How to Avoid Phishing

  • Be suspicious of any email with urgent requests for personal
    financial information

  • Don’t use the links in an email to get to any web page, if
    you suspect the message might not be authentic.

  • Avoid filling out forms in email messages that ask for
    personal financial information

  • Always ensure that you’re using a secure website when
    submitting credit card or other sensitive information via your Web browser

  • Consider installing a Web browser tool bar to help protect
    you from known phishing fraud websites

  • Regularly log into your online accounts

  • Regularly check your bank, credit and debit card statements
    to ensure that all transactions are legitimate

  • Ensure that your browser is up to date and security patches
    applied

Source: Anti Phishing Working Group

Password Stealing Malicious Code Unique Applications

Phishing Reports

As number of phishing reports dropped marginally in July ’05, the number of
reportedly phished brands dropped to 71 from a high of 107 in May ’05.
However, phishers are spreading their nets, and are moving away from some
traditional larger targets, and hitting a wider base of smaller financial
institutions.

Quick Bytes

  • According to a Gartner report, 33% of online shoppers are buying fewer
    items due to concerns about online fraud, and 75% are more cautious about
    where they shop online. Between May 2004 and May 2005, about 73 mn consumers
    received e-mail phishing attacks, up 28% from 57 mn received between April
    2003 and April 2004. 2.4 mn consumers have reported losing money directly
    due to phishing attacks; of those consumers, half lost a combined $929 mn in
    the 12 months preceding the survey.
  • According to IDC estimates, the financial sector has been the consistent
    target for 80% of the phishing attacks. In another report by IDC, 67% of
    desktops are infected by Spyware.
  • Companies that are up in arms after being targeted: Paypal, eBay, Citizens
    Bank, Bank Of America, MSN, Amazon.com, VISA, Citibank, Lloyds TSB, Yahoo,
    US Bank, Microsoft and AOL among others.
  • Hurricane Katrina has spawned more than misery and destruction-a new
    wave of scam e-mails and Web sites are exploiting the tragedy. If users
    click on the link contained inside the e-mail, they are taken to a malicious
    Web site which will try and infect their computer. Other bogus e-mails are
    circulating asking people to aid hurricane victims and their families by
    clicking on a PayPal button to make a donation.

Total Security Services Market during 2004-05 (by pure-play services
Vendors)

Increased security threats amid lots of malware detection helped push the
market

Some Threats & Attacks (2004-05)

Virus Outbreak

  • The mass-mailing worm programs BAGLE, MYDOOM and NETSKY
    caused a majority of the virus outbreaks for 2004-05. The BAGLE worm caused
    15 outbreaks, while NETSKY caused 7 and MYDOOM, 3.

  • The aggressive clampdown on authors of malicious worm
    programs that led to the arrest of the SASSER worm author on May 8, 2004
    helped lessen the successive virus outbreaks.

Malware

  • There were a total 16,880 malware detections. Expectedly,
    Trojans, at 33% of all malware, comprised the bulk of detections.

  • There were more than 5,000 Trojan detections, 45% of which
    were from actual customer submissions (real-time sample submission and case
    handling).

Profit-Driven Attacks

  • The year 2004 saw an increase in profit-driven attacks with
    the proliferation of bot programs, increased phishing attacks and alarming
    growth of spam volume.

  • A total of 2,830 bot programs were documented making up more
    than 35% of the total number of newly discovered malware detections for the
    whole year.

  • Spam volume swelled to comprise 60% of all email messages. A
    total of 1,681,773 spam mails were registered globally in 2004, 35% of which
    were financial-related, while another 20% fell under the health category.

  • July generated the most number of phishing mail incidence
    with 2,932 received samples, which was a huge leap from the total of 104
    phishing mails recorded in May.

Source: Trend Micro

Phishing and Pharming Murky Waters

Phishing is derived from "fishing"-a social
engineering attack attempting to trick users into revealing personal information
like passwords and credit card numbers. E-mails masquerading as official
messages from banks are typical tools used by phishers.

Phishing scams hooked unwary Internet users one by one to
divulge data. But pharming threatens to reel-in entire schools of victims.
Pharming (from farming) exploits the DNS-the Internet system that translates a
computer name into an Internet Protocol (IP) address.

A computer with a compromised host file will go to the wrong
website even if the user types the correct URL. More alarming is DNS poisoning
where the Domain Name System directory is ‘poisoned’ and csan cause large
groups of users to be herded to fraudulent look-alike sites.

Security
Products Market 2004-05
  Revenues
(in Rs crore)
Market
Share (%)
Secure
content management
88 43
Security
3A software
52 26
Firewall/VPN
software
35 17
Intrusion
detection/ management assessment software
24 12
Other
Software
4 2
Total 203  
Source:
DQ estimates

CyberMedia
Research

Anti-virus,
internet access control, employee internet management comprised 43%
of the security market

Leave a Reply

Your email address will not be published. Required fields are marked *