The Anti-Phishing Work Group has recently released a report on the incidence of Phishing since the end of last year. There are significant developments in the trends seen as 78 brands were hijacked in the period, but only 8 comprised 80% of the attacks. The USA was the country hosting most of the phishing attacks in March but the average time for a phishing site to be online during the period was 5.8 days.
Overall, the growth seen from January to March of this year ran at nearly 11% for phishing sites, which is less than seen over the June 2004 to December 2004. The most targeted areas were the financial sectors and Internet Service Providers with 81% of the attacks seen targeting financial brands. Community banks and credit unions have been seen among the targeted brands, as well as global banks.
While the US has a lot of work to do to stop the phishing hosts, China and Korea have emerged as the other prominent hosting countries with 12% and 9 % respectively but over all 66 different countries were identified as hosting phishing sites.
Perhaps even more worrying than the incidence of phishing sites is the growth in the number of sites offering key logging code. The report lists 8-10 new key-logger variants from 100 different websites per week from February to March.
With phishing attacks comprising everything from apparent directives from banks for personal information to false virus reports from major manufacturers, the human element is still key to the phishing problem. Through education, users can be informed that a bank or financial institution will never ask for personal information via an unsecured communication medium such as email, including links from emails to sites that look for such information, however authentic they look. John Mooney, Sales and Business Development Manager for security company Renaissance, said ‘Typical users don’t understand today’s terminology, so it’s up to security experts to explain it, let’s call it for what it is, Fraud.’
A key finding of the report was that of the URLs used within the emails, 48% were IP address based as opposed to name based addresses at 31%, showing the lengths to which the phishers will go to obfuscate, covering their tracks.
Within Ireland, both the Bank of Ireland and Allied Irish Banks have been hit with phishing attacks. Most recently, the BOI experienced an attack that had replicated their 365online.com log in pages when a link from a branded email is clicked, prompting them to make an announcement warning of the deception. ‘Affected financial institutions are working hard to improve their online security and educate their customers’ added Mooney, ‘ and security companies are developing state of the art technologies to combat these threats.’
Subscribers 0
Fans 0
Followers 0
Followers