Article

Phishing on the rise -- spam rules need updating

Jack Vaughan, Editor
Like everyone, Domino/Notes administrators and developers have received an e-mail with a subject heading like this: "Important banking mail from 'Fill-in-the-Bank'." It is easy to ignore if you have no account at that particular bank -- even less so if you do. Notes admins and developers are likely wise enough to ignore such blatantly dangerous phishing messages, but they now must worry about what is going on in the Notes user population, where such unwanted intrusions are increasingly common.

Thus, phishing filters are added to the long list of e-mail filters that administrators must build, buy or update.

Phishing is an avenue to identity theft and fraud. In phishing attacks, culprits use Web sites and false e-mails to gather Social Security numbers or credit card numbers. They mass-mail messages, hoping to entrap the unwary, drawing them to a phishing site.

How prevalent is the problem? In June, analyst firm Gartner Inc. estimated that 57 million Americans reported receiving phishing attack e-mails. Two million U.S. adult Internet users said they gave sensitive information to phishers, according to Gartner.

According to the Anti-Phishing Working Group, the number of active phishing sites reported in October was 1,142. Like other hacker attacks that mix and match ploys, phishing attacks can be accompanied by insertions of spyware and the like.

Like everything on the Internet, the problem is by no means limited to consumer systems, and it is fast becoming a corporate computing issue, too.

"This is becoming an enterprise issue as well," said Michael Siegel, product manager, McAfee Inc., Santa Clara, Calif., "If you receive these e-mails at work, you open up a hole within your enterprise for some pretty malicious stuff."

For its part, McAfee has added phishing detection rule sets to a host of filters it offers, along with its SpamKiller for Mail Servers products and services. The company is a member of the Anti-Phishing Working Group, an industry association that includes MasterCard, Visa, Trend Micro, Symantec, VeriSign and others.

"We are seeing phishing as a vector of attack for other intrusions," Siegel said.

"Through phishing you may download spyware onto a machine, for example," Siegel said.

Now, McAfee is including anti-phishing rules in monthly rule set engine updates. Phishing-specific characteristics are assigned a spam score that can help identify phishing ploys at the server level.

The phishing phenomena can be viewed in the overall context of advancing content filtering strategies, said Rahul Abhyankar, product manager for McAfee GroupShield.

"People are increasingly trying to provide content security, and to make sure that important material is not leaving the organization," Abhyankar said.

Infrastructure software providers such as Microsoft and IBM provide "some basic levels" of protection, Abhyankar said. Largely, he continued, developers are left to write their own scripts and utilities for advanced levels of protection. Implementing different sets of policies for various organizational groups, he said, is a major challenge.

Phishing reels in big bucks from enterprises (Dec. 6, 2004)

Phishers use zombie nets to automate attacks (Nov. 24, 2004)

Net banking fraudsters step up phishing scams (Nov. 04, 2004)

Phishing scams costly, on the rise (Sept. 30, 2004)

Vendor Webcast: Go Phish: Protecting Your Enterprise From E-Mail Based Fraud Attacks (Aug. 11, 2004)


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: