This document summarizes information about phishing attacks, including how they work, common techniques used by phishers, and ways to prevent phishing. It notes that phishing works by deceiving users through fake websites, emails, and URLs that mimic legitimate sites to steal login credentials and private information. Specific phishing methods discussed include visual deception, browser deception, spear phishing, URL redirection flaws, and address bar spoofing. The summary also provides statistics on phishing prevalence and recommendations for technical and user-based defenses against phishing.

1. Muhammad Haroon Network Security Consultant Penetration Tester

2. WARNING! Contents of this presentation are for educational purposes only. It is strongly suggested that you do not use this knowledge for illegal purposes!

23. Deception Methods

29. Attacker Email Spam Victims Scam Something Is Wrong!

54. The continuing growth in the number of Phishing scams is a serious concern for the entire Internet community. Any individual with access to email or performing on-line business transactions is a potential victim of a Phishing attack. As time goes by, these Phishing scams are becoming more sophisticated and use smarter deception methods. Phishing attacks exploit Active Content to take advantage of vulnerabilities in web browsers, which offer a plethora of opportunities for malicious/inappropriate behavior. The sophistication of today's attacks requires an intelligent solution that can analyze the actual behavior of that content and determine whether it is malicious/inappropriate or appropriate.