Originally published May 19 2005
Although number of new phishing victims drops slightly, phishers are getting sneakier
by Mike Adams, the Health Ranger, NaturalNews Editor
Phishing, or baiting users into giving up account numbers and forms of identity, has seen a slight decrease in new victims this year, says the Anti-Phishing Working Group (APWG). According to spokespeople for the group, phishers are now moving on to malicious code to steal identities and account information, rather than emails. A favorite trick is to use keyloggers, or programs specifically designed to record usernames and passwords used on banking sites. Currently, Brazil is at the frontlines of the phishing war, but experts are not sure if this is because Brazilian users are more likely to take phishers' bait, or if this is a trend on its way to the US very soon. As phishers are shut down, they are finding smarter ways to ply their trade.
While traditional phishing attacks may be growing slower than ever, more devious identity thievery tactics are starting to crop up, the Anti-Phishing Working Group says.
"What I'll call, for lack of a better term, the 'old way' of phishing -- sending e-mail, enticing people to a bogus Web site -- didn't rise as dramatically as it has in the past," said Dan Hubbard, the senior director of security at Websense, which released the latest phishing data in concert with the APWG.
"But phishers are changing to other attack vectors.
The number of e-mailed phishing campaigns climbed by just 2 percent in March over February, noted Hubbard, while the APWG's data showed a 6.8 percent increase in the number of active phishing sites.
"I don't know if users are any less nave," said Hubbard, "but I think the message's gotten across that it's dangerous to open file attachments.
The trend of phishers using other techniques to separate users from their cash is accelerating, said Hubbard, who said that over the last two months, Websense's labs have been monitoring a "dramatic increase" in phishing attacks based on malicious code, not e-mail.
In particular, phishers are increasingly planting keyloggers -- malicious programs that spy out keystrokes, sometimes only those keystrokes associated with logging on to an online banking site -- to filch identities.
From November through December 2004, Websense found a weekly average of 1 to 2 new phishing keyloggers and 10 to 15 sites hosting the Trojans that carried the keyloggers.
Phishers have long used botnets to host their fake Web sites, using these machines -- whose owners don't know the felonious purposes the PCs are being put to -- rather than commercial hosting services.
But now they're also using the botnets to host their own bogus domain name system (DNS) servers.
All content posted on this site is commentary or opinion and is protected under Free Speech. Truth Publishing LLC takes sole responsibility for all content. Truth Publishing sells no hard products and earns no money from the recommendation of products. NaturalNews.com is presented for educational and commentary purposes only and should not be construed as professional advice from any licensed practitioner. Truth Publishing assumes no responsibility for the use or misuse of this material. For the full terms of usage of this material, visit www.NaturalNews.com/terms.shtml