Advertisement
Promo

Security threats Toolkit

Phishing attacks up 1,000-fold since September

Munir Kotadia ZDNet.co.uk

Published: 19 Apr 2004 17:50 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

The number of phishing emails circulating on the Web has increased from 279 to 215,643 over the past six months, according to email security company MessageLabs.

Phishing is an Internet scam in which unsuspecting users receive official-looking emails that attempt to fool them into disclosing online passwords, user names and other personal information. Victims are usually persuaded to click on a link in an email that directs them to a doctored version of an organisation's Web site.

MessageLabs, which monitors corporate email traffic, said on Monday that in September 2003 the company encountered just 279 phishing emails. In January 2004 this figure reached 337,050 and then dropped back to 215,643 by March. The company said it is impossible to estimate exactly how many users have been fooled by the phishers. The UK banking industry body APACS said that last year, fewer than 100 people had fallen victim to phishing attacks.

The Anti-Phishing Working Group (APWG), which was formed in November 2003 to provide a forum for financial institutions to share information about new phishing campaigns, recently warned its members about an attack that can modify the victim's browser by replacing the address bar with a Java applet. This allows the attacker to take the victim to any Web site, but display the address of an official Web site in the browser's window, increasing the chances of fooling the users.

According to the APWG's Web site, the new attack targeted Citibank customers at the end of March: "This sophisticated new attack automatically detects the consumer's browser, and applies a custom JavaScript that replaces the look and feel of the Web address bar with an appropriately designed working fake. You can even type in the bank's Web address directly into the fake address bar -- this is a live piece of JavaScript code, not a static fake address bar image," the organisation said.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
45 out of 106 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

1 comment

  1. Yep I was one too. However, I went to the local F... Carl Wayne Santy

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:






Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

McKinnon lawyers seek judicial review

Lawyers seeking a judicial review for Nasa hacker Gary McKinnon lodged fresh evidence of his psychiatric state at the High Court on Thursday. Karen Todner, McKinnon's solicitor,... More

1 comment

Beware of keeping your head in the clo...

Information security professionals can look forward to a deepening appreciation for their skills as security continues to be recognised as an essential element for doing business in... More

1 comment

Civil liberties groups attack file-sha...

Civil liberties and digital rights organisations have strongly criticised Lord Mandelson's Digital Economy Bill. Liberty said in a position paper on Tuesday that the bill, part of... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters