Phishing has begun to grow at a epidemic rate, but
beware of spyware - it's as bad, says Simon Moores.
I find it amusing to read a prediction that identity
cards will become universal by 2009, not simply as a measure
against fraud, identity theft or the threat of terrorism but to
defend us against spam. It is being suggested, that any e-mail not
linked to a digital identity will be ignored.
Ironically, news appeared last week, that Microsoft whose
popular Hotmail service has been synonymous with spam until it was
aggressively cleaned up last year, has now contracted for a
service which allows e-mail from so-called "legitimate" companies
to more easily reach people's inboxes.
Of course, what counts as fair-play marketing on one side of the
Atlantic isn’t viewed as quite the same on the other. After all,
American football doesn’t have an offside rule and "sacking the
quarterback" is the best parallel I can find to describe what
happens when a US marketing company captures your e-mail
address.
Allowing "legitimate" e-mail through spam filters - following
the deposit of a $20,000 bond - may sound like a good idea but I
very much doubt it will have any direct impact on the greater spam
problem, which is steadily creeping into an unholy alliance with
organised crime, as illustrated by the escalating number of
phishing attacks in the first four months of this year.
The latest study from Gartner has found that such online scams,
which use e-mail messages and web pages designed to look like
correspondence from legitimate online businesses and frequently
banks, are successfully tricking online consumers into divulging
sensitive information to criminals.
I’m now so wary of spoofed URLs that if I can’t log into my bank
first time around, I will unload the browser before a second
attempt to avoid any chance of my password details being
captured.
In a US study of 5,000 adults, Gartner found that a relatively
low number of respondents, around 3%, reported being caught by a
phishing exploit but if this figure is extrapolated, then as many
as 30 million people may have experienced a phishing attack and
almost two million American adults could have become victims of the
"phisher kings".
Netcraft reports that the rise of phishing has followed a
trajectory that is remarkably similar to that of spam.
Like spam, phishing in the early days was a relatively rare
annoyance, but has recently begun growing to epidemic proportions:
phishing attacks jumped 43% in March with over 400 unique
scams.
It also points out that the technical virtuosity of this scam is
an indication of how fast this field is evolving and that the form
of this intricate, low-level attack presupposes a machine running
Windows and its default applications. In other words, it depends on
the popularity of Microsoft.
Only last week, Computer Weekly reported that the National
Hi-Tech Crime Unit had arrested 12 eastern Europeans who were
suspected of laundering funds obtained from the victims through
phishing.
Using advertisements in newspapers and often posing as
charities, criminal gangs are now actively seeking to recruit
internet users, in the UK to launder money stolen from online bank
accounts of victims who have been duped into handing over their
account details.
If the growing threat and irritation from spam and phishing
isn’t bad enough, Spyware comes pretty close.
Last week I downloaded Spybot, a shareware spy program killer
from the web and discovered that even my heavily protected PC was
riddled with little spy applications, following my interests,
habits and probably much more.
Take my advice, just say "No" to spyware and follow my example
- wipe it off your system today.
Setting the world to rights with the collected thoughts and
opinions of leading industry analyst Dr Simon Moores of
Zentelligence.
Acting globally, Zentelligence (Research) advises
governments, suppliers, business and the media on the evolution,
application and delivery of leading-edge technologies and
specialises in the areas ofeGovernmentandinformation security.
For further information on Zentelligence and its research,
presentation and analyst services visitwww.zentelligence.com
.