Phishing getting more and more advanced
Date: September 26, 2005Source: ARNnet.com.au
By:
Phishing is hooking more victims as the e-mail fraud attacks become more sophisticated and prevalent.
According to Gartner, the number of phishing e-mail recipients has grown 28 percent in 2005. Because fraudulent e-mails negatively impact consumer confidence, the research firm's recent study predicts phishing and other security breaches will inhibit three-year U.S. e-commerce growth rates by 1 percent to 3 percent.
Evidence of the growing cunning of the attacks came Friday from threat protection vendor SurfControl, which said it discovered a new "Secured Phishing" technique capable of displaying the trusted padlock security icon on a fake site.
SurfControl rated the new phishing method as high risk because the padlock icon displayed at the bottom corner of a browser is a widely accepted symbol of a safe and secure Web site.
The "Secured Phishing" method uses self-signed digital certificates to use the HTTPS security protocol, which triggers the padlock icon, on spoofed Web sites. Typically, Secure Sockets Layer digital certificates are issued by a certificate authority. Windows generates a warning when it encounters a self-signed certificate, but many Web users don't understand the warning or ignore it, according to SurfControl officials.
Add comment Email to a Friend