• Be suspicious of any email with urgent requests for personal financial information

• Don't use the links in an email to get to any web page, if you suspect the message might not be authentic.

• Avoid filling out forms in email messages that ask for personal financial information

• Always ensure that you're using a secure website when submitting credit card or other sensitive information via your Web browser

• Consider installing a Web browser tool bar to help protect you from known phishing fraud websites

• Regularly log into your online accounts

• Regularly check your bank, credit and debit card statements to ensure that all transactions are legitimate

• Ensure that your browser is up to date and security patches applied

Source: Anti Phishing Working Group

Password Stealing Malicious Code Unique Applications

Phishing Reports

As number of phishing reports dropped marginally in July '05, the number of reportedly phished brands dropped to 71 from a high of 107 in May '05. However, phishers are spreading their nets, and are moving away from some traditional larger targets, and hitting a wider base of smaller financial institutions.

Quick Bytes

• According to a Gartner report, 33% of online shoppers are buying fewer items due to concerns about online fraud, and 75% are more cautious about where they shop online. Between May 2004 and May 2005, about 73 mn consumers received e-mail phishing attacks, up 28% from 57 mn received between April 2003 and April 2004. 2.4 mn consumers have reported losing money directly due to phishing attacks; of those consumers, half lost a combined $929 mn in the 12 months preceding the survey.
• According to IDC estimates, the financial sector has been the consistent target for 80% of the phishing attacks. In another report by IDC, 67% of desktops are infected by Spyware.
• Companies that are up in arms after being targeted: Paypal, eBay, Citizens Bank, Bank Of America, MSN, Amazon.com, VISA, Citibank, Lloyds TSB, Yahoo, US Bank, Microsoft and AOL among others.
• Hurricane Katrina has spawned more than misery and destruction-a new wave of scam e-mails and Web sites are exploiting the tragedy. If users click on the link contained inside the e-mail, they are taken to a malicious Web site which will try and infect their computer. Other bogus e-mails are circulating asking people to aid hurricane victims and their families by clicking on a PayPal button to make a donation.

Total Security Services Market during 2004-05 (by pure-play services Vendors)

Increased security threats amid lots of malware detection helped push the market

Some Threats & Attacks (2004-05)

Virus Outbreak

• The mass-mailing worm programs BAGLE, MYDOOM and NETSKY caused a majority of the virus outbreaks for 2004-05. The BAGLE worm caused 15 outbreaks, while NETSKY caused 7 and MYDOOM, 3.

• The aggressive clampdown on authors of malicious worm programs that led to the arrest of the SASSER worm author on May 8, 2004 helped lessen the successive virus outbreaks.

Malware

• There were a total 16,880 malware detections. Expectedly, Trojans, at 33% of all malware, comprised the bulk of detections.

• There were more than 5,000 Trojan detections, 45% of which were from actual customer submissions (real-time sample submission and case handling).

Profit-Driven Attacks

• The year 2004 saw an increase in profit-driven attacks with the proliferation of bot programs, increased phishing attacks and alarming growth of spam volume.

• A total of 2,830 bot programs were documented making up more than 35% of the total number of newly discovered malware detections for the whole year.

• Spam volume swelled to comprise 60% of all email messages. A total of 1,681,773 spam mails were registered globally in 2004, 35% of which were financial-related, while another 20% fell under the health category.

• July generated the most number of phishing mail incidence with 2,932 received samples, which was a huge leap from the total of 104 phishing mails recorded in May.

Source: Trend Micro

Phishing and Pharming Murky Waters

Phishing is derived from "fishing"-a social engineering attack attempting to trick users into revealing personal information like passwords and credit card numbers. E-mails masquerading as official messages from banks are typical tools used by phishers.

Phishing scams hooked unwary Internet users one by one to divulge data. But pharming threatens to reel-in entire schools of victims. Pharming (from farming) exploits the DNS-the Internet system that translates a computer name into an Internet Protocol (IP) address.

A computer with a compromised host file will go to the wrong website even if the user types the correct URL. More alarming is DNS poisoning where the Domain Name System directory is 'poisoned' and csan cause large groups of users to be herded to fraudulent look-alike sites.

Page(s)   1