Phishing on rise, but anti-phishers fighting back

Posted by   Virus Bulletin on   Apr 16, 2008

As UK banking body reports major increase in phishes, PayPal unveils blocking strategy.

A report from the UK payments industry association APACS has shown a dramatic increase in phishing incidents, with the number of reports for Q1 of 2008 up 200% on the same period last year. Meanwhile major phishing target PayPal, the online payment system owned by eBay, has issued a detailed report on its efforts to minimize the dangers of phishing to its business and its users.

The APACS report carries figures from phishing reports made to BankSafeOnline, a cross-industry project supported by banks aimed at educating online banking users of the risks of scams, phishing and spyware and how to mitigate them. The statistics show over 10,000 incidents were reported to the organisations' hotlines in the first three months of the year, compared to just under 3,400 in the first quarter of 2007. the number of reports increased steadily throughout 2007, and the trend looks set to continue. Actual losses have gone down by around 30% in the same period, and both trends possibly reflect greater user awareness of the dangers of phishing and improved ability to spot suspect messages.

Over at PayPal, the online money-transfer system's security team have put together a detailed white paper discussing their current and future tactics for reduce financial losses and damage to their customers' user experience caused by phishing. One significant strategy is a movement towards implementation of email authentication standards, encouraging ISPs to drop spoofed mails rather than delivering mails with fraudulent content to their users. While the plan involves considerable cooperation from a wide range of infrastructure and software providers, a long-term trial of DomainKeys and SPF techniques has been running in conjunction with Yahoo!'s email system since October 2007, and has shown considerable benefits for Yahoo! users. As this strategy is being promoted, a stop-gap measure of certifying mails has also been trialled.

Beyond the email level, PayPal has also been active in gathering data on phishing scams and taking down spoofed websites, cooperating with blacklisting systems and providing user education through a number of initiatives. At the desktop level, the company is developing new systems to encourage, and eventually force, users to run more secure systems, alerting visitors arriving at their sites using out-of-date browsers and possibly in future denying access to those who are running older, insecure software. More advanced user authentication techniques, including personal security keys, are also in use in some areas and should expand to further territories in the near future.

As a result of these initiatives, PayPal has found levels of phishing targeting its services have dropped considerably in the past two years. The report can be found (in PDF format) here, with a blog entry on the findings from PayPal Chief Information Security Officer Michael Barratt here.

Full details of the APACS report are in a release here. Some details of the latest subtle phishing tactics, targeting credit card companies' online verification systems, are on the SophosLabs blog here and here.

Posted on 16 April 2008 by Virus Bulletin

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VBSpam tests to be executed under the AMTSO framework

VB is excited to announce that, starting from the Q3 test, all VBSpam tests of email security products will be executed under the AMTSO framework.

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.