Phishing Expeditions Are Multiplying:
SurfControl says the scams have increased nearly 500% since January--and they're getting more sophisticated, too.
By TechWeb News
More bad news about phishing attacks arrived Friday via message filtering firm SurfControl when it unveiled numbers showing the scams have increased nearly 500% since January.
Phishing attacks are spam messages that pose as legitimate mail from big-name banks, credit-card companies, and retailers. Links within the messages try to entice recipients to visit bogus Web sites, where they're told that their account information needs to be updated. Users who fall for the con divulge personal financial information, as credit-card and bank-account numbers, which is used by the attacker to siphon funds, purchase goods, or steal identities.
The number of unique scams spotted by SurfControl has grown 477%, from 33 to 155 in the first five months of this year, according to Susan Larson, SurfControl's VP of global content. In the last 12 months, she added, phishing scams have rocketed by more than 5,000%--from three in May 2003, to 155 in 2004).
Other phishing watchers have noted an even more dramatic rise in the raw numbers of phishing messages. In April, for instance, MessageLabs said it had seen phishing messages skyrocket from just 279 in September 2003, to 215,643 in March 2004.
Larson said the new tactic makes the spoof more realistic than earlier phishing attacks, which exploited an Internet Explorer bug to display the URL of the spoofed company. A patch exists for the flaw, but the new technique can target even those systems that have been patched.
According to Gartner, victims of phishing attacks are three times more likely to suffer some form of identity theft than the general population."