Modernizing Authentication — What It Takes to Transform Secure Access
Phishing scams are increasingly intelligent and targeted, posing a more harmful threat than ever before.
Phishing is one of the latest online financial scams plagueing online users. Emails claiming to be from legitimate businesses, such as banks and credit card companies, direct recipients to a replica of the actual company's Web site. Once they arrive at the site, victims are asked to 'update' their personal financial information, such as passwords, account numbers and Social Security numbers. The information is then used to steal the person's identity, along with their money, and defraud businesses.
Analysts say these scams quickly are becoming more effective and harder to detect. The phishers' intentions are changing, analysts say, and becoming more malicious.
''Last year was definitely the year of phishing,'' says Scott Chasin, chief technology officer of MX Logic, Inc., an e-mail defense solutions firm out of Denver, Co. ''Phishing will continue to evolve to more elaborate social engineering and have more malicious capabilities to dupe victims.''
Chasin says the phishing attacks, which rely heavily on luring in victims with warnings about the state of their finances, will soon be overshadowed by pharming scams. In pharming attacks, Chasin says the scammers will use sophisticated worms and viruses attached to Web browsers to redirect users to spoofed Websites when they try to access valid sites.
''This is a new era of stealth,'' says Chasin. ''It is no longer the era of teenage 1980's egocentric hackers. Now, they are economically motivated, which will continue to drive the sophistication.''
There are about 500 fake bank Websites being reported every week to the Anti-Phishing Working Group, according to a study published by Ferris Research, a San Francisco, Calif.-based industry research firm. The report also shows that between August and November of 2004, phishing attacks grew by 350 percent.
''Phishing is growing really fast,'' says Richi Jennings, lead analyst of spam and boundary services for Ferris, as well as the analyst in charge of the study. ''It is a very serious problem.''
Michael Spooner, senior market analyst with Vircom, a Montreal-based developer of secure e-mail management products, says they not only see more phishing attacks now then in the past, but the scams are becoming more focused on specific people and places.
''Scammers are realizing that people are growing savvy to financial attacks,'' says Spooner. ''They are now moving to other places like health care.''
Phishers also are going after utilities, such as telephone and electric companies.
''They can also target a specific group or even country,'' Spooner adds, referring to an instance when the Royal Bank of Canada's computer system froze. Phishers sent fake emails to all addresses ending in ''.ca'' to lure users into offering up their personal information.
A 2005 Vircom study reports that 33 percent of people who receive phishing scams in their email inboxes click on links provided in the emails. Phishers can generate between $100,000 and $200,000 in each of these scams, the study states.
With phishers getting better at what they do, it's vital for end users and IT managers to be informed on how to detect and avoid the scams.
Advice for IT Managers
Advice for End Users
The Future of Phishing
Analysts agree that IT managers and end users will continue to battle with phishers.
''Phishing scams are a lot more diabolical now and it is becoming a lot easier to scam people,'' says Spooner. ''Phishers are very good at knowing what is going on in the world.'' Spooner points out that phishers are taking advantage of world events, such as the tsunami disaster in Asia.
''Any major event will now have a phishing scam with it,'' says Spooner.
Jennings says banks, credit card companies and other industries are putting a lot of effort into fighting the problem and will have to continue the effort over the next few years.
''There will have to be a constant education to customers, saying, 'We will never ask you for this kind of information over email,' '' says Jennings.
Spooner says to expect some anti-phishing legislation to be enacted over the next year or two. He also thinks there will be more phishing-related prosecutions. And new digital identification technologies also will start to hit the market.
''Both technology and legislation will be fighting phishing,''Spooner adds.