ZDNetAsia : Phishing now hits one in five users

Phishing now hits one in five users
By Jeanne Lim, ZDNet Asia
URL: http://www.zdnetasia.com/news/security/0,39044215,39314891,00.htm

More than a fifth of PC users now receive five or more phishing e-mail each day, according to a new report by spam analysts from SophosLabs.

A Web poll of more than 600 business PC users, conducted by Sophos in January, found that 58 percent receive at least one phishing e-mail every day, while an alarming 22 percent receive more than five a day. Sophos said the figures are “evidence that the drive toward financially-motivated computer crime continues to accelerate”.

Further findings from the Anti-Phishing Working Group (APWG) support this evidence, according to a statement released by the security vendor, which is a member of the group. APWG also revealed that it received 15,244 unique phishing reports from the public in December 2005, up from 8,829 in December 2004.

Carole Theriault, senior security consultant at Sophos, said in the statement that e-mail phishing is now more prevalent because of its success rate.

“With crooks employing more and more devious methods to dupe users, the best advice is to always be wary of unsolicited e-mail, and at all costs avoid parting with confidential information,” she added.

Although most phishing e-mail falsely claim to originate from online businesses such as eBay and high-profile financial institutions, Sophos has now seen a variety of different organizations being targeted including the Internal Revenue Service (IRS). The ‘tax refund phish’ stemmed from an apparent security configuration error on the real IRS Web site, allowing phishers to redirect visitors to a bogus address.

David Jevans, chairman of the APWG, said: "While organizations have a responsibility to ensure the security of their own Web sites, they have little control over phishers that exploit their brand behind their backs.

“Phishing attacks are likely to become even more targeted in the future, and it will therefore be all the more important for users to display caution. If in doubt, they should contact the relevant organization to check the authenticity of an e-mail,” he added.