Scam artists posed as banks and other legitimate businesses in
thousands of phishing attacks last year, sending out millions of
"spam" e-mails with subject lines like "account update needed" that
pointed to fraudulent Web sites.
These attacks now increasingly use worms and spyware to divert
consumers to fraudulent sites without their knowledge, experts say.
"If you think of phishers initially as petty thieves, now they're more
like an organized crime unit," said Paris Trudeau, senior product
manager for Internet-security firm SurfControl.
Phishing attacks have reached 57 million U.S. adults and compromised
at least 122 well-known brands so far, according to several estimates.
At the end of 2004 nearly half of these attacks contained some sort of
spyware or other malicious code, Trudeau said.
One attack, first documented last month by the Danish security firm
Secunia, misdirects Web surfers by modifying a little-known directory
in Microsoft Windows machines called a host file. When an Internet
user types a Web address into a browser, he is directed instead to a
This technique has shown up in attacks spoofing several South American
banks, said Scott Chasin, chief technical officer of the security firm
The convergence of all of these threats means "we can expect to see
some large attacks in the near term," he said.
Another more ambitious attack targets the domain-name servers that
serve as virtual telephone books, matching domain names with numerical
addresses given to each computer on the Internet.
If one of those computers is compromised, Internet users who type in
"www.bankofamerica.com" could be directed to a look-alike site run by
Domain-name servers are tougher to crack, as they are typically run by
businesses rather than home users, but hackers can find a way in by
posing as a company's tech-support department and asking new employees
for their passwords, Trudeau said.
Domain-name hijacking is suspected in incidents involving Google.com,
Amazon.com, eBay Germany and HSBC Bank of Brazil, Chasin said.
Even straightforward phishing attacks are getting more
sophisticated. Spelling errors and mangled Web addresses made early
scams easy to spot, but scam artists now commonly include
legitimate-looking links within their Web addresses, said Kate Trower,
associate product manager of protection software for EarthLink Inc.
Consumers who click on links like www.citibank.com in these messages
are directed to a fraudulent Web address buried in the message's
technical code, she said.
MasterCard International has caught at least 10 phishing scams
involving www.mastercard.com over the past two months, said Sergio
Pinon, senior vice president of security and risk services.
Consumers can protect themselves with software that screens out
viruses, spyware and spam. But online businesses will have to take
steps as well, perhaps by issuing customers a physical token
containing a changing password, Chasin said.
Internet engineers should also figure out a way to authenticate Web
addresses, much as they are currently figuring out how to make sure
e-mail addresses are legitimate, he said.
NOTE: For more telecom/internet/networking/computer news from the daily
media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra . New articles daily.
*** FAIR USE NOTICE. This message contains copyrighted material the
use of which has not been specifically authorized by the copyright
owner. This Internet discussion group is making it available without
profit to group members who have expressed a prior interest in
receiving the included information in their efforts to advance the
understanding of literary, educational, political, and economic
issues, for non-profit research and educational purposes only. I
believe that this constitutes a 'fair use' of the copyrighted material
as provided for in section 107 of the U.S. Copyright Law. If you wish
to use this copyrighted material for purposes of your own that go
beyond 'fair use,' you must obtain permission from the copyright
owner, in this instance Yahoo News.
For more information go to: