Phishers Get Closer and Sharper on Their Victims

Modern phishing is getting more personal. In the past, phishers made obvious mistakes by copying contents from legitimate sites, but now they are more refined with the spelling and language they use and the graphics they embed. They are also more professional at selecting targeted victims, said Graham Cluley, senior technology consultant for Sophos while making a statement that Web User published on February 9, 2007.

While phishers of the old school continue their operations, the wiser Internet criminals are also changing their techniques. Instead of phishing over wide area, the perpetrators are sharpening their focus on targeted victims and using social networking sites like MySpace and Frienster to extorting private information out of them.

In 2006, a phishing scam targeted 60,000 MySpace users. The scam led them to a false MySpace login page from where the phishers stole their logins and passwords. This is unfortunate as McAfee also reports that 90% of users are unable to recognize a strategically crafted phish. Moreover, phishing sites are largely using Flash content in place of HTML that helps their owners to bypass anti-phishing tools installed in web browsers.

Spear phishing, which culls and segregates victims, is on the rise, told Cluley to Web User. His firm, Sophos has observed large-scale phishing attacks on wealthy people. One instance is that of a professional hitman targeting dentists.

Cluley also talks about corporate spear phishing where criminals attempt to access corporate computer systems. Here phishing e-mails purport to come from within the organization usually from the IT department, so victims un-hesitantly supply information including usernames and passwords.

Security Company, McAfee estimates a 25% increase in phishing e-mails over 2006. Fraudsters who are still focusing on reputed banks and e-commerce sites are changing the messages from the earlier "update-your-details-now" to more customized ones. They are also attacking sites that contain a lot of private data such as recruitment and dating sites.

Meanwhile, online banking sites are deploying site-authentication mechanisms to remain distinct from phishing sites. Most banks are compensating customers who become victims. But in the long run they are likely to turn the table on to customers, warned Cluley.

Related article: Phishers Expand Their Sphere of Attacks

» SPAMfighter News - 2/19/2007