In recent years recommender systems have become a ubiquitous feature in e-commerce sites. However, the open nature of recommender systems makes them vulnerable to shilling attacks from malicious users. Such attacks may lead to erosion of user trust in the objectivity and accuracy of the system. One critical area of research in security of recommender systems is the study of attack models. In this paper, we propose an approach for creating attack models. Our paper explores the importance of target item and filler items in mounting effective shilling attacks. Our attack strategies are based on intelligent selection of filler items. Filler items are selected on the basis of the target item rating distribution. We propose filler item strategies for both all-user attacks and in-segment attacks. We show through experiments that our attack strategies are the most effective attack strategies against both user-based and item-based collaborative filtering systems. © 2009 IEEE.