Wednesday, September 11, 2024

Phishing Attacks Escalating

Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Phishing attacks have reached a new height and it’s only expected to keep

increasing, according to Postini, Inc.

The email security company, which is based in Redwood City, Calif.,

reports finding 19,282,136 phishing attacks in July. That’s a 16 percent

increase compared to June.

”Clearly, we’re going to see more of this,” says Andrew Lockhart,

senior director of marketing for Postini. ”Phishing is still in its

infancy… If you’ve got the nerve for it and the talent for it, phishing

pays better than other types of spam. If you’re blasting out spam about

toner cartridges or herbal Viagra, maybe every sucker will part with 20

or 25 bucks. If you’re phishing, you’re looking at a potential payday of

hundreds of thousands of dollars.”

Lockhart points out that despite any increases, phishing attacks still

only make up about 1 percent of all spam. ”Plain old spam is just much

easier to do,” he adds.

Phishing is a scam in which the attacker, in an effort to pilfer personal

and financial information, sends out emails appearing to come from

legitimate e-commerce sites, such as banks. By duping the recipient into

handing over critical information, the attacker then steals the person’s

identity, taking money out of the bank or racking up credit card debt.

Steve Sundermeier, a vice president at Central Command, an anti-virus and

anti-spam company based in Medina, Ohio, says phishing is easy enough and

profitable enough that he expects it to keep growing at a high rate.

Actually, he says he expects it to increase 100 percent over the next

year.

”They’ve got these Web sites crafted,” says Sundermeier, who notes that

many of these fake sites, which also are called landing sites, are only

up for a matter of minutes. ”To create a phishing scam, unfortunately,

is fairly easy. You’re not dependent on a key logger or some sort of

spyware.”

The Corporate Side of the Issue

Ken Dunham, a senior engineer at Verisign-iDefense Intelligence based in

Reston, Va., notes that as phishing continues to worsen, IT managers are

increasingly put into a position to protect their end users from it.

Both Dunham and Lockhart say IT organizations have an obligation to train

end users how to protect themselves. While phishing attacks generally

don’t affect a company directly, the company’s ‘family’ of workers are at

risk. And teaching employees to beware of phishing scams is a natural

part of teaching them how to beware of spam, viruses, Trojans and

malicious Web sites. It just all fits together.

”We all know that if you do your user training, the main thing is about

attitudinal change,” says Dunham. ”It does change the approach that

people take to their life online. You tell them not to click on

hyperlinks. If they want to go to CNN.com, just type it into their

browser. Wouldn’t it be great if people get basic security training.”

Subscribe to Data Insider

Learn the latest news and best practices about data science, big data analytics, artificial intelligence, data security, and more.

Similar articles

Get the Free Newsletter!

Subscribe to Data Insider for top news, trends & analysis

Latest Articles