-
Be suspicious of any email with urgent requests for personal
financial information -
Don't use the links in an email to get to any web page, if
you suspect the message might not be authentic. -
Avoid filling out forms in email messages that ask for
personal financial information -
Always ensure that you're using a secure website when
submitting credit card or other sensitive information via your Web browser -
Consider installing a Web browser tool bar to help protect
you from known phishing fraud websites -
Regularly log into your online accounts
-
Regularly check your bank, credit and debit card statements
to ensure that all transactions are legitimate -
Ensure that your browser is up to date and security patches
applied
Source: Anti Phishing Working Group
Password Stealing Malicious Code Unique Applications
Phishing Reports
As number of phishing reports dropped marginally in July '05, the number of
reportedly phished brands dropped to 71 from a high of 107 in May '05.
However, phishers are spreading their nets, and are moving away from some
traditional larger targets, and hitting a wider base of smaller financial
institutions.
Quick Bytes
- According to a Gartner report, 33% of online shoppers are buying fewer
items due to concerns about online fraud, and 75% are more cautious about
where they shop online. Between May 2004 and May 2005, about 73 mn consumers
received e-mail phishing attacks, up 28% from 57 mn received between April
2003 and April 2004. 2.4 mn consumers have reported losing money directly
due to phishing attacks; of those consumers, half lost a combined $929 mn in
the 12 months preceding the survey. - According to IDC estimates, the financial sector has been the consistent
target for 80% of the phishing attacks. In another report by IDC, 67% of
desktops are infected by Spyware. - Companies that are up in arms after being targeted: Paypal, eBay, Citizens
Bank, Bank Of America, MSN, Amazon.com, VISA, Citibank, Lloyds TSB, Yahoo,
US Bank, Microsoft and AOL among others. - Hurricane Katrina has spawned more than misery and destruction-a new
wave of scam e-mails and Web sites are exploiting the tragedy. If users
click on the link contained inside the e-mail, they are taken to a malicious
Web site which will try and infect their computer. Other bogus e-mails are
circulating asking people to aid hurricane victims and their families by
clicking on a PayPal button to make a donation.
Total Security Services Market during 2004-05 (by pure-play services
Vendors)
Increased security threats amid lots of malware detection helped push the
market
Some Threats & Attacks (2004-05)
Virus Outbreak
-
The mass-mailing worm programs BAGLE, MYDOOM and NETSKY
caused a majority of the virus outbreaks for 2004-05. The BAGLE worm caused
15 outbreaks, while NETSKY caused 7 and MYDOOM, 3. -
The aggressive clampdown on authors of malicious worm
programs that led to the arrest of the SASSER worm author on May 8, 2004
helped lessen the successive virus outbreaks.
Malware
-
There were a total 16,880 malware detections. Expectedly,
Trojans, at 33% of all malware, comprised the bulk of detections. -
There were more than 5,000 Trojan detections, 45% of which
were from actual customer submissions (real-time sample submission and case
handling).
Profit-Driven Attacks
-
The year 2004 saw an increase in profit-driven attacks with
the proliferation of bot programs, increased phishing attacks and alarming
growth of spam volume. -
A total of 2,830 bot programs were documented making up more
than 35% of the total number of newly discovered malware detections for the
whole year. -
Spam volume swelled to comprise 60% of all email messages. A
total of 1,681,773 spam mails were registered globally in 2004, 35% of which
were financial-related, while another 20% fell under the health category. -
July generated the most number of phishing mail incidence
with 2,932 received samples, which was a huge leap from the total of 104
phishing mails recorded in May.
Source: Trend Micro
Phishing and Pharming Murky Waters
Phishing is derived from "fishing"-a social
engineering attack attempting to trick users into revealing personal information
like passwords and credit card numbers. E-mails masquerading as official
messages from banks are typical tools used by phishers.
Phishing scams hooked unwary Internet users one by one to
divulge data. But pharming threatens to reel-in entire schools of victims.
Pharming (from farming) exploits the DNS-the Internet system that translates a
computer name into an Internet Protocol (IP) address.
A computer with a compromised host file will go to the wrong
website even if the user types the correct URL. More alarming is DNS poisoning
where the Domain Name System directory is 'poisoned' and csan cause large
groups of users to be herded to fraudulent look-alike sites.
Security Products Market 2004-05 |
||||||
Revenues (in Rs crore) |
Market Share (%) |
|||||
Secure content management |
88 | 43 | ||||
Security 3A software |
52 | 26 | ||||
Firewall/VPN software |
35 | 17 | ||||
Intrusion detection/ management assessment software |
24 | 12 | ||||
Other Software |
4 | 2 | ||||
Total | 203 | |||||
|