11/19/2010 1:51:18 PM

Spam Down, Phishing Up.

Symantec reports that global spam has declined 50 per cent since August this year, while Phishing attacks on social media websites have increased by 80 per cent. Why, I hear you ask.

 

Automated toolkits have contributed to the rise of Phishing attacks, while bogus sites trick users into giving away their usernames and passwords, along with financial information, on occasion.

 

With Christmas around the corner Symantec is already seeing the annual splurge via websites offering products for sale, masquerading as legitimate websites from well known brands.

 

The most basic phishing attacks come in the form of a counterfeit email purporting to be from a legitimate source. The Washington Mutual Bank attack involved fraudulent emails, from a malicious source rather than the bank itself, asking customers for their ATM card details. The plausible (and false) motive customers were given was that the "bank" needed to update its own security measures. Doubtless the irony was not lost on some.

 

Urgency is a valuable weapon for fraudsters who need to capture as much data as they can before their attack is exposed. Sometimes extra urgency is applied to these attacks through a suggestion that failure to provide the required confidential details will result in account suspension - for example, the SunTrust scam, which included the company's logo.

 

eBay is often a target. Indeed I have received such an email, stating that a billing error has been made and asking me to log in to verify the changes.

 

Phishing

 

eBay's sister company PayPal is also targeted frequently, indeed eBay and PayPal were two of the earliest targets of Phishing attacks. PayPal account holders have been contacted via a fraudulent email (such as the one below) purporting to be from PayPal. The email informs the victim that somebody from a 'foreign IP address' attempted to login to their account. They are prompted to login via a link provided. Hopefully it goes without saying that clicking on the link takes you to the attacker's website. The perniciousness of these attacks is that they trade on the good name of reputable and robust brands, in these cases eBay and PayPal - and that, of course, is the crux of the Phishing methodology - it exploits trust.

 

Phishing

 

So, if you want a very merry Christmas, buy a loved one a decent bit of software that will protect them from such attacks - there are plenty of options out there from Norton to Kaspersky and Trend Micro. Client-based anti-phishing programs also exist, for example Safari, Firefox, Windows Explorer.

 

Whatever you decide to do, do something and have a happy Phish-free Christmas!

 

Damian Hicklin

IT Security & Communications Manager

Follow me on Twitter

ARM

Share Share / Bookmark Subscribe to this post's comments using RSS

Comments

Add a Comment
  • Security Verification:
    Type the numbers you see in the picture below.
    Type the numbers you see in this picture.

Other News

Growth in number of employers planning to take on more staff
Recruiters back REC’s VMS Code of Practice
REC response to ONS employment figures
Report on Jobs: Permanent placements growth picks up, but temp billings fall in April
Queen's Speech: REC response
REC launch new quality standard for recruitment in education
REC launches new Legal Partners scheme
Labour sets out their proposals for the economy
Source: The REC - rec.uk.com