Phishing more lucrative than drugs

Consumer Reports published its 2007 State of the Net assessment last month in September, and one of the experts they interviewed made an astonishing claim: for organized crime groups, phishing (see Wikipedia definition of phishing) is more profitable than drugs:

The Anti-Phishing Working Group says that the number of phishing sites stood at 37,000 in May. Roughly 23,000 attacks occurred in that month.

Scammers’ phishing techniques are improving. “A year ago, phishing consisted of random spam,” says Art Manion, a top vulnerability analyst for CERT, an Internet emergency-response group based at Carnegie Mellon University. “Today, the e-mail looks like it’s from my bank or my company, with better grammar, more believable stories, and better URLs.”

Popular social-engineering techniques that entrap consumers include associating the mail with a holiday or event, such as the World Cup; spear-phishing, where the sender appears to be someone inside the company you work for; or telling you that your bank account has been compromised, and then urging you to enter personal information into a fake site that looks like the bank’s.

The profile of phishers is changing. “In 2002-2003, organized crime groups figured out this is a better way to make money than selling drugs,” says Alan Paller, director of research at the SANS Institute, which trains security professionals. He adds that some terrorists are “exhorting young jihadists to use computers to bring the U.S. to its knees.”

Read more about phishing

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a comment