News

Organization Finds Huge Jump in Phishing Scams

A new organization calling itself the Anti-Phishing Working Group documented a large jump in the number of phishing attacks in January.

The working group's January report, released in mid-February, found 176 unique new phishing attacks in January, a 52 percent increase over the 116 phishing attacks reported in December. The working group was founded by Tumbleweed Communications and first met in November. It includes banks, financial services institutions and e-commerce sites.

Phishing refers to the effort to get users to give up their private financial information such as passwords, PINs and other identifying or security information through a combination of technical means and social engineering. Most efforts involve an e-mail with a spoofed sender address that asks users to link to and fill out information on a Web page that is a spoof of, or similar to, a legitimate institution the user would recognize.

The working group's January report found that the highest number of unique spoofing attacks attempt to fool users into thinking they are being contacted by eBay. The online auction site is the target for 51 new attacks in January, compared with 33 in December and six in November. Other attractive false fronts and the number of unique new attacks that target them in January were Citibank with 35, AOL with 34, PayPal with 10 and Earthlink with nine.

Some of the most popular avenues of Phishing attacks were cut off by a Microsoft Internet Explorer patch released on Feb. 2. (See story). It will be interesting to see if the number of new attacks in February or March taper off as more and more browsers become immune to the simplest attacks.

Some 32 percent of phish attacks in January exploited a URL syntax for user authentication in Internet Explorer that allowed the use of an @ symbol to appear as one Web site while actually visiting another. A related flaw involving a %01 or a %00 before the @ symbol accounted for 7.8 percent of new phish attacks in January.

A Danish security firm, Secunia, highlighted the IE problem on Dec. 9 and the first phishing attacks based on it began appearing Dec. 18, according to the working group. Microsoft posted a workaround in December and a full patch on Feb. 2.

Another popular method of phish attacks is the use of a cousin URL that resembles the authentic URL of a trusted institution but points to a scammer's site. Examples provided by the working group included aol-wallet.com, www.ebay-secure.com and www.yahoo-billing.com. According to the working group, so-called cousin URL attacks accounted for 9.3 percent of unique phishing attacks in January.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.