Computer Crime Research Center


Phishing getting more and more advanced

Date: September 26, 2005
By: Cathleen Moore

Phishing is hooking more victims as the e-mail fraud attacks become more sophisticated and prevalent.

According to Gartner, the number of phishing e-mail recipients has grown 28 percent in 2005. Because fraudulent e-mails negatively impact consumer confidence, the research firm's recent study predicts phishing and other security breaches will inhibit three-year U.S. e-commerce growth rates by 1 percent to 3 percent.

Evidence of the growing cunning of the attacks came Friday from threat protection vendor SurfControl, which said it discovered a new "Secured Phishing" technique capable of displaying the trusted padlock security icon on a fake site.

SurfControl rated the new phishing method as high risk because the padlock icon displayed at the bottom corner of a browser is a widely accepted symbol of a safe and secure Web site.

The "Secured Phishing" method uses self-signed digital certificates to use the HTTPS security protocol, which triggers the padlock icon, on spoofed Web sites. Typically, Secure Sockets Layer digital certificates are issued by a certificate authority. Windows generates a warning when it encounters a self-signed certificate, but many Web users don't understand the warning or ignore it, according to SurfControl officials.
Original article

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo