14 May 2004

Phishing Expeditions Are Multiplying

Phishing Expeditions Are Multiplying:

SurfControl says the scams have increased nearly 500% since January--and they're getting more sophisticated, too.

By TechWeb News

More bad news about phishing attacks arrived Friday via message filtering firm SurfControl when it unveiled numbers showing the scams have increased nearly 500% since January.

Phishing attacks are spam messages that pose as legitimate mail from big-name banks, credit-card companies, and retailers. Links within the messages try to entice recipients to visit bogus Web sites, where they're told that their account information needs to be updated. Users who fall for the con divulge personal financial information, as credit-card and bank-account numbers, which is used by the attacker to siphon funds, purchase goods, or steal identities.

The number of unique scams spotted by SurfControl has grown 477%, from 33 to 155 in the first five months of this year, according to Susan Larson, SurfControl's VP of global content. In the last 12 months, she added, phishing scams have rocketed by more than 5,000%--from three in May 2003, to 155 in 2004).

Other phishing watchers have noted an even more dramatic rise in the raw numbers of phishing messages. In April, for instance, MessageLabs said it had seen phishing messages skyrocket from just 279 in September 2003, to 215,643 in March 2004.

The latest dodge, which targets US Bank customers, is one of the most sophisticated SurfControl has yet seen, Larson said. The US Bank scam asks customers to verify and update their online bank accounts-- nothing out of the ordinary there--but the hackers have used Javascript code to overlay a fake address bar that shows the real US Bank URL on the browser's real address bar.

Larson said the new tactic makes the spoof more realistic than earlier phishing attacks, which exploited an Internet Explorer bug to display the URL of the spoofed company. A patch exists for the flaw, but the new technique can target even those systems that have been patched.

According to Gartner, victims of phishing attacks are three times more likely to suffer some form of identity theft than the general population."

No comments:

Post a Comment