Paper 2005/091

Distributed Phishing Attacks

Markus Jakobsson and Adam Young

Abstract

We identify and describe a new type of phishing attack that circumvents what is probably today's most efficient defense mechanism in the war against phishing, namely the shutting down of sites run by the phisher. This attack is carried out using what we call a distributed phishing attack (DPA). The attack works by a per-victim personalization of the location of sites collecting credentials and a covert transmission of credentials to a hidden coordination center run by the phisher. We show how our attack can be simply and efficiently implemented and how it can increase the success rate of attacks while at the same time concealing the tracks of the phisher. We briefly describe a technique that may be helpful to combat DPAs.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Published elsewhere. in submission
Keywords
Covert channelsdistributed attacksphishingsocial engineeringsecurity
Contact author(s)
markus @ indiana edu
History
2005-03-25: received
Short URL
https://ia.cr/2005/091
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2005/091,
      author = {Markus Jakobsson and Adam Young},
      title = {Distributed Phishing Attacks},
      howpublished = {Cryptology ePrint Archive, Paper 2005/091},
      year = {2005},
      note = {\url{https://eprint.iacr.org/2005/091}},
      url = {https://eprint.iacr.org/2005/091}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.