ABSTRACT
This chapter describes a number of different techniques that modern attackers use to enhance phishing attacks bringing the success rate of such attacks to a significantly higher level by using advanced methods to craft phishing pages, including pages created using vulnerabilities of legitimate web applications. It reviews the methods of developing phishing pages, with attempts to make them look like genuine ones by utilizing vulnerabilities of different natures and on different levels, such as IDN name display method of browsers, web certificate issuance process imperfections, and classic cross-site scripting vulnerabilities of web applications. The chapter also describes the advanced techniques of creating phishing pages, it is important to understand the basics of phishing attacks. It reviews technologies and methods used by attackers in order to raise the success rate of attacks, as well as a number of mitigation methods in use.
