AMSTERDAM (Reuters) – Criminals are increasingly trying to trick citizens into giving them their bank account details, according to a survey published on Monday which showed such “phishing” attempts almost doubled in the first six months.
Over 157,000 unique phishing messages were sent out around the world in the first half of 2006, an increase of 81 percent compared with the six-month period to end-December 2005.
Each message can go to thousands or hundreds of thousands of consumers, according to the bi-annual Internet Security Threat Report from security software vendor Symantec.
“Organized crime is here and they are very interested in phishing. They target home users who have become the weakest link,” said research scientist Ollie Whitehouse.
Phishers send around emails, pretending to be a financial institution or other legitimate organization, and ask to verify personal information such as account numbers and passwords.
They target their victims much more closely than before, by tracking down full names and personal interests.
“They skim social networking sites and personal websites. Most people, by now, have left a digital footprint which can be mined,” Whitehouse said.
Another trend in the first half of the year is that phishers have become more sophisticated, dodging spam filters and other defense mechanisms designed by service providers and software companies to keep out the criminals.
How much financial damage phishers have caused is unclear and usually at an individual level, which is why phishing does not get the same media attention as “denial of service attacks” aimed to take out a specific web site, or email worms which can shut down millions of computers in a digital equivalent of a carpet bombing.
The Internet is still under fire from such attacks, taking about 6,110 different denial of service hits every a day, but unlike a few years ago they cause less damage.
“A successful ‘denial of server’ attack or worm can have ramifications far beyond phishing. Worms have taken down electricity grids. That’s why critical infrastructure is now much more resilient. Information technology managers are better prepared and networks are more robust,” Whitehouse said.
Increased focus on security, and a willingness from software companies to own up to their mistakes, has dramatically cut down the time that computers are at risk, Symantec found.
Internet Explorer, the world’s most popular browser from Microsoft, has cut the number of days in which hackers can exploit a security flaw to nine days from 25 days six months earlier.
Security holes in browsers from Opera and Mozilla Firefox are patched within two days and one day respectively.
“Vendors are taking this much more seriously,” Whitehouse said.