Phishing Jumps Almost 500 Percent In Five Months

Phishing attacks are spam messages that pose as legitimate mail from big-name banks, credit card companies and retailers. Links within the messages entice recipients to bogus Web sites, where they're told that their account information needs to be updated. Users who fall for the con divulge personal financial data -- such as credit card and bank account numbers -- which is used by the attacker to siphon funds, purchase goods, or steal identities.

The number of unique scams spotted by SurfControl has grown 477 percent, from 33 to 155 in the first five months of this year, according to Susan Larson, SurfControl's vice president for global content. In the last 12 months, she added, phishing scams have rocketed by over 5,000 percent (from three in May 2003 to 155 in 2004).

Other phishing watchers have noted an even more dramatic rise in the raw numbers of phishing spam messages. In April, for instance, MessageLabs said it had seen phishing messages skyrocket from just 279 in September 2003, to a whopping 215,643 in March 2004.

The latest dodge, which targets US Bank customers, is one of the most sophisticated SurfControl has yet seen, said SurfControl's Larson.

The US Bank scam asks customers to verify and update their online bank accounts -- nothing out of the ordinary there -- but the hackers have used Javascript code to overlay a fake address bar that shows the real US Bank URL on the browser's real address bar.

The new tactic makes the spoof more realistic, Larson said, than earlier phishing attacks, which exploited an Internet Explorer bug to display the URL of the spoofed company. A patch exists for the flaw, but the new technique can target even those systems which have been patched.

According to Gartner, victims of phishing attacks are three times more likely to suffer some form of identity theft than the general population.

*This story courtesy of Techweb.com.