Re: [gnso-rap-dt] Am interested in members comments on this article......

[Rod Rasmussen <rod.rasmussen@xxxxxxxxxxxxxxxxxxxx>]

We're hashing on about this "report" on one of the APWG lists right now.

Consensus so far is that IBM's research and/or spin is flawed.   
Phishing site creation is not down, and there's little evidence that  
phishing spam has dropped significantly as per their claims.
This is not new, IBM has released similar "headline grabbing"  
information about phishing in the past, yet are fairly unknown within  
the anti-phishing industry in any other capacity. I and many others  
within the industry do not view IBM as a credible source for good data  
on phishing.
For example, here's a blast from the past from them when they  
"discovered" most phish were based on a kit, and tied to about 100 .hk  
domains.  Many will recognize this report as reference to ROCK  
phishing using .HK domains - they were only off by several multiples  
on the numbers of domains involved and had very skewed results from a  
lack of understanding wildcard hostnames and how the ROCK kit worked  
(multiple targets at once), plus apparently small data samples.
http://www.bcs.org/server.php?show=conWebDoc.12104
http://blogs.iss.net/archive/PhishingIncreases.html

IBM has a huge air of authority around it given their long history,  
reputation as a leader, great people, and massive brand presence.  So  
I think it's important to point out when someone of that stature is  
putting out information that is highly suspect at best.
Rod

On Aug 27, 2009, at 9:51 AM, James M. Bladel wrote:

> Is it possible they've shifted attention to social networks?   
> Because my statistical sample of "1" indicates that this has spiked  
> recently.
> J.
>
>
> -------- Original Message --------
> Subject: Re: [gnso-rap-dt] Am interested in members comments on this
> article......
> From: "Frederick Felman" <Frederick.Felman@xxxxxxxxxxxxxxx>
> Date: Thu, August 27, 2009 11:13 am
> To: "Richard Tindal" <Richard.Tindal@xxxxxxxxxxxxxxx>
> Cc: "Marika Konings" <marika.konings@xxxxxxxxx>,
> <gnso-rap-dt@xxxxxxxxx>
>
> Traditional spam is down. Something else is afoot.
>
> Sent from my iPhone
>
> On Aug 27, 2009, at 8:59 AM, "Richard Tindal" <Richard.Tindal@xxxxxxxxxxxxxxx 
> > wrote:
> >  Phishing' drops; are scammers switching tactics
> >
> >
> > » Links to this article
> > By JORDAN ROBERTSON
> > The Associated Press
> > Wednesday, August 26, 2009; 6:58 AM
> > SAN FRANCISCO -- Internet criminals might be rethinking a favorite  
> > scam for stealing people's personal information.
> > A report being released Wednesday by IBM Corp. shows a big drop in  
> > the volume of "phishing" e-mails, in which fraud artists send what  
> > looks like a legitimate message from a bank or some other company.  
> > If the recipients click on a link in a phishing e-mail, they land  
> > on a rogue Web site that captures their passwords, account numbers  
> > or any other information they might enter.
> > IBM's midyear security report found that phishing accounted for  
> > just 0.1 percent of all spam in the first six months of this year.  
> > In the same period in 2008, phishing made up 0.2 percent to 0.8  
> > percent of all spam.
> > It's not clear what, if anything, the decline means. (It also  
> > doesn't appear to be a statistical illusion caused by an increase  
> > in other kinds of spam. IBM said overall spam volume hasn't  
> > expanded, like it did in years past.)
> > "That is a huge, precipitous decline in the amount of phishing,"  
> > said Kris Lamb, director of the X-Force research team in IBM's  
> > Internet Security Systems division, which did the report. But "I  
> > wouldn't tell anybody that phishing has died as a threat."
> > Lamb believes phishing might have fallen off because computer users  
> > are getting smarter about identifying phony Web sites. Security  
> > software is also getting better at filtering out phishing sites  
> > before Web surfers ever seen them.
> > It could also be that criminals are moving on from phishing to  
> > another kind of attack, involving malicious software. IBM said it  
> > is seeing more instances of "Trojan horse" programs, which are used  
> > to spy on victims.
> > Dean Turner, director of Symantec Corp.'s global intelligence  
> > network, who was not involved in IBM's research, said Symantec has  
> > also noticed less phishing, but warned that it could increase again  
> > later in the year. Phishing scams spike around the holidays, he said.
> > IBM found that criminals are changing the types of businesses they  
> > attack with phishing. Sixty-six percent of phishing targets were  
> > banks, down from 90 percent last year. Meanwhile, companies that  
> > handle online payments, like PayPal, are being mimicked in phishing  
> > messages more frequently.
> > To protect yourself against phishing, access sensitive sites on  
> > your own, rather than by following links in e-mails, which might  
> > lead to phishing sites.