This paper, discusses the history of the Rock Phish Gang as well as their attack methodology and how it has evolved. They also review the actions that businesses can take to prevent and defeat an attack by the Rock Phish Gang including an analysis of how MarkMonitor is uniquely positioned to prevent and defend against rock phishing attacks.

Phishing is a serious threat to consumer confidence and weakens trust in e-commerce. Online fraud scams continue to grow by fifteen percent per quarter, targeting financial institutions of all sizes as well as other types of businesses. Even worse, these scams are becoming more and more elaborate and therefore more difficult to defeat. The Rock Phish Gang has developed an insidious multi-tiered methodology with several failover layers. They exploit the domain registration and DNS system, compromise web servers, and ultimately lead victims down a virtually untraceable path. The social and technical issues presented by the Rock Phish gang must be addressed so that financial institutions and e-commerce companies can combat these scams and avoid erosion of customer trust.