Using Web bugs and honeytokens to investigate the source of phishing attacks

Author

Craig Michael McRae

Issuing Body

Mississippi State University

Advisor

Vaughn, B. Rayford

Committee Member

Dampier, A. David

Committee Member

Ramkumar, Mahalingham

Date of Degree

5-3-2008

Document Type

Graduate Thesis - Open Access

Major

Computer Science and Engineering

Degree Name

Master of Science

College

James Worth Bagley College of Engineering

Department

Department of Computer Science and Engineering

Abstract

Phishing is the use of social engineering and electronic communications such as emails to try and illicit sensitive information such as usernames, passwords, and financial information. This form of identity theft has become a rampant problem in today’s society. Phishing attacks have cost financial institutions millions of dollars per year and continue to do so. Today’s defense against phishing attacks primarily consists of trying to take down the phishing web site as quickly as possible before it can claim too many victims. This thesis demonstrates that is possible to track down a phisher to the IP address of the phisher’s workstation rather than innocent machines used as intermediaries. By using web bugs and honeytokens on the fake web site forms the phisher presents, one can log accesses to the web bugs by the phisher when the attacker views the results of the forms.

URI

https://hdl.handle.net/11668/15105

Recommended Citation

McRae, Craig Michael, "Using Web bugs and honeytokens to investigate the source of phishing attacks" (2008). Theses and Dissertations. 4918.
https://scholarsjunction.msstate.edu/td/4918