Sunday, May 9, 2021

Phishing Attacks Escalating

Phishing attacks have reached a new height and it’s only expected to keep

increasing, according to Postini, Inc.

The email security company, which is based in Redwood City, Calif.,

reports finding 19,282,136 phishing attacks in July. That’s a 16 percent

increase compared to June.

”Clearly, we’re going to see more of this,” says Andrew Lockhart,

senior director of marketing for Postini. ”Phishing is still in its

infancy… If you’ve got the nerve for it and the talent for it, phishing

pays better than other types of spam. If you’re blasting out spam about

toner cartridges or herbal Viagra, maybe every sucker will part with 20

or 25 bucks. If you’re phishing, you’re looking at a potential payday of

hundreds of thousands of dollars.”

Lockhart points out that despite any increases, phishing attacks still

only make up about 1 percent of all spam. ”Plain old spam is just much

easier to do,” he adds.

Phishing is a scam in which the attacker, in an effort to pilfer personal

and financial information, sends out emails appearing to come from

legitimate e-commerce sites, such as banks. By duping the recipient into

handing over critical information, the attacker then steals the person’s

identity, taking money out of the bank or racking up credit card debt.

Steve Sundermeier, a vice president at Central Command, an anti-virus and

anti-spam company based in Medina, Ohio, says phishing is easy enough and

profitable enough that he expects it to keep growing at a high rate.

Actually, he says he expects it to increase 100 percent over the next

year.

”They’ve got these Web sites crafted,” says Sundermeier, who notes that

many of these fake sites, which also are called landing sites, are only

up for a matter of minutes. ”To create a phishing scam, unfortunately,

is fairly easy. You’re not dependent on a key logger or some sort of

spyware.”

The Corporate Side of the Issue

Ken Dunham, a senior engineer at Verisign-iDefense Intelligence based in

Reston, Va., notes that as phishing continues to worsen, IT managers are

increasingly put into a position to protect their end users from it.

Both Dunham and Lockhart say IT organizations have an obligation to train

end users how to protect themselves. While phishing attacks generally

don’t affect a company directly, the company’s ‘family’ of workers are at

risk. And teaching employees to beware of phishing scams is a natural

part of teaching them how to beware of spam, viruses, Trojans and

malicious Web sites. It just all fits together.

”We all know that if you do your user training, the main thing is about

attitudinal change,” says Dunham. ”It does change the approach that

people take to their life online. You tell them not to click on

hyperlinks. If they want to go to CNN.com, just type it into their

browser. Wouldn’t it be great if people get basic security training.”

Similar articles

Latest Articles

Top 10 Professional Services...

These are some of the best PSA tools for organizations of all sizes. What Is Professional Services Automation Software? Professional services automation (PSA) software aims to...

What is Data Aggregation?

Data aggregation is the process where raw data is gathered and presented in a summarized format for statistical analysis. The data may be gathered...

Dell APEX: Our...

One of the missteps IBM made last century was collapsing their sales model, which was services based, to generate a short-term revenue spike. Up...

Companies that Scaled Technology...

NEW YORK — Companies that “doubled down” on their investment in mostly data-heavy technology during the COVID-19 pandemic have seen their revenue grow five...