Phishers Focusing in on New Targets

Download the authoritative guide: Cloud Computing 2019: Using the Cloud for Competitive Advantage

Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  
Phishing attacks are the fastest growing type of Internet scam out there today. And industry analysts say this nasty scheme shows no signs of slowing down.

Phishing scams are increasingly intelligent and targeted, posing a more harmful threat than ever before.

Phishing is one of the latest online financial scams plagueing online users. Emails claiming to be from legitimate businesses, such as banks and credit card companies, direct recipients to a replica of the actual company's Web site. Once they arrive at the site, victims are asked to 'update' their personal financial information, such as passwords, account numbers and Social Security numbers. The information is then used to steal the person's identity, along with their money, and defraud businesses.

Analysts say these scams quickly are becoming more effective and harder to detect. The phishers' intentions are changing, analysts say, and becoming more malicious.

And phishers aren't only posing as banks or credit card companies these days. They've begun targeting health care organizations and electric utilities.

''Last year was definitely the year of phishing,'' says Scott Chasin, chief technology officer of MX Logic, Inc., an e-mail defense solutions firm out of Denver, Co. ''Phishing will continue to evolve to more elaborate social engineering and have more malicious capabilities to dupe victims.''

Chasin says the phishing attacks, which rely heavily on luring in victims with warnings about the state of their finances, will soon be overshadowed by pharming scams. In pharming attacks, Chasin says the scammers will use sophisticated worms and viruses attached to Web browsers to redirect users to spoofed Websites when they try to access valid sites.

''This is a new era of stealth,'' says Chasin. ''It is no longer the era of teenage 1980's egocentric hackers. Now, they are economically motivated, which will continue to drive the sophistication.''

There are about 500 fake bank Websites being reported every week to the Anti-Phishing Working Group, according to a study published by Ferris Research, a San Francisco, Calif.-based industry research firm. The report also shows that between August and November of 2004, phishing attacks grew by 350 percent.

''Phishing is growing really fast,'' says Richi Jennings, lead analyst of spam and boundary services for Ferris, as well as the analyst in charge of the study. ''It is a very serious problem.''

Michael Spooner, senior market analyst with Vircom, a Montreal-based developer of secure e-mail management products, says they not only see more phishing attacks now then in the past, but the scams are becoming more focused on specific people and places.

''Scammers are realizing that people are growing savvy to financial attacks,'' says Spooner. ''They are now moving to other places like health care.''

Phishers also are going after utilities, such as telephone and electric companies.

''They can also target a specific group or even country,'' Spooner adds, referring to an instance when the Royal Bank of Canada's computer system froze. Phishers sent fake emails to all addresses ending in ''.ca'' to lure users into offering up their personal information.

A 2005 Vircom study reports that 33 percent of people who receive phishing scams in their email inboxes click on links provided in the emails. Phishers can generate between $100,000 and $200,000 in each of these scams, the study states.

With phishers getting better at what they do, it's vital for end users and IT managers to be informed on how to detect and avoid the scams.

Advice for IT Managers

  • Educate employees about what to watch out for, both in the office and on their home machines;
  • Keep abreast of changes in legislation that could affect your business, and
  • Install good anti-spam and anti-virus filters in your network. And be aware of what is happening in the anti-virus industry.

    Advice for End Users

  • Never click on a link supplied in an email that supposedly comes from any company or organization. If your bank needs to contact you, they'll call.
  • Always access financial and other Websites by typing in the Web address the organization provided you with, or via a bookmarked URL.
  • Never respond to an unsolicited email.
  • If you are unsure about the legitimacy of an email, call the bank or company that sent it to verify. Check the company's Website for disclaimers against sending out such emails.

  • Make sure you have anti-spyware software on your PC and keep it updated.
  • Be Web-savvy. Look for ''calls to action'' in an email. Most phishing scams include prompts to do something immediately or the user will suffer a financial loss. Phishers want the person to react without thinking.
  • Always think twice before opening any email. Think about where it is coming from, who sent it and why they sent it.

    The Future of Phishing

    Analysts agree that IT managers and end users will continue to battle with phishers.

    ''Phishing scams are a lot more diabolical now and it is becoming a lot easier to scam people,'' says Spooner. ''Phishers are very good at knowing what is going on in the world.'' Spooner points out that phishers are taking advantage of world events, such as the tsunami disaster in Asia.

    ''Any major event will now have a phishing scam with it,'' says Spooner.

    Jennings says banks, credit card companies and other industries are putting a lot of effort into fighting the problem and will have to continue the effort over the next few years.

    ''There will have to be a constant education to customers, saying, 'We will never ask you for this kind of information over email,' '' says Jennings.

    Spooner says to expect some anti-phishing legislation to be enacted over the next year or two. He also thinks there will be more phishing-related prosecutions. And new digital identification technologies also will start to hit the market.

    ''Both technology and legislation will be fighting phishing,''Spooner adds.

    Submit a Comment

    Loading Comments...