[gnso-rap-dt] Am interested in members comments on this article......

[Richard Tindal <Richard.Tindal@xxxxxxxxxxxxxxx>]

 Phishing' drops; are scammers switching tactics


> Links to this 
> article<http://www.sphere.com/search?q=sphereit:http://www.washingtonpost.com/wp-dyn/content/article/2009/08/26/AR2009082600867.html>

By JORDAN ROBERTSON
The Associated Press
Wednesday, August 26, 2009; 6:58 AM

SAN FRANCISCO -- Internet criminals might be rethinking a favorite scam for 
stealing people's personal information.

A report being released Wednesday by IBM 
Corp.<http://projects.washingtonpost.com/post200/2007/IBM/> shows a big drop in 
the volume of "phishing" e-mails, in which fraud artists send what looks like a 
legitimate message from a bank or some other company. If the recipients click 
on a link in a phishing e-mail, they land on a rogue Web site that captures 
their passwords, account numbers or any other information they might enter.

IBM's midyear security report found that phishing accounted for just 0.1 
percent of all spam in the first six months of this year. In the same period in 
2008, phishing made up 0.2 percent to 0.8 percent of all spam.

It's not clear what, if anything, the decline means. (It also doesn't appear to 
be a statistical illusion caused by an increase in other kinds of spam. IBM 
said overall spam volume hasn't expanded, like it did in years past.)

"That is a huge, precipitous decline in the amount of phishing," said Kris 
Lamb, director of the X-Force research team in IBM's Internet Security 
Systems<http://financial.washingtonpost.com/custom/wpost/html-qcn.asp?dispnav=business&mwpage=qcn&symb=ISSX&nav=el>
 division, which did the report. But "I wouldn't tell anybody that phishing has 
died as a threat."

Lamb believes phishing might have fallen off because computer users are getting 
smarter about identifying phony Web sites. Security software is also getting 
better at filtering out phishing sites before Web surfers ever seen them.

It could also be that criminals are moving on from phishing to another kind of 
attack, involving malicious software. IBM said it is seeing more instances of 
"Trojan horse" programs, which are used to spy on victims.

Dean Turner, director of Symantec 
Corp.<http://financial.washingtonpost.com/custom/wpost/html-qcn.asp?dispnav=business&mwpage=qcn&symb=SYMC&nav=el>'s
 global intelligence network, who was not involved in IBM's research, said 
Symantec has also noticed less phishing, but warned that it could increase 
again later in the year. Phishing scams spike around the holidays, he said.

IBM found that criminals are changing the types of businesses they attack with 
phishing. Sixty-six percent of phishing targets were banks, down from 90 
percent last year. Meanwhile, companies that handle online payments, like 
PayPal, are being mimicked in phishing messages more frequently.

To protect yourself against phishing, access sensitive sites on your own, 
rather than by following links in e-mails, which might lead to phishing sites.