According to new research carried out by the group almost 95 percent of e-mail fraud and "phishing" reported in May emanated from forged addresses.
Phishing attacks trick people into parting with personal information by luring them to bogus corporate Web sites. Almost 5 percent of recipients of such deceitful e-mails disclosed vital information such as credit card numbers, account user names and passwords, leading to identity theft and financial loss, the report said. The past few months saw phishing e-mails emerging as a major threat.
The study, however, conducted by the Anti-Phishing Working Group with technical help from Tumbleweed Communications, showed there was only a 6 percent increase in new phishing attacks last month. May witnessed 1,197 new cases, compared with 1,125 unique attacks in April. Of the new attacks, 848 targeted the financial services sector.
"One Achilles' heel of phishing, and other related e-mail threats like spam and viruses, is the reliance on forged 'from' addresses to hide the sender's identity," APWG Chairman Dave Jevans said in a statement.
Despite varying specifications, several evolving technologies designed to provide verification of an e-mail sender's identity can prevent such fraudulent mails from reaching customers.
Several top Internet providers, including Yahoo, Microsoft, EarthLink, America Online, British Telecom and Comcast, formed an alliance last week to push for new technical guidelines to fight spam mails. EarthLink is already working on putting antiphisher software in place.
