Phishing (http://en.wikipedia.org/wiki/Phishing) is a kind of fraudulent activity focused on theft of private information. Such crimes are generally based on different methods of Social engineering (http://en.wikipedia.org/wiki/Social_engineering_(computer_security) ). In general, cyberfraudsters create web pages that imitate websites of real financial organizations, banks or other companies, intercept genuine users and direct them to bogus websites that look and feel exactly like original website.
The number of phishing-attacks grows fast in spite of security developing companies efforts to low it. RSASECURITY issues monthly phishing-attacks reports which can be found at company official website http://www.rsasecurity.com/phishing_reports.asp. The big problem is that victims hide the statistics as the fact of successful phishing-attack is a serious threat for the company reputation.
The classic phishing-attack looks as follows. Let’s assume that a fraudster decided to capture confidential data that gives access to the account management zone on X bank website. Fraudster needs to entice a victim to a false website that represents a copy of X bank site. It is...