A phishing vulnerability analysis of web based systems

Phishing, a criminal act of collecting personal, bank and credit card information by sending out forged e-mails with fake websites, has become the most popular practice among the criminals of the Web. Phishing attacks are becoming more and more sophisticated and are constantly on the rise. The impact of phishing is quite drastic since it involves the threat of identity theft and financial losses. A lot of groups and organizations are trying to study this act and also inform and update the public on what are the latest tactics being used in the phishing sector. According to industry estimates, phishing attacks are on the rise every year and the existing anti phishing solutions fall short in detecting phishing. Moreover, phishers come up with innovative methods of phishing everyday making it even more difficult to detect and prevent phishing. This paper explains in detail the various methods used in phishing. We perform a root-cause analysis of the methods used in phishing, the motivation for phishing and in the process come up with a fishbone diagram outlining the causes and methodologies used in phishing. This analysis is aimed at helping developers to design and develop better anti phishing solutions.