By:
October 28, 2009
Until recently, phishing — a scam in which Internet fraudsters send spam or pop-up messages to lure personal and financial information from unsuspecting victims — seemed to be dying down.
 
Not anymore. Scammers and attackers are back with new ways to steal your personal data. 
 
USA Today reported that “phishing attacks suddenly spiked 200 percent from May through September, according to IBM’s X-Force research team. Phishers are going after log-ons to Web mail, social networking and online gaming accounts, security experts say.”

USA Today said that Web-based e-mails are the most valuable targets and that people are getting lazy about changing their passwords: 

 
 
“In the evolving cyberunderground, valid Web mail accounts, in particular, are considered highly valuable ‘virgin’ assets, useful for sending out viral e-mail messages likely to go unblocked by spam filters, Sophos researcher Beth Jones says.
 

“Virgin mail accounts have become hot commodities; a valid log-on to a Windows Live, Gmail, YahooMail or AOL e-mail account can sell for as much as $2 — more than double what a stolen credit card account number fetches, says Fred Rica, principal at PricewaterhouseCoopers’ security practice.

“Cybercriminals are attuned to the fact that many people use their free Web mail account address to open financial, social network, travel and other online accounts. ‘Your e-mail account is the key to your online persona,’ says Henry Stern, Cisco security researcher.

“And yet a recent Sophos survey found 33 percent of the respondents used just one password online, while 48 percent used just a few different ones. ‘The sad reality is most people use the same user names and passwords on many different Web sites,’ says Sam Masiello, threat researcher at McAfee’s MX Logic messaging security section.”

The Anti-Phishing Working Group’s Web site has some fairly stunning graphics about how phishing groups are writing programs to fight the anti-malware programs you use to stop bad guys from stealing your stuff. You will also see a graphic showing the dramatic rise in phishing since spring.
 

PC World said a single group might be responsible for a quarter of all attacks worldwide.

“Called Avalanche, the gang started work late last year and has been increasing its activity since, according to a report by the Anti-Phishing Working Group. ‘This criminal operation is one of the most sophisticated and damaging on the Internet and targets vulnerable or non-responsive registrars and registries,’ the report says.
 

“The group attacks financial institutions, online services and job-search providers using fast-flux techniques that hide its actual attack sites behind an ever-changing group of proxy machines, mainly hacked consumer computers, according to APWG’s latest Global Phishing Survey.”

Additional resources

Support high-integrity, independent journalism that serves truth and democracy. Make a gift to Poynter today. The Poynter Institute is a nonpartisan, nonprofit organization, and your gift helps us make good journalism better.
Donate
Tags: , , ,
Al Tompkins
Al Tompkins is one of America's most requested broadcast journalism and multimedia teachers and coaches. After nearly 30 years working as a reporter, photojournalist, producer,…
Al Tompkins

More News

Back to News