Remember scoffing at people who didnt know any better than to click on e-mail attachments from unknown senders, thus exposing their systems to computer viruses? Boy, has Internet crime and security gotten more complicated in the past year.
In November alone, there were 8,459 new, unique phishing e-mail messages reported to the Anti-Phishing Working Group. Thats nearly four times the number received in August and represents an average monthly growth rate of 34 percent since July.
Whats uniquely alarming about this epidemic is that phishing is such an alluringly lucrative cyber-crime: It involves duping victims into revealing personal financial data, including credit card numbers, account user names and passwords, and/or Social Security numbers.
The sophistication of these attacks has grown by leaps and bounds. For example, as eWEEK.coms Matthew Broersma reported in December, researchers have found that most Web browsers handle pop-up windows in a manner that makes them vulnerable to a simple phishing technique that allows fake content to look genuine.
Even fully patched, standard versions of globally used browsers including Internet Explorer, Firefox, Opera, Konqueror and Safari—used by trusted sites such as banks—allow malicious sites to insert their own content into any pop-up window, as long as the target name of the window is known.
Over the past year, experts also warned of new attacks that not only circumvent DomainKeys but, adding insult to injury, even exploit the fledgling e-mail signing technology for their nefarious ends.
As eWEEKs Dennis Fisher reported, the technology once regarded by many in the security community as one of the best hopes for preventing e-mail address forgery is now being used to make bogus messages appear legitimate, thus undercutting confidence in the system.
"It proves that people will get to the point where they cant trust e-mail from anywhere," one security expert, who requested anonymity, told Fisher.
During a quarter in which analysts declared a 500 percent increase in global phishing activity over the previous quarter, Veterans Day was the nadir.
Beginning in the early morning and continuing into the weekend, the Internet exploded with attacks against companies including eBay, Citibank and other financial institutions.
Indeed, financial institutions are traditionally the likeliest targets of Internet crime, yet chief security officers in the industry said they got scant help from the Feds over the past year, eWEEKs Fisher reported.
Dave Cullinane, president of the Information Systems Security Association, gave a speech at the CSO Interchange gathering, during which he said that the FBI and other federal agencies are generally unresponsive to requests for help from banks on phishing attacks unless the bank can show substantial financial losses. "If youre running on the assumption that calling the FBI will get you assistance, it wont," he said.