Phishing Evolves to More Personalized Attacks

According to a news published by NETWORKWORLD on December 18, 2008, internet scammers started encountering severe difficulties with their spamming operations sometime around April 2008 when they began realizing that their fraudulent "phishing" e-mails were being increasingly blocked.

The reports further state that security investigators spent 2007 in closely scrutinizing botnets or networks of bot-infected PCs and gradually became very good in blocking a lot of phony e-mail messages that were being distributed from those infected systems. However, phishers then started scamming with spear phishing assaults, according to the security specialists.

Further, the security specialists state that spear phishing is an advanced form of targeted phishing. According to them, unlike conventional spam where e-mail filters block most of the spam, personalized spam, referred to as "spear phishing", e-mails often slip unhindered. They are dispatched in smaller bunches and mostly emerge from e-mail accounts that criminals create at popular Web-based e-mail systems. Some of these e-mails are craftily designed and lead to attractive websites that are actually phony or immediately plant malicious programs.

Moreover, according to Mickey Boodaei, Chief Executive Officer, Trusteer, an online security company that creates computer security software for banks, attacks that plant malicious programs on users' PCs are now much simpler to launch and are increasing in number. They represent an obvious move away from phishing assaults, as reported by PCWorld on December 18, 2008.

However, this doesn't mean that the practice of phishing is disappearing or receding. These attacks are still constantly increasing in number. E-mails that involve phishing frauds had become three-fold last year (2007) as phishing scammers started using more sophisticated techniques, according to Dave Jevans, Chairman, Anti-Phishing Working Group (APWG). These attacks are not which just steal users' passwords, but add the users' computers to botnets, as reported by PCWorld on December 18, 2008.

Meanwhile, as per another report by Cisco, a security providing company, over 0.4% of the entire spam dispatched in September 2008 were personalized or targeted attacks, whereas last year, targeted attacks using personalized messages accounted for less than 0.1% of the total spam.

Related article: Phishing With A Redirector Code

» SPAMfighter News - 12/29/2008