Phishing attacks are the fastest growing type of Internet scam out there
today. And industry analysts say this nasty scheme shows no signs of
slowing down.
Phishing scams are increasingly intelligent and targeted, posing a more
harmful threat than ever before.
Phishing is one of the latest online financial scams plagueing online
users. Emails claiming to be from legitimate businesses, such as banks
and credit card companies, direct recipients to a replica of the actual
company’s Web site. Once they arrive at the site, victims are asked to
‘update’ their personal financial information, such as passwords, account
numbers and Social Security numbers. The information is then used to
steal the person’s identity, along with their money, and defraud
businesses.
Analysts say these scams quickly are becoming more effective and harder
to detect. The phishers’ intentions are changing, analysts say, and
becoming more malicious.
And phishers aren’t only posing as banks or credit card companies these
days. They’ve begun targeting health care organizations and electric
utilities.
”Last year was definitely the year of phishing,” says Scott Chasin,
chief technology officer of MX Logic, Inc., an e-mail defense solutions
firm out of Denver, Co. ”Phishing will continue to evolve to more
elaborate social engineering and have more malicious capabilities to dupe
victims.”
Chasin says the phishing attacks, which rely heavily on luring in victims
with warnings about the state of their finances, will soon be
overshadowed by pharming scams. In pharming attacks, Chasin says the
scammers will use sophisticated worms and viruses attached to Web
browsers to redirect users to spoofed Websites when they try to access
valid sites.
”This is a new era of stealth,” says Chasin. ”It is no longer the era
of teenage 1980’s egocentric hackers. Now, they are economically
motivated, which will continue to drive the sophistication.”
There are about 500 fake bank Websites being reported every week to the
Anti-Phishing Working Group, according to a study published by Ferris
Research, a San Francisco, Calif.-based industry research firm. The
report also shows that between August and November of 2004, phishing
attacks grew by 350 percent.
”Phishing is growing really fast,” says Richi Jennings, lead analyst of
spam and boundary services for Ferris, as well as the analyst in charge
of the study. ”It is a very serious problem.”
Michael Spooner, senior market analyst with Vircom, a Montreal-based
developer of secure e-mail management products, says they not only see
more phishing attacks now then in the past, but the scams are becoming
more focused on specific people and places.
”Scammers are realizing that people are growing savvy to financial
attacks,” says Spooner. ”They are now moving to other places like
health care.”
Phishers also are going after utilities, such as telephone and electric
companies.
”They can also target a specific group or even country,” Spooner adds,
referring to an instance when the Royal Bank of Canada’s computer system
froze. Phishers sent fake emails to all addresses ending in ”.ca” to
lure users into offering up their personal information.
A 2005 Vircom study reports that 33 percent of people who receive
phishing scams in their email inboxes click on links provided in the
emails. Phishers can generate between $100,000 and $200,000 in each of
these scams, the study states.
With phishers getting better at what they do, it’s vital for end users
and IT managers to be informed on how to detect and avoid the scams.
Advice for IT Managers
and on their home machines;
business, and
be aware of what is happening in the anti-virus industry.
Advice for End Users
from any company or organization. If your bank needs to contact you,
they’ll call.
address the organization provided you with, or via a bookmarked URL.
company that sent it to verify. Check the company’s Website for
disclaimers against sending out such emails.
updated.
phishing scams include prompts to do something immediately or the user
will suffer a financial loss. Phishers want the person to react without
thinking.
coming from, who sent it and why they sent it.
The Future of Phishing
Analysts agree that IT managers and end users will continue to battle
with phishers.
”Phishing scams are a lot more diabolical now and it is becoming a lot
easier to scam people,” says Spooner. ”Phishers are very good at
knowing what is going on in the world.” Spooner points out that phishers
are taking advantage of world events, such as the tsunami disaster in
Asia.
”Any major event will now have a phishing scam with it,” says Spooner.
Jennings says banks, credit card companies and other industries are
putting a lot of effort into fighting the problem and will have to
continue the effort over the next few years.
”There will have to be a constant education to customers, saying, ‘We
will never ask you for this kind of information over email,’ ” says
Jennings.
Spooner says to expect some anti-phishing legislation to be enacted over
the next year or two. He also thinks there will be more phishing-related
prosecutions. And new digital identification technologies also will start
to hit the market.
”Both technology and legislation will be fighting phishing,”Spooner
adds.