"Phishing" fraud on the rise

The number of phishing email messages intercepted by Symantec grew 300 percent since June 2004, while spam e-mail traffic intercepted by Symantec increased by 77 percent and reports of serious software vulnerabilities grew by 13 percent, according to the Symantec Internet Security Threat Report. Online fraud may be driving many of the trends, as attackers turn to strategies that are useful for identity theft and other online scams, said Alfred Huger, senior director of engineering at Symantec Security Response.

The fishing begins when the victim receives an email. The message invites the Internet user to go to the false site to update his personal information (which is linked to a bank account or online service of some kind). The fraudsters cite "security problems" as a pretext for requesting the validation of information. The user must then "confirm" his telephone or credit card number, or even his password for accessing the site. The swindlers can then harvest this information to make purchases on the web or access the online service in question for free.

Who is affected?

Although it is mainly bank account holders who are targeted, phishing is also directed at other areas such as the political arena or the e-commerce industry. The hackers have no qualms whatsoever about using political figures in the limelight to attract their victims. Phishing has also had an impact on major players in the e-commerce arena, such as eBay, Paypal, BestBuy, AOL and even Amazon. To dupe customers of the online payment system PayPal, the hackers threatened them with the closure of their accounts if they did not update their information. They also asked for their credit card number, expiry date and even their ATM pin code!

Source: http://www.symantec.com

Date - 21 March 2005