IT Management: Security
by Antony Savvas
Friday 25 February 2005
Phishing onslaught gets smarter
Phishing attacks are spiralling, with criminals using increasingly
sophisticated techniques to compromise users' systems.
The industry-backed Anti-Phishing Working Group (APWG) received reports
of 12,845 new phishing e-mail messages during January, a 42% increase
on December.
There has now been 30% average monthly growth in phishing since last
July, when the APWG had reports of 2,625 unique phishing e-mails.
Phishing is a type of fraud in which criminals send users e-mails
purporting to be from brand-name companies with a web link supposedly
leading to a trusted website.
Once entering the site, users will be asked to reveal sensitive
information, such as passwords for online banking accounts.
Financial services companies remain the prime targets for phishing
scams, with 80% of such e-mails sent to potential online financial
services users.
Many e-mails are sent to users who don't even have an online banking
or financial services account.
The UK remains outside the top 10 hosting nations for phishing scams.
The US is still the top phishing country, hosting 32% of attacks.
According to the APWG, January saw an increase in "blended" phishing
attacks, combining links to rogue sites, worms, viruses and spyware to
log users' keystrokes.
The APWG said, "Password-stealing trojans are not just coming through
e-mail. We have seen multiple attacks through Microsoft MSN Messenger
instant messaging, where trojan horses and password-stealing keyloggers
are run."
The APWG reported that vulnerabilities in unpatched browsers were also
an increasing problem. The open source Mozilla Foundation patched its
own Firefox browser against one such vulnerability earlier this week.
|
Similar Threads
Linear Mode
