Phishing refers to the act of tricking people into revealing sensitive or private information. It relies on the premise that asking a large number of people for this information, will always fool at least a small number of those people.
In a phishing attack, the attacker creates a situation wherein people believe that they are dealing with an authorized party, like their bank or another service provider. The attacker will ask the victim for sensitive information such as credit card information.
Most of this activity is automated, and the targets are, as stated earlier, large numbers of Internet users. So phishing is considered an opportunistic attack, rather than the targeting of a specific person.
Phishing attacks generally target:
- Bank information – e.g. VISA and PayPal accounts.
- Username and password information.
- Social Security numbers.
- Information which can be used to retrieve forgotten or lost credentials.
The information obtained allows criminals to:
- Make fraudulent charges on credit or debit cards.
- Make use of an individual’s credentials on online services, like eBay, Amazon and others, to commit crimes with little risk of being caught.
Gartner Research, noted for their strong research in ongoing computer related issues, recently stated that U.S. consumers have lost approximately $3.2 billion in phishing scams. This translates into roughly, 3 million+ victims. It’s not surprising that these figures are higher than those of both 2005 and 2006.
It appears that the increase in losses stems from a rise in attacks that combine phishing with malware infections: generally through banker Trojans that use multiple techniques (key loggers, ‘men in the browser’, and others), to obtain user’s banking and identity information. Computer security industry statistics show that Banker Trojans accounted for over 18% of malware infections in 2007, and 24% of the total number of infections caused by all Trojans.
This combination of phishing and malware increases the effectiveness of attacks, since available statistics indicate; eleven percent of US adults interact with the Internet with no malware protection installed on their computers.
Recently, I have seen figures that indicate 36% of computers scanned by Panda Security’s Infected or Not website at http://www.infectedornot.com, were not protected against malware attacks. In my view, this is an astonishingly high figure.
I have found it a worthwhile practice to scan my personal machines, once a week, at the Infected or Not website since these online solutions have access to a larger knowledge base and can therefore detect more malware, even the malware codes that go undetected by the solutions currently installed on my computers.
Internet users must be extremely cautious against the type of combined attacks noted above, since the monetary and other damages suffered can be very substantial.
Follow the tips below to protect yourself against these threats:
· Your bank will never ask you to divulge account information or passwords via email. Never give out this information, especially via email.
· Don’t open emails that come from untrusted sources.
· Don’t run files that you receive via email without making sure of their origin.
· Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them, as they could take you to a web designed to download malware onto your computer.
· Keep your computer protected. Install a security solution and keep it up-to-date. Also, before carrying out any kind of banking transaction on the Web, scan your computer with a second-opinion security solution, like NanoScan at www.nanoscan.com.
Elsewhere in this Blog you can download freeware anti-malware solutions that provide excellent overall security protection. Click here.