Friday, December 13, 2024

Phishers Focusing in on New Targets

Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Phishing attacks are the fastest growing type of Internet scam out there

today. And industry analysts say this nasty scheme shows no signs of

slowing down.

Phishing scams are increasingly intelligent and targeted, posing a more

harmful threat than ever before.

Phishing is one of the latest online financial scams plagueing online

users. Emails claiming to be from legitimate businesses, such as banks

and credit card companies, direct recipients to a replica of the actual

company’s Web site. Once they arrive at the site, victims are asked to

‘update’ their personal financial information, such as passwords, account

numbers and Social Security numbers. The information is then used to

steal the person’s identity, along with their money, and defraud

businesses.

Analysts say these scams quickly are becoming more effective and harder

to detect. The phishers’ intentions are changing, analysts say, and

becoming more malicious.

And phishers aren’t only posing as banks or credit card companies these

days. They’ve begun targeting health care organizations and electric

utilities.

”Last year was definitely the year of phishing,” says Scott Chasin,

chief technology officer of MX Logic, Inc., an e-mail defense solutions

firm out of Denver, Co. ”Phishing will continue to evolve to more

elaborate social engineering and have more malicious capabilities to dupe

victims.”

Chasin says the phishing attacks, which rely heavily on luring in victims

with warnings about the state of their finances, will soon be

overshadowed by pharming scams. In pharming attacks, Chasin says the

scammers will use sophisticated worms and viruses attached to Web

browsers to redirect users to spoofed Websites when they try to access

valid sites.

”This is a new era of stealth,” says Chasin. ”It is no longer the era

of teenage 1980’s egocentric hackers. Now, they are economically

motivated, which will continue to drive the sophistication.”

There are about 500 fake bank Websites being reported every week to the

Anti-Phishing Working Group, according to a study published by Ferris

Research, a San Francisco, Calif.-based industry research firm. The

report also shows that between August and November of 2004, phishing

attacks grew by 350 percent.

”Phishing is growing really fast,” says Richi Jennings, lead analyst of

spam and boundary services for Ferris, as well as the analyst in charge

of the study. ”It is a very serious problem.”

Michael Spooner, senior market analyst with Vircom, a Montreal-based

developer of secure e-mail management products, says they not only see

more phishing attacks now then in the past, but the scams are becoming

more focused on specific people and places.

”Scammers are realizing that people are growing savvy to financial

attacks,” says Spooner. ”They are now moving to other places like

health care.”

Phishers also are going after utilities, such as telephone and electric

companies.

”They can also target a specific group or even country,” Spooner adds,

referring to an instance when the Royal Bank of Canada’s computer system

froze. Phishers sent fake emails to all addresses ending in ”.ca” to

lure users into offering up their personal information.

A 2005 Vircom study reports that 33 percent of people who receive

phishing scams in their email inboxes click on links provided in the

emails. Phishers can generate between $100,000 and $200,000 in each of

these scams, the study states.

With phishers getting better at what they do, it’s vital for end users

and IT managers to be informed on how to detect and avoid the scams.

Advice for IT Managers

  • Educate employees about what to watch out for, both in the office

    and on their home machines;

  • Keep abreast of changes in legislation that could affect your

    business, and

  • Install good anti-spam and anti-virus filters in your network. And

    be aware of what is happening in the anti-virus industry.

    Advice for End Users

  • Never click on a link supplied in an email that supposedly comes

    from any company or organization. If your bank needs to contact you,

    they’ll call.

  • Always access financial and other Websites by typing in the Web

    address the organization provided you with, or via a bookmarked URL.

  • Never respond to an unsolicited email.
  • If you are unsure about the legitimacy of an email, call the bank or

    company that sent it to verify. Check the company’s Website for

    disclaimers against sending out such emails.

  • Make sure you have anti-spyware software on your PC and keep it

    updated.

  • Be Web-savvy. Look for ”calls to action” in an email. Most

    phishing scams include prompts to do something immediately or the user

    will suffer a financial loss. Phishers want the person to react without

    thinking.

  • Always think twice before opening any email. Think about where it is

    coming from, who sent it and why they sent it.

    The Future of Phishing

    Analysts agree that IT managers and end users will continue to battle

    with phishers.

    ”Phishing scams are a lot more diabolical now and it is becoming a lot

    easier to scam people,” says Spooner. ”Phishers are very good at

    knowing what is going on in the world.” Spooner points out that phishers

    are taking advantage of world events, such as the tsunami disaster in

    Asia.

    ”Any major event will now have a phishing scam with it,” says Spooner.

    Jennings says banks, credit card companies and other industries are

    putting a lot of effort into fighting the problem and will have to

    continue the effort over the next few years.

    ”There will have to be a constant education to customers, saying, ‘We

    will never ask you for this kind of information over email,’ ” says

    Jennings.

    Spooner says to expect some anti-phishing legislation to be enacted over

    the next year or two. He also thinks there will be more phishing-related

    prosecutions. And new digital identification technologies also will start

    to hit the market.

    ”Both technology and legislation will be fighting phishing,”Spooner

    adds.

  • Subscribe to Data Insider

    Learn the latest news and best practices about data science, big data analytics, artificial intelligence, data security, and more.

    Similar articles

    Get the Free Newsletter!

    Subscribe to Data Insider for top news, trends & analysis

    Latest Articles