Phishing on rise, but anti-phishers fighting back

Posted by   Virus Bulletin on   Apr 16, 2008

As UK banking body reports major increase in phishes, PayPal unveils blocking strategy.

A report from the UK payments industry association APACS has shown a dramatic increase in phishing incidents, with the number of reports for Q1 of 2008 up 200% on the same period last year. Meanwhile major phishing target PayPal, the online payment system owned by eBay, has issued a detailed report on its efforts to minimize the dangers of phishing to its business and its users.

The APACS report carries figures from phishing reports made to BankSafeOnline, a cross-industry project supported by banks aimed at educating online banking users of the risks of scams, phishing and spyware and how to mitigate them. The statistics show over 10,000 incidents were reported to the organisations' hotlines in the first three months of the year, compared to just under 3,400 in the first quarter of 2007. the number of reports increased steadily throughout 2007, and the trend looks set to continue. Actual losses have gone down by around 30% in the same period, and both trends possibly reflect greater user awareness of the dangers of phishing and improved ability to spot suspect messages.

Over at PayPal, the online money-transfer system's security team have put together a detailed white paper discussing their current and future tactics for reduce financial losses and damage to their customers' user experience caused by phishing. One significant strategy is a movement towards implementation of email authentication standards, encouraging ISPs to drop spoofed mails rather than delivering mails with fraudulent content to their users. While the plan involves considerable cooperation from a wide range of infrastructure and software providers, a long-term trial of DomainKeys and SPF techniques has been running in conjunction with Yahoo!'s email system since October 2007, and has shown considerable benefits for Yahoo! users. As this strategy is being promoted, a stop-gap measure of certifying mails has also been trialled.

Beyond the email level, PayPal has also been active in gathering data on phishing scams and taking down spoofed websites, cooperating with blacklisting systems and providing user education through a number of initiatives. At the desktop level, the company is developing new systems to encourage, and eventually force, users to run more secure systems, alerting visitors arriving at their sites using out-of-date browsers and possibly in future denying access to those who are running older, insecure software. More advanced user authentication techniques, including personal security keys, are also in use in some areas and should expand to further territories in the near future.

As a result of these initiatives, PayPal has found levels of phishing targeting its services have dropped considerably in the past two years. The report can be found (in PDF format) here, with a blog entry on the findings from PayPal Chief Information Security Officer Michael Barratt here.

Full details of the APACS report are in a release here. Some details of the latest subtle phishing tactics, targeting credit card companies' online verification systems, are on the SophosLabs blog here and here.

Posted on 16 April 2008 by Virus Bulletin



Latest posts:

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

VB2021 localhost videos available on YouTube

VB has made all VB2021 localhost presentations available on the VB YouTube channel, so you can now watch - and share - any part of the conference freely and without registration.

VB2021 localhost is over, but the content is still available to view!

VB2021 localhost - VB's second virtual conference - took place last week, but you can still watch all the presentations.

VB2021 localhost call for last-minute papers

The call for last-minute papers for VB2021 localhost is now open. Submit before 20 August to have your paper considered for one of the slots reserved for 'hot' research!

New article: Run your malicious VBA macros anywhere!

Kurt Natvig explains how he recompiled malicious VBA macro code to valid harmless Python 3.x code.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.