Digital Evidence Analysis: Phishing and Spoofing Tools
This page has been archived by the National Institute of Justice and is no longer updated. It may contain outdated information and broken links.
On this page, find:
Why Are Phishing and Spoofing a Threat?
Phishing and spoofing have been linked to cyberfraud, identity theft and other computer security incidents, and new investigative
technologies are needed to track down cyberspace offenders.
"Phishing" e-mails may seem authentic, but in reality, they are attempts to steal passwords, other personal and financial
information, or infect the recipient's computer. Senders of phishing e-mails hope to lure recipients into revealing data that
would subsequently be used for criminal activities.
"Spoofing" is an attempt to hide the origin of an e-mail message. Some criminals use spoofing to make it appear as though
an e-mail was sent by a legitimate user or well-known company, hoping that recipients will open the e-mail and respond. Additionally,
"spoof sites" tend to look almost identical to authentic websites and can thus easily trick users into giving up personal
New Technology to Combat Phishing and Spoofing
Up-to-date tools are essential in helping law enforcement trace the IP addresses and user IDs associated with phishing and
NIJ funded the development of the Undercover Multipurpose Anti-Spoofing Kit (UnMASK) to aid investigators in investigating
e-mail crimes such as phishing attacks and threats. UnMASK —
- Allows investigators to upload suspect e-mail through a secure Web interface.
- Allows automatic analysis of the e-mail and addition of related Internet information into a database.
- Generates custom reports from the populated database.
Read a report about the development of UnMask (pdf, 10 pages) Exit Notice.
Date Modified: August 27, 2012