February 28, 2005 (HOSTSEARCH.COM) According to the APWG (Anti-Phishing Work Group), phishing sites have nearly doubled since the beginning of the year alone.
In January, there were 12,845 unique phishing email messages reported to the group which is a 42% increase over the amount of email in December.
Mozilla recently disabled support for IDN which allowed phishing attacks to be carried out on the browser. While many international users were angered by the removal of support for international languages from the browser its easy to see why the group would disable IDN on FireFox.
According to the APWG, Phishing attacks use 'spoofed' e-mails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, social security numbers, etc. Pharming uses the same kind of spoofed sites, but uses malware/spyware to redirect users from real websites to the fraudulent sites (typically DNS hijacking). By hijacking the trusted brands of well-known banks, online retailers and credit card companies, phishers are able to convince recipients to respond to them.
With a recent slew of critical identity data being released accidentally to the public through corporate mistakes this is indeed alarming news.
Bank of America recently found that backup tapes containing identifiable financial information and credit card data of 1.2 million customers, including possibly that of all 100 U.S. senators and hundreds of thousands of other government employees have gone missing. Meanwhile, information from the ChoicePoint database containing 19 billion public records was inadvertently sold the consumer data to criminals last year leading to more than 700 ID frauds so far.
Then there is the case of Paris Hilton, whose T-Mobile was hacked and then her personal information and phone numbers of her friends and acquaintances was posted online. Soon afterwards, Limp Bizkits lead singer had his computer hacked and a sex video of the singer was posted online after a failed attempt to blackmail the singer.
This has caused a lot of hubbub in the Senate where new laws are being mulled but it doesnt change the fact that police and Homeland Security are woefully under-prepared to tackle internet crime and many businesses are insecure as well.
If the threat continues to increase it could cause serious damage to the burgeoning online economy.