Thought for the day: The attack of the phishers

Phishing has begun to grow at a epidemic rate, but beware of spyware - it's as bad, says Simon Moores.

Simon Moores  

Phishing has begun to grow at a epidemic rate, but beware of spyware  - it's as bad, says Simon Moores.





I find it amusing to read a prediction that identity cards will become universal by 2009, not simply as a measure against fraud, identity theft or the threat of terrorism but to defend us against spam. It is being suggested, that any e-mail not linked to a digital identity will be ignored.

Ironically, news appeared last week, that Microsoft whose popular Hotmail service has been synonymous with spam until it was aggressively cleaned up last year, has now contracted for a service which allows e-mail from so-called "legitimate" companies to more easily reach people's inboxes.

Of course, what counts as fair-play marketing on one side of the Atlantic isn’t viewed as quite the same on the other. After all, American football doesn’t have an offside rule and "sacking the quarterback" is the best parallel I can find to describe what happens when a US marketing company captures your e-mail address.

Allowing "legitimate" e-mail through spam filters - following the deposit of a $20,000 bond - may sound like a good idea but I very much doubt it will have any direct impact on the greater spam problem, which is steadily creeping into an unholy alliance with organised crime, as illustrated by the escalating number of phishing attacks in the first four months of this year.

The latest study from Gartner has found that such online scams, which use e-mail messages and web pages designed to look like correspondence from legitimate online businesses and frequently banks, are successfully tricking online consumers into divulging sensitive information to criminals.

I’m now so wary of spoofed URLs that if I can’t log into my bank first time around, I will unload the browser before a second attempt to avoid any chance of my password details being captured.

In a US study of 5,000 adults, Gartner found that a relatively low number of respondents, around 3%, reported being caught by a phishing exploit but if this figure is extrapolated, then as many as 30 million people may have experienced a phishing attack and almost two million American adults could have become victims of the "phisher kings".

Netcraft reports that the rise of phishing has followed a trajectory that is remarkably similar to that of spam.

Like spam, phishing in the early days was a relatively rare annoyance, but has recently begun growing to epidemic proportions: phishing attacks jumped 43% in March with over 400 unique scams.

It also points out that the technical virtuosity of this scam is an indication of how fast this field is evolving and that the form of this intricate, low-level attack presupposes a machine running Windows and its default applications. In other words, it depends on the popularity of Microsoft.

Only last week, Computer Weekly reported that the National Hi-Tech Crime Unit had arrested 12 eastern Europeans who were suspected of laundering funds obtained from the victims through phishing.

Using advertisements in newspapers and often posing as charities, criminal gangs are now actively seeking to recruit internet users, in the UK to launder money stolen from online bank accounts of victims who have been duped into handing over their account details.

If the growing threat and irritation from spam and phishing isn’t bad enough, Spyware comes pretty close.

Last week I downloaded Spybot, a shareware spy program killer from the web and discovered that even my heavily protected PC was riddled with little spy applications, following my interests, habits and probably much more.

Take my advice, just say "No" to spyware and follow my example - wipe it off your system today.

Setting the world to rights with the collected thoughts and opinions of leading industry analyst Dr Simon Moores of Zentelligence.

Acting globally, Zentelligence (Research) advises governments, suppliers, business and the media on the evolution, application and delivery of leading-edge technologies and specialises in the areas of eGovernment and information security.

For further information on Zentelligence and its research, presentation and analyst services visit


Read more on Hackers and cybercrime prevention