The Current State of Phishing Attacks

Zulfikar Ramzan, Symantec

Phishing is the act of sending a fake email, to a user, appearing to originate from a legitimate institution with which the user transacts (e.g., their bank, credit card company, etc). The email directs the user to a spoofed web site and asks for sensitive information (e.g., usernames/passwords, credit card numbers, bank account numbers, social security numbers, etc.); in the hands of a malicious party, leaking this sensitive information is very dangerous. While it used to be easy to tell apart a phishing attempt from a legitimate email, phishers have started to using techniques of ever-increasing sophistication. As a result, phishing has catapulted into a major component of the new threat landscape.

This talk will survey the current state of phishing attacks, leveraging real-world data obtained through Symantec's data collection fabric. We will describe:

The talk will be self contained and assumes no prior knowledge of the phishing threat.


8 May (Tuesday) at 1630 hrs

Gates 4B (opposite 490)