Phishing Attacks Escalating

Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  
Phishing attacks have reached a new height and it's only expected to keepincreasing, according to Postini, Inc.

The email security company, which is based in Redwood City, Calif.,reports finding 19,282,136 phishing attacks in July. That's a 16 percentincrease compared to June.

''Clearly, we're going to see more of this,'' says Andrew Lockhart,senior director of marketing for Postini. ''Phishing is still in itsinfancy... If you've got the nerve for it and the talent for it, phishingpays better than other types of spam. If you're blasting out spam abouttoner cartridges or herbal Viagra, maybe every sucker will part with 20or 25 bucks. If you're phishing, you're looking at a potential payday ofhundreds of thousands of dollars.''

Lockhart points out that despite any increases, phishing attacks stillonly make up about 1 percent of all spam. ''Plain old spam is just mucheasier to do,'' he adds.

Phishing is a scam in which the attacker, in an effort to pilfer personaland financial information, sends out emails appearing to come fromlegitimate e-commerce sites, such as banks. By duping the recipient intohanding over critical information, the attacker then steals the person'sidentity, taking money out of the bank or racking up credit card debt.

Steve Sundermeier, a vice president at Central Command, an anti-virus andanti-spam company based in Medina, Ohio, says phishing is easy enough andprofitable enough that he expects it to keep growing at a high rate.Actually, he says he expects it to increase 100 percent over the nextyear.

''They've got these Web sites crafted,'' says Sundermeier, who notes thatmany of these fake sites, which also are called landing sites, are onlyup for a matter of minutes. ''To create a phishing scam, unfortunately,is fairly easy. You're not dependent on a key logger or some sort ofspyware.''

The Corporate Side of the Issue

Ken Dunham, a senior engineer at Verisign-iDefense Intelligence based inReston, Va., notes that as phishing continues to worsen, IT managers areincreasingly put into a position to protect their end users from it.

Both Dunham and Lockhart say IT organizations have an obligation to trainend users how to protect themselves. While phishing attacks generallydon't affect a company directly, the company's 'family' of workers are atrisk. And teaching employees to beware of phishing scams is a naturalpart of teaching them how to beware of spam, viruses, Trojans andmalicious Web sites. It just all fits together.

''We all know that if you do your user training, the main thing is aboutattitudinal change,'' says Dunham. ''It does change the approach thatpeople take to their life online. You tell them not to click onhyperlinks. If they want to go to, just type it into theirbrowser. Wouldn't it be great if people get basic security training.''


Loading Comments...