Digital Evidence Analysis: Phishing and Spoofing Tools

On this page, find:

Why Are Phishing and Spoofing a Threat?

Phishing and spoofing have been linked to cyberfraud, identity theft and other computer security incidents, and new investigative technologies are needed to track down cyberspace offenders.

"Phishing" e-mails may seem authentic, but in reality, they are attempts to steal passwords, other personal and financial information, or infect the recipient's computer. Senders of phishing e-mails hope to lure recipients into revealing data that would subsequently be used for criminal activities.

"Spoofing" is an attempt to hide the origin of an e-mail message. Some criminals use spoofing to make it appear as though an e-mail was sent by a legitimate user or well-known company, hoping that recipients will open the e-mail and respond. Additionally, "spoof sites" tend to look almost identical to authentic websites and can thus easily trick users into giving up personal information.

New Technology to Combat Phishing and Spoofing

Up-to-date tools are essential in helping law enforcement trace the IP addresses and user IDs associated with phishing and spoofing e-mails.

NIJ funded the development of the Undercover Multipurpose Anti-Spoofing Kit (UnMASK) to aid investigators in investigating e-mail crimes such as phishing attacks and threats. UnMASK —

  1. Allows investigators to upload suspect e-mail through a secure Web interface.
  2. Allows automatic analysis of the e-mail and addition of related Internet information into a database.
  3. Generates custom reports from the populated database.

Read a report about the development of UnMask (pdf, 10 pages) Exit Notice.

Date Modified: August 27, 2012