Phishing Attacks Growing Faster Than Infected E-mails

It was for the first time that the proportion of phishing attacks surpassed the number of Trojan or virus threats, disclosed MessageLabs. In its latest report MessageLabs has notified that 1 in 93 (i.e. 1.07%) e-mail dispatched in the month of January 2007 consisted of some kind of phishing attack. While the number of e-mails that contained Trojan horses or viruses was comparatively lower at 1 in 120 (i.e. 0.83%).

With the beginning of the New Year, levels of spam continue unabated, divulged Mark Sunner - MessageLabs' Chief Security Analyst - in a press release of the company. phishing attacks and malicious virus are seen increasing in sophistication & ability to elude various preventative technologies. Exasperated by the increased volume of spam, customers are certainly most susceptible to phishing attacks & Trojans.

Mark continued that phishing attacks are now becoming more sophisticated. For instance, miscreants now use man-in-the-middle attacks for circumventing the 2-factor authentication techniques employed by various organizations like PayPal.

One specific form of the man-in-the-middle attack attempts to evade 2-factor authentication via effective hijacking of user session. In this, users are tricked in to browsing spoofed portal that's hosted on a compromised PC. Information keyed in, for example bank details & codes, is sent through the commandeered PC to the real bank website. And, once the users validate themselves on real system via compromised relay, user connection is put to an end by the hacker who then commandeers the session.

Additionally, anti phishing technologies that are found in some web browsers are being sidestepped by these phishers. Scammers are using Flash instead of HTML content in their scamming sites to accomplish this.

Phishing e-mails are turning more personalized now, thereby making the game of scamming appear more believable for the user. Phishers send links that lead the recipients to spoof websites of banks actually used by intended victims as against randomly hitting a group.

"A continuous rise in the targeted nature of spam has been observed across the board as phishing becomes more personalized", said Sunner.

Related article: Phishing With A Redirector Code

» SPAMfighter News - 2/3/2007