep insight into overall idea of the phishing and its functioning areas. Bibliography 1. Abad, H. 2006, The Economy of Phishing: A Survey of the Operations of the Phishing Market. Cloudmark Inc. 2. Attacks, P. 2009, Phishing Attacks. Retrieved 07 11, 2009, from http://tech.yahoo.com/: http://tech.yahoo.com/gd/types-of-phishing-attacks/202895 3. Attacks, T. o. 2009, Types of Phishing Attacks. Retrieved 07 11, 2009, from http://www.pcworld.com/: http://www.pcworld.com/businesscenter/article/135293/types_of_phishing_attacks.html 4. Bonnette, L. G. (2008, June 13), Phishing, pharming and other means of ID theft. Retrieved 06 18, 2009, from Phishing, pharming and other means of ID theft: http://www.blbva.com/ 5. Cavoukian, A. 2006, The Case for Privacy-Embedded Laws of Identity. Toronto, Ontario, Canada: Information & Privacy Commissioner of Ontario. 6. Clayton, T. M. 2008, Evaluating the Wisdom of Crowds in Assessing Phishing Websites. Financial Cryptography and Data Security (FC) , 16–30. 7. Johanson. 2009, The State of Homograph Attacks . Retrieved 06 18, 2009, from Web Attacks : http://www.shmoo.com/idn/homograph.txt. 8. Laudon, K. C., & Laudon, J. P. 1999, Management Information Systems, Sixth Edition. New Jersey: Prentice Hall . 9. Monk, E., & Wagner, B. 2009, Concepts in Enterprise Resource Planning, 3rd.ed. Boston: Course Technology Cengage Learning. 10. National Criminal Justice reference Service. (2008, 09 15). In the Spotlight, Identity Theft - Facts and Figures . Retrieved 06 23, 2009, from NCJRS, National Criminal Justice reference Service: http://www.ncjrs.gov/spotlight/identity_theft/facts.html 11. Phishing-1. 2009, Phishing. Retrieved 07 13, 2009, from http://www.utoronto.ca/security/index.htm: http://www.utoronto.ca/security/UTORprotect/phish.htm 12. Phishing-2. 2009, Phishing: personal data theft. Retrieved 07 11, 2009, from http://www.pandasecurity.com: http://www.pandasecurity.com/homeusers/security-info/types-malware/phishing/ 13. Rodriguez, M. 2007, Phreaking, SPAM, Phishing, Botnets, Pharming, Vishing, SMiShing & SPIM oh my. CTSO @ Western Illinois University. Retrieved 07 11, 2009, from: http://www.wiu.edu/utech/securitySpecial/techSecurity/pdf/May2008SecurityPrivacyNews.pdf 14. Scams?, P. a. 2005, How Can We Stop Phishing and Pharming Scams? CSO Magazine. 15. scams, A. p. 2009, 12 steps to avoid phishing scams. Retrieved 07 11, 2009, from techrepublic.com: http://articles.techrepublic.com.com/5100-10878_11-5818568.html 16. Schacko. (2007, November 25), Phishing, Pharming and Vishing. Retrieved 06 18, 2009, from Phishing, Pharming and Vishing. 17. Tan, K. (2006, 02 12). Phishing and Spamming via IM (SPIM). Retrieved May 12, 2009, from Internet Storm Center: http://isc.sans.org/diary.html?storyid=1905 18. Verification, C. 2009, Comodo - Anti-Phishing Portfolio. Retrieved 07 12, 2009, from http://www.contentverification.com/: http://www.contentverification.com/resources/portfolio.html Read More