Phishers Focusing in on New Targets

Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  
Phishing attacks are the fastest growing type of Internet scam out theretoday. And industry analysts say this nasty scheme shows no signs ofslowing down.

Phishing scams are increasingly intelligent and targeted, posing a moreharmful threat than ever before.

Phishing is one of the latest online financial scams plagueing onlineusers. Emails claiming to be from legitimate businesses, such as banksand credit card companies, direct recipients to a replica of the actualcompany's Web site. Once they arrive at the site, victims are asked to'update' their personal financial information, such as passwords, accountnumbers and Social Security numbers. The information is then used tosteal the person's identity, along with their money, and defraudbusinesses.

Analysts say these scams quickly are becoming more effective and harderto detect. The phishers' intentions are changing, analysts say, andbecoming more malicious.

And phishers aren't only posing as banks or credit card companies thesedays. They've begun targeting health care organizations and electricutilities.

''Last year was definitely the year of phishing,'' says Scott Chasin,chief technology officer of MX Logic, Inc., an e-mail defense solutionsfirm out of Denver, Co. ''Phishing will continue to evolve to moreelaborate social engineering and have more malicious capabilities to dupevictims.''

Chasin says the phishing attacks, which rely heavily on luring in victimswith warnings about the state of their finances, will soon beovershadowed by pharming scams. In pharming attacks, Chasin says thescammers will use sophisticated worms and viruses attached to Webbrowsers to redirect users to spoofed Websites when they try to accessvalid sites.

''This is a new era of stealth,'' says Chasin. ''It is no longer the eraof teenage 1980's egocentric hackers. Now, they are economicallymotivated, which will continue to drive the sophistication.''

There are about 500 fake bank Websites being reported every week to theAnti-Phishing Working Group, according to a study published by FerrisResearch, a San Francisco, Calif.-based industry research firm. Thereport also shows that between August and November of 2004, phishingattacks grew by 350 percent.

''Phishing is growing really fast,'' says Richi Jennings, lead analyst ofspam and boundary services for Ferris, as well as the analyst in chargeof the study. ''It is a very serious problem.''

Michael Spooner, senior market analyst with Vircom, a Montreal-baseddeveloper of secure e-mail management products, says they not only seemore phishing attacks now then in the past, but the scams are becomingmore focused on specific people and places.

''Scammers are realizing that people are growing savvy to financialattacks,'' says Spooner. ''They are now moving to other places likehealth care.''

Phishers also are going after utilities, such as telephone and electriccompanies.

''They can also target a specific group or even country,'' Spooner adds,referring to an instance when the Royal Bank of Canada's computer systemfroze. Phishers sent fake emails to all addresses ending in ''.ca'' tolure users into offering up their personal information.

A 2005 Vircom study reports that 33 percent of people who receivephishing scams in their email inboxes click on links provided in theemails. Phishers can generate between $100,000 and $200,000 in each ofthese scams, the study states.

With phishers getting better at what they do, it's vital for end usersand IT managers to be informed on how to detect and avoid the scams.

Advice for IT Managers

  • Educate employees about what to watch out for, both in the officeand on their home machines;
  • Keep abreast of changes in legislation that could affect yourbusiness, and
  • Install good anti-spam and anti-virus filters in your network. Andbe aware of what is happening in the anti-virus industry.

    Advice for End Users

  • Never click on a link supplied in an email that supposedly comesfrom any company or organization. If your bank needs to contact you,they'll call.
  • Always access financial and other Websites by typing in the Webaddress the organization provided you with, or via a bookmarked URL.
  • Never respond to an unsolicited email.
  • If you are unsure about the legitimacy of an email, call the bank orcompany that sent it to verify. Check the company's Website fordisclaimers against sending out such emails.

  • Make sure you have anti-spyware software on your PC and keep itupdated.
  • Be Web-savvy. Look for ''calls to action'' in an email. Mostphishing scams include prompts to do something immediately or the userwill suffer a financial loss. Phishers want the person to react withoutthinking.
  • Always think twice before opening any email. Think about where it iscoming from, who sent it and why they sent it.

    The Future of Phishing

    Analysts agree that IT managers and end users will continue to battlewith phishers.

    ''Phishing scams are a lot more diabolical now and it is becoming a loteasier to scam people,'' says Spooner. ''Phishers are very good atknowing what is going on in the world.'' Spooner points out that phishersare taking advantage of world events, such as the tsunami disaster inAsia.

    ''Any major event will now have a phishing scam with it,'' says Spooner.

    Jennings says banks, credit card companies and other industries areputting a lot of effort into fighting the problem and will have tocontinue the effort over the next few years.

    ''There will have to be a constant education to customers, saying, 'Wewill never ask you for this kind of information over email,' '' saysJennings.

    Spooner says to expect some anti-phishing legislation to be enacted overthe next year or two. He also thinks there will be more phishing-relatedprosecutions. And new digital identification technologies also will startto hit the market.

    ''Both technology and legislation will be fighting phishing,''Spooneradds.

  • Submit a Comment

    Loading Comments...