News

Organization Finds Huge Jump in Phishing Scams

A new organization calling itself the Anti-Phishing Working Group documented a large jump in the number of phishing attacks in January.

The working group's January report, released in mid-February, found 176 unique new phishing attacks in January, a 52 percent increase over the 116 phishing attacks reported in December. The working group was founded by Tumbleweed Communications and first met in November. It includes banks, financial services institutions and e-commerce sites.

Phishing refers to the effort to get users to give up their private financial information such as passwords, PINs and other identifying or security information through a combination of technical means and social engineering. Most efforts involve an e-mail with a spoofed sender address that asks users to link to and fill out information on a Web page that is a spoof of, or similar to, a legitimate institution the user would recognize.

The working group's January report found that the highest number of unique spoofing attacks attempt to fool users into thinking they are being contacted by eBay. The online auction site is the target for 51 new attacks in January, compared with 33 in December and six in November. Other attractive false fronts and the number of unique new attacks that target them in January were Citibank with 35, AOL with 34, PayPal with 10 and Earthlink with nine.

Some of the most popular avenues of Phishing attacks were cut off by a Microsoft Internet Explorer patch released on Feb. 2. (See story). It will be interesting to see if the number of new attacks in February or March taper off as more and more browsers become immune to the simplest attacks.

Some 32 percent of phish attacks in January exploited a URL syntax for user authentication in Internet Explorer that allowed the use of an @ symbol to appear as one Web site while actually visiting another. A related flaw involving a %01 or a %00 before the @ symbol accounted for 7.8 percent of new phish attacks in January.

A Danish security firm, Secunia, highlighted the IE problem on Dec. 9 and the first phishing attacks based on it began appearing Dec. 18, according to the working group. Microsoft posted a workaround in December and a full patch on Feb. 2.

Another popular method of phish attacks is the use of a cousin URL that resembles the authentic URL of a trusted institution but points to a scammer's site. Examples provided by the working group included aol-wallet.com, www.ebay-secure.com and www.yahoo-billing.com. According to the working group, so-called cousin URL attacks accounted for 9.3 percent of unique phishing attacks in January.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • FTC Expands Microsoft Antitrust Investigation Under Trump Administration

    The Federal Trade Commission (FTC) is pressing ahead with a broad investigation into Microsoft's business practices, an inquiry that began in the final weeks of the Biden administration.

  • An image of planes flying around a globe

    2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • Microsoft to Shut Down Skype Services

    Microsoft will discontinue its Skype telecommunications and video calling services on May 5, 2025, marking the end of the platform's decades-long run.

  • Big Blue To Acquire Datastax in Enterprise AI Play

    In a bid to bolster its enterprise-aimed AI capabilities, IBM is planning to acquire Datastax, a leading AI and data solutions provider, for an undisclosed amount.