No phishing off the bridge

The folks over at NGS have written a very good whitepaper titled The Phishing Guide: Understanding & Preventing Phishing Attacks. It talks about various types of phishing attacks and how to identify and protect yourself from them. Some of it is pretty technical, but it's a pretty good read and contains a lot of good information on how to recognize phishers. Definitely something to share with friends and family who might not be quite so savvy to these types of attacks.

Found via Bugtraq

Abstract:

Phishing is the new 21st century crime. The global media runs stories on an almost daily basis covering the latest organisation to have their customers targeted and how many victims succumbed to the attack. While the Phishers develop evermore sophisticated attack vectors, businesses flounder to protect their customers' personal data and look to external experts for improving email security. Customers too have become wary of "official" email, and organisations struggle to install confidence in their communications.

While various governments and industry groups battle their way in preventing Spam, organisations can in the meantime take a proactive approach in combating the phishing threat. By understanding the tools and techniques used by professional criminals, and analysing flaws in their own perimeter security or applications, organisations can prevent many of the most popular and successful phishing attack vectors.

This paper covers the technologies and security flaws Phishers exploit to conduct their attacks, and provides detailed vendor-neutral advice on what organisations can do to prevent future attacks. Security professionals and customers can use this comprehensive analysis to arm themselves against the next phishing scam to reach their in-tray.