- In this report
- Overview
- Phishing
- Viruses
- Spam
- Spyware
- Social networking
- A safer net
- How criminals deceive
- Where criminals plot
- State of the Net
- Properly erasing hard drives
- Ways to stay safe online
- Canadian online security
| FORUMS |
ELECTRONICS FORUMS  Get real-world advice from others about choosing a new computer, printer, peripherals, etc. |
September 2007
Phishing: A growth industry
The e-mail looks like it comes from the Better Business Bureau. It says that a complaint has been filed against the company
you work for and directs you to a site, which downloads a keystroke logger that picks up your personal information and relays
it overseas. Millions of people have fallen for scams like this, purporting to come from financial services, Internet providers,
or retailers. A recent one phishing technique even hijacked the name of the Federal Trade Commission, which is responsible
for prosecuting e-mail fraud.
The Anti-Phishing Working Group says that the number of phishing sites stood at 37,000 in May. Roughly 23,000 attacks occurred in that month.
Scammers' phishing techniques are improving. "A year ago, phishing consisted of random spam," says Art Manion, a top vulnerability analyst for CERT, an Internet emergency-response group based at Carnegie Mellon University. "Today, the e-mail looks like it's from my bank or my company, with better grammar, more believable stories, and better URLs."
Popular social-engineering techniques that entrap consumers include associating the mail with a holiday or event, such as the World Cup; spear-phishing, where the sender appears to be someone inside the company you work for; or telling you that your bank account has been compromised, and then urging you to enter personal information into a fake site that looks like the bank's.
The profile of phishers is changing. "In 2002-2003, organized crime groups figured out this is a better way to make money than selling drugs," says Alan Paller, director of research at the SANS Institute, which trains security professionals. He adds that some terrorists are "exhorting young jihadists to use computers to bring the U.S. to its knees."
Solutions. Delete e-mail that asks you to enter personal information at a linked Web site. Access accounts directly through a browser, using your bookmark or by typing the institution's Web address.
Financial institutions are beefing up security against phishing techniques. Bank of America and Vanguard now ask customers to select a personalized image or phrase to appear whenever they access the site to let them know that the site is the real thing.
The Anti-Phishing Working Group says that the number of phishing sites stood at 37,000 in May. Roughly 23,000 attacks occurred in that month.
Scammers' phishing techniques are improving. "A year ago, phishing consisted of random spam," says Art Manion, a top vulnerability analyst for CERT, an Internet emergency-response group based at Carnegie Mellon University. "Today, the e-mail looks like it's from my bank or my company, with better grammar, more believable stories, and better URLs."
Popular social-engineering techniques that entrap consumers include associating the mail with a holiday or event, such as the World Cup; spear-phishing, where the sender appears to be someone inside the company you work for; or telling you that your bank account has been compromised, and then urging you to enter personal information into a fake site that looks like the bank's.
The profile of phishers is changing. "In 2002-2003, organized crime groups figured out this is a better way to make money than selling drugs," says Alan Paller, director of research at the SANS Institute, which trains security professionals. He adds that some terrorists are "exhorting young jihadists to use computers to bring the U.S. to its knees."
Solutions. Delete e-mail that asks you to enter personal information at a linked Web site. Access accounts directly through a browser, using your bookmark or by typing the institution's Web address.
Financial institutions are beefing up security against phishing techniques. Bank of America and Vanguard now ask customers to select a personalized image or phrase to appear whenever they access the site to let them know that the site is the real thing.
