Experts concede that phishing schemes remain an extremely troubling threat, specifically for financial services companies, as the attempts to dupe users into sharing their personal information continue to proliferate and increasingly target online banks.
/zimages/5/28571.gifClick hereto read about new authentication tools financial institutions are using to protect online banking customers.
According to the latest research released by security applications maker Symantec, the companys Probe Network detected 157,477 unique phishing e-mail campaigns during the first six months of 2006, an 81 percent increase over the 86,906 phishing attempts it tracked during the second half of 2005. Similarly discouraging results recently published by the Anti-Phishing Working Group indicate that unique phishing sites doubled during the 12 months between June 2005 and June 2006, with 93 percent of those attacks specifically involving attempts to rob customers of financial services companies.
According to researchers at security software maker TippingPoint (a division of 3Com), most phishing attempts remain relatively low-tech, using a time-honored combination of counterfeit e-mails and fake Web sites to trick unsuspecting consumers. However, at the same time, a smaller group of attackers has produced the most elaborate phishing attempts seen yet, the researchers said, including those who used a recently discovered VML (Vector Markup Language) vulnerability in Microsofts Internet Explorer browser to plant keystroke-logging spyware onto victims machines.
“Its safe to say that we will probably see higher volumes of low-tech attacks that are aimed at tricking large numbers of people and also greater numbers of very sophisticated attacks that try to steal information from customers of specific businesses,” said Tod Beardsley, lead counter-fraud engineer at TippingPoint, of Austin, Texas. “The situation also continues to be compounded by the financial services industry itself, as companies continue to send out very inviting e-mails that are essentially training end users to expect that sort of communication, which makes it easier for attackers to find victims.”
/zimages/5/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.