Phishers Focusing in on New Targets

Phishing attacks are the fastest growing type of Internet scam out there

today. And industry analysts say this nasty scheme shows no signs of

slowing down.

Phishing scams are increasingly intelligent and targeted, posing a more

harmful threat than ever before.

Phishing is one of the latest online financial scams plagueing online

users. Emails claiming to be from legitimate businesses, such as banks

and credit card companies, direct recipients to a replica of the actual

company’s Web site. Once they arrive at the site, victims are asked to

‘update’ their personal financial information, such as passwords, account

numbers and Social Security numbers. The information is then used to

steal the person’s identity, along with their money, and defraud

businesses.

Analysts say these scams quickly are becoming more effective and harder

to detect. The phishers’ intentions are changing, analysts say, and

becoming more malicious.

And phishers aren’t only posing as banks or credit card companies these

days. They’ve begun targeting health care organizations and electric

utilities.

”Last year was definitely the year of phishing,” says Scott Chasin,

chief technology officer of MX Logic, Inc., an e-mail defense solutions

firm out of Denver, Co. ”Phishing will continue to evolve to more

elaborate social engineering and have more malicious capabilities to dupe

victims.”

Chasin says the phishing attacks, which rely heavily on luring in victims

with warnings about the state of their finances, will soon be

overshadowed by pharming scams. In pharming attacks, Chasin says the

scammers will use sophisticated worms and viruses attached to Web

browsers to redirect users to spoofed Websites when they try to access

valid sites.

”This is a new era of stealth,” says Chasin. ”It is no longer the era

of teenage 1980’s egocentric hackers. Now, they are economically

motivated, which will continue to drive the sophistication.”

There are about 500 fake bank Websites being reported every week to the

Anti-Phishing Working Group, according to a study published by Ferris

Research, a San Francisco, Calif.-based industry research firm. The

report also shows that between August and November of 2004, phishing

attacks grew by 350 percent.

”Phishing is growing really fast,” says Richi Jennings, lead analyst of

spam and boundary services for Ferris, as well as the analyst in charge

of the study. ”It is a very serious problem.”

Michael Spooner, senior market analyst with Vircom, a Montreal-based

developer of secure e-mail management products, says they not only see

more phishing attacks now then in the past, but the scams are becoming

more focused on specific people and places.

”Scammers are realizing that people are growing savvy to financial

attacks,” says Spooner. ”They are now moving to other places like

health care.”

Phishers also are going after utilities, such as telephone and electric

companies.

”They can also target a specific group or even country,” Spooner adds,

referring to an instance when the Royal Bank of Canada’s computer system

froze. Phishers sent fake emails to all addresses ending in ”.ca” to

lure users into offering up their personal information.

A 2005 Vircom study reports that 33 percent of people who receive

phishing scams in their email inboxes click on links provided in the

emails. Phishers can generate between $100,000 and $200,000 in each of

these scams, the study states.

With phishers getting better at what they do, it’s vital for end users

and IT managers to be informed on how to detect and avoid the scams.

Advice for IT Managers