Originally published June 16 2005
Industry research shows phishers are getting better at disguising websites
by Mike Adams, the Health Ranger, NaturalNews Editor
If the existence of phishers (hackers who bait their targets with false websites to catch users account numbers and personal information) weren't bothersome enough for you, then ZD Net UK has good news: They are getting smarter and more adept at hiding their false websites from the authorities.
Phishers are becoming increasingly sophisticated in their attempts to grab user names, passwords and other personal data from users of commercial websites, according to latest industry research.
April's report from the Anti-Phishing Working Group, published on Monday, indicates an 11 percent drop in the number of reported attacks using simple IP address domains.
The overall number of reports continued their upward trend to reach 14,441 for the month, said the APWG, which compiles its report with the help of WebSense.
The decline in the number of IP-only attacks, in which users are misdirected to a site that just has an IP address and so is less likely than one showing a domain name to deceive them, means phishers are getting better at disguising their scam attempts.
"A lot of the recent phishing sites use hijacked servers where the scam is located on the domain of a legitimate enterprise," said the APWG, adding that this technique requires the phishers to get access to the servers, typically by hacking or installing malware.
The number of brands targeted stayed the same from March to April, though there was significant churn within this group, with 11 brands being replaced.
This separation has its logic, said the group: while some of the scammers count on the popularity of some brands to generate more hits to the phishing site (the ones in the favourites list), others try to scam the customers of companies that had not experienced the phenomenon so far, and are presumably less experienced in exposing phishing.
Given such knowledge, a scammer can build a site that acts as a 'front end' mask for the legitimate login site -- it would return an error message when incorrect login data is passed, for example.
All content posted on this site is commentary or opinion and is protected under Free Speech. Truth Publishing LLC takes sole responsibility for all content. Truth Publishing sells no hard products and earns no money from the recommendation of products. NaturalNews.com is presented for educational and commentary purposes only and should not be construed as professional advice from any licensed practitioner. Truth Publishing assumes no responsibility for the use or misuse of this material. For the full terms of usage of this material, visit www.NaturalNews.com/terms.shtml