Evidencing standards for phishing and pharming refer to the criteria and guidelines used to collect and present evidence related to these cyberthreats.
Phishing and pharming are types of online fraud that involve deceiving individuals or organizations to obtain sensitive information such as usernames, passwords, PII and financial details. Establishing clear evidencing standards is crucial for investigations, legal proceedings, and the development of preventive measures.
Common evidencing standards for phishing and pharming include the following:
Documentation of Incidents:
- Detailed documentation of the phishing or pharming incident, including the date, time, geolocation proxy, user agent string, and nature of the attack.
- Screenshots or copies of phishing emails, websites, or other deceptive content.
- Analysis of Attack Vectors:
- Identification of the attack vector used in the phishing or pharming attack (e.g., email, social engineering, DNS manipulation).
- Analysis of the methods employed by the attackers to deceive users.
- Digital Forensics:
- Collection and preservation of digital evidence from affected systems and networks.
- Analysis of network logs, server logs, and any other relevant digital artifacts.
- IP Addresses and URLs:
- Recording and tracking of IP addresses and URLs associated with the phishing or pharming attacks.
- Verification of the legitimacy of websites and email addresses used in the attacks.
- Email Header Analysis:
- Examination of email headers to trace the origin of phishing emails.
- Identification of any anomalies or signs of email spoofing.
- User Reports and Testimonies:
- Collection of reports from users who may have fallen victim to the phishing or pharming attack.
- Statements or testimonies from individuals who observed or reported the attack.
- Cross-Verification with Threat Intelligence:
- Comparison of collected evidence with threat intelligence databases to identify known phishing or pharming campaigns.
- Use of external sources to validate the legitimacy of identified threats.
These evidencing standards help create a comprehensive and reliable record of the phishing or pharming incident, supporting investigations and the improvement of cybersecurity practices, all in the pursuit of Cleaning Up the Internet for Good.