Saphe - Relevant Phishing background data

Find out more about Phishing:

There are two recognized Phishing attack types:

  • Passive Phishing, in which the attacker's web server impersonates the real server, but the real server is not involved
  • Active Phishing, in which the attacker's machine acts only as a bridge to the real server, which effectively gives it Man-in-the-Middle capabilities

Common Phishing techniques include sending a false URL via a fraudulent e-mail to the victim, using instant-messaging application and planting false links in web pages. In any case, once the unsuspecting user opens the URL, he is connected to the attacker's web server which appears to be the legitimate server, where he is prompted to enter his personal details.

There are three possible Phishing scenarios:

  • Wrong-domain server: The most common scenario. the attacker solicited the user to connect to a false URL, which includes a domain-name different from the real server's domain name
  • DNS-poisoning: the attacker somehow managed to divert traffic designated to the real server's URL to his own machine. This case is similar to the previous one, except that the domain name appears to be valid to the user. In this case no solicitation is required, as the user connects to the attacker's machine whenever he attempts to connect the real server
  • Real Man-in-the-Middle: the attacker is in full control of one of the hops in the path between the user and the real server. In this case no solicitation is required, as the attacker's machine fully controls any traffic that passes through it

These scenarios are all dealt-with by the Saphe solution, as can be read here.

Back to main Saphe project page

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License