Posted: 20th Jun, 2007 By: MarkJ
What is
phishing? If you can't answer that then you're not alone because 46% of the UK is unable to identify it with you. The research from PayPal also found that 42% of people would feel uncomfortable trying to explain it to somebody else.
Phishing defines situations where a website or e-mail have been altered or specifically created (spoofed) with the intention of stealing your personal and financial details. Fake e-mails from 'PayPal' or various banks are common targets, with the URL you follow taking you to a clone of the original website.
Unfortunately new website browsing technologies from Mozilla (Firefox v2) and Microsoft (Internet Explorer v7), which had been developed to help combat this growing problem, are reportedly failing to do so:
Although the vendors behind those browser claim to be succesful in stopping the
phishing attacks, this hasn't lead to a decrease in the amount of
phishing emails, David Jevans, chairman of the Anti-Phishing Working Group (APWG) chief executive for security firm IronKey said at a meeting with reporters in San Francisco.
Insted criminals have wised-up to blacklists by registering a new domain for each
phishing run. The result, claims Jevans, is an explosion in the number of unique
phishing domains recorded. Up from 11,976 a year ago to 37,438 last month, according to APWG records.
The long term solution, suggests Jevans, is for a new system to be established that would allow for both web sites and e-mails to be authenticated. Such a system, however, would require the cooperation of every major ISP, software vendor, and hosting service, a monumentally expensive undertaking that Jevans admits is not likely to happen any time soon.
The Australian
Secure Computing magazine piece also echoes a similar report from security experts McAfee, which showed that
phishing was on the rise:
"
As we approach the midyear mark, we wanted to check on our crystal ball gazing skills," said Jeff Green, senior vice president of McAfee Avert Labs and product development. "
As we predicted, professional and organized criminals continue to drive a lot of the malicious activity on the Net. However, we were surprised that mobile malware and image spam tapered off."
Password-stealing Web sites are on the riseThe number of
phishing Web sites continues to rise exponentially. McAfee Avert Labs saw a 784 percent increase in
phishing Web sites in the first quarter of 2007, with no slowdown in sight. These Web sites typically use fake sign-in pages for popular online services such as online auctions sites, online payment processors or online banking. Avert Labs anticipates increasing abuse of sites meant for online collaboration such as wiki pages and online applications. Even Internet archive sites will suffer.
Spam, particularly image spam, is on the riseThe total amount of spam caught in McAfee Avert Labs' traps has stayed fairly flat during the first part of the year. Image spam accounted for up to 65 percent of all spam at the beginning of 2007. It has actually dropped recently. Image spam is junk e-mail that includes an image instead of just text. It is used typically to advertise stocks, pharmaceuticals and degrees. The image can triple the size of a single message. This causes a significant increase in the bandwidth used by spam messages. In November 2006, image spam accounted for up to 40 percent of the total spam received. It was less than ten percent a year earlier.
McAfee has also cautioned surfers to be careful of new video sharing websites, such as the site for a French rock band where hackers used an exploit in the QuickTime videos they offered to infect viewers.