Phishers going after small fry - News - Security

To print: Select File and then Print from your browser's menu

--------------------------------------------------------------
This story was printed from ZDNet Australia.
--------------------------------------------------------------

Phishers going after small fry

By Joris Evers, CNET News.com
June 06, 2005
URL: http://www.zdnet.com.au/news/security/soa/Phishers-going-after-small-fry/0,130061744,139195428,00.htm

Phishers are widening their net to take in credit unions, according to a new report.

While most of the fraud schemes still focus on big businesses such as major banks, smaller financial companies are increasingly being hit said the report, published Friday by the Anti-Phishing Working Group.

"Hackers are modifying their attack methods by shifting away from attacking popular or large institutions," the monthly report said.

Phishing is a prevalent type of online fraud that attempts to steal sensitive information such as usernames, passwords and credit card numbers. The schemes typically combine spam e-mail and fraudulent Web pages that look like legitimate sites.

The report covers trends in April, but a bigger jump in the number of credit unions targeted in phishing schemes was actually seen in May, said Dan Hubbard, a senior director at security company Websense, which helped write the report. (Click here for PDF.)

The number of credit unions in phishing e-mails has been growing over the past months, Hubbard said. The total rose from three in February to 21 in May.

Phishers are likely targeting the smaller financial businesses because of countermeasures put in place by larger banks, Hubbard said. Also, the attackers may simply be expanding their hit list, he said.

In April, the number of phishing attempts reported to the Anti-Phishing Working Group rose to 14,411, continuing a trend of slight monthly growth this year. However, a small drop in unique phishing e-mails was reported, down to 3,930, from 4,100 in March.

Other trends noted by the APWG include another increase in the number of phishing Web sites hosted in China, which was home to 22 percent of the 2,854 active phishing sites reported in April. The country came a close second to the United States, where 26.3 percent of sites were hosted, according to the report.

China is gaining in popularity among phishers as more PCs in the country get connected to high-speed lines, Hubbard said. In addition, it is harder for victimised companies to get service providers to shut down sites there, he noted. "Anytime you go across borders, it becomes more difficult to perform takedowns," he said.