Chapter 8Phish Like a Boss

“I will miss our conversations.”

—Nathan Algren, The Last Samurai

In the short time that it took Chris and me to write this book, the world has moved on. There have been a number of additional high-profile breaches reported, including eBay, The Home Depot, Sony, Chick-fil-A, and JPMorgan Chase & Co. I think it's safe to say that we haven't begun to see all of the fallout that will surely come in the form of stolen credit cards or identities or further attempts to perpetrate theft or infiltration through phishing.

The most recent report published from the Anti-Phishing Working Group (APWG), released August 29, 2014,1 reveals that the second ­quarter of 2014 had the second highest number of unique phishing websites reported—128,378. In addition, the number of unique phish reported in this same time frame was 171,801. These are just the numbers reported to the APWG, so I don't think it's a leap of logic to assume that this is only a fraction of phish and malicious websites circulating in the wild. The trend has been a continual increase over the last decade that the APWG has been reporting.

What's worse, phishers are becoming quicker, smarter, and more adaptive. In a recent study2 on manual account hijacking conducted by Google and the University of California, San Diego, it was determined that an attacker attempted to access 20 percent of accounts with harvested credentials within 30 minutes and 50 percent within 7 hours. In addition, attackers spent ...

Get Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.