| From 2004, a new kind of network attack method—Network Phising becomes on the internet. Network Phishing attacks use both social engineering and technical subterfuge to steal consumers' personal identity data and financial account credentials. Social-engineering schemes use 'spoofed' e-mails to lead consumers to counterfeit websites designed to trick recipients into divulging financial data such as credit card numbers, account usernames, passwords and social security numbers. Hijacking brand names of banks, e-retailers and credit card companies, phishers often convince recipients to respond. Technical subterfuge schemes plant crimeware onto PCs to steal credentials directly, often using Trojan keylogger spyware.This paper describes Network Phising, and makes a detailed research on aspects from how to track and distinguish Phishing spam to the classical method of constructing fake websites combined,with a classical case called APWG. A HoneyPot system is constructed for the analysis of Phising's steps, the procedure and developing direction is obtained. Finally, according to the analysis result, protecting strategy is designed for personal users and online enterprises separately. Besides, a two-factor online business authentication system is designed for senior customers to effectively resist to Network Phishing.In a word, from the research on the Network Phishing and the proposing of some effective protecting strategy in this paper, a systemized understanding on Phising is reached and some conditions for resisting Phising are created. |
PDF Full Text Request