|
THE FACTS ON PHISHING
Phishing is an online con game, and phishers are tech-savvy con artists and identity thieves. They use spam, fake Web sites, crimeware and other techniques to trick people into divulging sensitive information, such as bank and credit card account details. Once they've captured enough victims' information, they either use the stolen goods themselves to defraud the victims (e.g., by opening up new accounts using the victim's name or draining the victim's bank accounts) or they sell it on the black market for a profit.
Over the first six months of 2006, Symantec detected 157,477 unique phishing messages, an 81% increase over the 86,906 unique phishing messages that were detected in the last half of 2005. The volume of fraudulent emails is extremely high- 1.3 billion phishing messages were blocked by Symantec Brightmail AntiSpam for the same period in 2006.
Phishers have quickly become more sophisticated. They use crimeware in conjunction with their phony, hostile Web sites by leveraging common Web browser vulnerabilities to infect victim machines. This trend means that by simply following the link in a phishing email to a bogus Website, a user's identity could be stolen as the phisher would no longer need to have the victim enter their personal information - the Trojan or spyware placed onto the infected machine would capture this information the next time the victim visits the legitimate Web site of your bank or other online service. This genre of crimeware has become more targeted (capturing just the information the phisher wants) and more silent, using rootkit and other aggressive stealth techniques to remain hidden on an infected system.
Together, these factors make shutting down phishing sites or accurately tracking their URLs increasingly difficult, yielding longer-lasting attacks that expose more users to potential loss of identity.
|
