Web application security - the fast guide Chapter 5: Attack Execution - the client | Page 15

Phishing
Attack requirement:
1. victim convinced that the message
is sent by legitimate party
2. the victim clicks on the fake link to
access the phished site that
collect sensitive data.
Attack process
BRAND
1. use a compromised machine or a
shared one to escape tracking.
2. Use the compromised machine to
send email that lead to the
phished version of the site
3. Victims will visit phished site and
provide sensitive information.
4. Information are directly used to
benefit before the scam get
disclosed.
2017-05-10
Web Application Security Fast Guide (book slides)
By Dr.Sami Khiami
Slide 15