Establishing Digital Trust: Don't Sacrifice Security for Convenience
Phishing scams are increasingly intelligent and targeted, posing a moreharmful threat than ever before.
Phishing is one of the latest online financial scams plagueing onlineusers. Emails claiming to be from legitimate businesses, such as banksand credit card companies, direct recipients to a replica of the actualcompany's Web site. Once they arrive at the site, victims are asked to'update' their personal financial information, such as passwords, accountnumbers and Social Security numbers. The information is then used tosteal the person's identity, along with their money, and defraudbusinesses.
Analysts say these scams quickly are becoming more effective and harderto detect. The phishers' intentions are changing, analysts say, andbecoming more malicious.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i And phishers aren't only posing as banks or credit card companies thesedays. They've begun targeting health care organizations and electricutilities.
''Last year was definitely the year of phishing,'' says Scott Chasin,chief technology officer of MX Logic, Inc., an e-mail defense solutionsfirm out of Denver, Co. ''Phishing will continue to evolve to moreelaborate social engineering and have more malicious capabilities to dupevictims.''
Chasin says the phishing attacks, which rely heavily on luring in victimswith warnings about the state of their finances, will soon beovershadowed by pharming scams. In pharming attacks, Chasin says thescammers will use sophisticated worms and viruses attached to Webbrowsers to redirect users to spoofed Websites when they try to accessvalid sites.
''This is a new era of stealth,'' says Chasin. ''It is no longer the eraof teenage 1980's egocentric hackers. Now, they are economicallymotivated, which will continue to drive the sophistication.''
There are about 500 fake bank Websites being reported every week to theAnti-Phishing Working Group, according to a study published by FerrisResearch, a San Francisco, Calif.-based industry research firm. Thereport also shows that between August and November of 2004, phishingattacks grew by 350 percent.
''Phishing is growing really fast,'' says Richi Jennings, lead analyst ofspam and boundary services for Ferris, as well as the analyst in chargeof the study. ''It is a very serious problem.''
Michael Spooner, senior market analyst with Vircom, a Montreal-baseddeveloper of secure e-mail management products, says they not only seemore phishing attacks now then in the past, but the scams are becomingmore focused on specific people and places.
''Scammers are realizing that people are growing savvy to financialattacks,'' says Spooner. ''They are now moving to other places likehealth care.''
Phishers also are going after utilities, such as telephone and electriccompanies.
''They can also target a specific group or even country,'' Spooner adds,referring to an instance when the Royal Bank of Canada's computer systemfroze. Phishers sent fake emails to all addresses ending in ''.ca'' tolure users into offering up their personal information.
A 2005 Vircom study reports that 33 percent of people who receivephishing scams in their email inboxes click on links provided in theemails. Phishers can generate between $100,000 and $200,000 in each ofthese scams, the study states.
With phishers getting better at what they do, it's vital for end usersand IT managers to be informed on how to detect and avoid the scams.
Advice for IT Managers
Advice for End Users
The Future of Phishing
Analysts agree that IT managers and end users will continue to battlewith phishers.
''Phishing scams are a lot more diabolical now and it is becoming a loteasier to scam people,'' says Spooner. ''Phishers are very good atknowing what is going on in the world.'' Spooner points out that phishersare taking advantage of world events, such as the tsunami disaster inAsia.
''Any major event will now have a phishing scam with it,'' says Spooner.
Jennings says banks, credit card companies and other industries areputting a lot of effort into fighting the problem and will have tocontinue the effort over the next few years.
''There will have to be a constant education to customers, saying, 'Wewill never ask you for this kind of information over email,' '' saysJennings.
Spooner says to expect some anti-phishing legislation to be enacted overthe next year or two. He also thinks there will be more phishing-relatedprosecutions. And new digital identification technologies also will startto hit the market.
''Both technology and legislation will be fighting phishing,''Spooneradds.