Report Suggests Change in Internet Crime
Tactics - Phishing
July 4th 2005
Internet criminals have become more focused on monetary gain than
malfeasance according to the cyber defense company Symantec. In one of
the most comprehensive resources of Internet threat data in the world,
the Internet security firm said “Threats <are> increasingly motivated by
profit and desire to perpetrate criminal acts.”
The Symantec report covered the six-month period from January 1 to June
30, 2005. They identified new methods of using malicious code for
financial gain and an increasing frequency to target desktops rather
than enterprise perimeters.
"Attackers are moving away from large, multipurpose attacks on network
perimeters and toward smaller, more targeted attacks directed at Web and
client-side applications," said Arthur Wong, vice president of Symantec
Security Response and Managed Security Services. "As the threat
landscape continues to change, users need to be diligent in keeping
systems up-to-date with security patches and security solutions."
appears these attackers are after identities or other personal
information like credit card numbers, bank passwords, Paypal account
information and other data for financial gain. The report found that
phishing attacks “continue to proliferate”. These are attacks where
emails are sent out prompting a user to click on a link to update their
personal information with a particular company.
The user may then click on the link arriving at a page that looks just
like the financial institution or company. They will include the logo,
and may even be able to fake the URL at the top of your browser.
Others may use a similar name to the target website or incorporate their
name therein. For instance a website may have the domain name Paypal-login.com.
This might fool some of the email recipients and they may actually type
their password into the password field on the web page. This will give
the criminal entry into the real Paypal account.
You may have received email from a bank you have never heard of. They
are looking for those few uninformed customers of that bank to login and
pilfer. Some sites have been able to get a users complete identity
including their social security number. This will aid in their efforts
to seal the identity of the individual (i.e. identity theft).
The culprits of these illegal acts are aided by web hosting companies
like Yahoo. In fact, according to Steve Linford at the Spam / phishing
prevention company Spamhaus, Yahoo stands out from the rest. He told
Best Syndication "Other web hosts, especially the large firms, have
abuse departments that react quickly when notified of spammers on their
networks. It is very rare for example for a bank phishing site to remain
active on Verio, Godaddy, etc., as they react quickly as soon as they're
notified of spam sites. The problem with Yahoo is that they react
slowly, if at all, and the spammers (and in particular the phishers)
therefore see Yahoo as a safe place to put such sites."
Steve went on to tell us "When Internet users complain to Yahoo, they
are too often told "the spam did not originate from Yahoo so we can't do
anything" ignoring the fact the spam is advertising a live bank phishing
site hosted by Yahoo's web hosting service which, for every hour it is
left up and running is emptying the bank accounts of thousands of people
who believe it is their real bank asking for their account passwords."
According to the Semantic report “The volume of phishing messages grew
from an average of 2.99 million messages a day to 5.70 million. One out
of every 125 e-mail messages scanned by Symantec Brightmail AntiSpam was
a phishing attempt, an increase of 100 percent from the last half of
2004. Symantec Brightmail AntiSpam antifraud filters were blocking more
than 40 million phishing attempts per week on average, up from
approximately 21 million per week at the beginning of January.”
Comment on this story
Submit your own article
Best Syndication Staff Writer
Keywords and misspellings: spamhaus
spamhause spamhouse yahoo domain domane phishing phish phisher
fishing pfishing Virus fishing phishing trojan