11/19/2010 1:51:18 PM
Spam Down, Phishing Up.
Symantec reports that global spam has declined 50 per cent since
August this year, while Phishing attacks on social media websites
have increased by 80 per cent. Why, I hear you ask.
Automated toolkits have contributed to the rise of Phishing
attacks, while bogus sites trick users into giving away their
usernames and passwords, along with financial information, on
With Christmas around the corner Symantec is already seeing the
annual splurge via websites offering products for sale,
masquerading as legitimate websites from well known brands.
The most basic phishing attacks come in the form of a
counterfeit email purporting to be from a legitimate source. The
Washington Mutual Bank attack involved fraudulent emails, from a
malicious source rather than the bank itself, asking customers for
their ATM card details. The plausible (and false) motive customers
were given was that the "bank" needed to update its own security
measures. Doubtless the irony was not lost on some.
Urgency is a valuable weapon for fraudsters who need to capture
as much data as they can before their attack is exposed. Sometimes
extra urgency is applied to these attacks through a suggestion that
failure to provide the required confidential details will result in
account suspension - for example, the SunTrust scam, which included
the company's logo.
eBay is often a target. Indeed I have received such an email,
stating that a billing error has been made and asking me to log in
to verify the changes.
eBay's sister company PayPal is also targeted frequently, indeed
eBay and PayPal were two of the earliest targets of Phishing
attacks. PayPal account holders have been contacted via a
fraudulent email (such as the one below) purporting to be from
PayPal. The email informs the victim that somebody from a 'foreign
IP address' attempted to login to their account. They are prompted
to login via a link provided. Hopefully it goes without saying that
clicking on the link takes you to the attacker's website. The
perniciousness of these attacks is that they trade on the good name
of reputable and robust brands, in these cases eBay and PayPal -
and that, of course, is the crux of the Phishing methodology - it
So, if you want a very merry Christmas, buy a loved one a decent
bit of software that will protect them from such attacks - there
are plenty of options out there from Norton to Kaspersky and Trend
Micro. Client-based anti-phishing programs also exist, for example
Safari, Firefox, Windows Explorer.
Whatever you decide to do, do something and have a happy
Security & Communications Manager
Follow me on Twitter