Sophos is an APWG member.
Experts at SophosLabs™, Sophos's global
network of virus, spyware and spam analysis centres, are warning of
a phishing onslaught facing PC users, with more than one fifth now
receiving five or more every day.
A web poll of more than 600 business PC users*, conducted by
Sophos, found that 58% receive at least one phishing email every
day, while, alarmingly, 22% receive more than five a day - evidence
that the drive towards financially motivated computer crime
continues to accelerate. Recent statistics from the Anti-Phishing
Working Group (APWG), of which Sophos is a member, supports this
evidence, revealing that the organisation detected 15,244 unique
phishing reports in December 2005, up from 8,829 in December
2004.
"The reason phishing emails are now so prevalent is due to their
success rate - every day new users fall victim to these underhand
and illegal tactics," said Carole Theriault, senior
security consultant at Sophos. "If you receive more than five
phishes per day, you're either alert to the dangers or you're
likely to have been robbed blind. With crooks employing more and
more devious methods to dupe users, the best advice is to always be
wary of unsolicited emails, and at all costs avoid parting with
confidential information."
Survey results
How often do you receive phishing
emails?
|
| More than five times a
day |
|
|
| More than once a
day |
|
|
| Once a day |
|
|
| Once a week |
|
|
| Once a month |
|
|
* Sophos web poll, January 2006, 640 respondents.
The dangers of phishing were highlighted once again last week
when Visa Asia Pacific announced that it had uncovered and shut
down 20 spoof websites to prevent cardholders from falling victim
to online data theft. The action was taken following reports that
customers had received suspicious emails from the company's
payments network, and Visa was quick to state that the company
would never initiate contact with customers in this manner.
Although most phishes purport to be from online businesses like
eBay and high street financial institutions, Sophos has seen a
variety of different organisations being targeted, including the
Internal Revenue Service (IRS). The 'tax refund
phish' stemmed from an apparent security configuration error on
the real IRS website, allowing phishers to redirect visitors to a
bogus address.
"While organizations have a responsibility to ensure the
security of their own websites, they have little control over
phishers that exploit their brand behind their backs," said David
Jevans, Chairman of the Anti-Phishing Working
Group. "Phishing attacks are likely to become even more
targeted in the future, and it will therefore be all the more
important for users to display caution. If in doubt, they should
contact the relevant organisation to check an email's
authenticity."
Disclaimer: Please bear in mind that this poll is not
scientific and is provided for information purposes only. Sophos
makes no guarantees about the accuracy of the results other than
that they reflect the choices of the users who participated.
Mehr als 100 Millionen Anwender in 150 Ländern verlassen sich auf Sophos als den besten Schutz vor komplexen IT-Bedrohungen und Datenverlust. Sophos bietet dafür Security- and Data-Protection-Lösungen an, die einfach zu verwalten, zu installieren und einzusetzen sind und dabei die branchenweit niedrigste Total Cost of Ownership bieten. Sophos bietet preisgekrönte Verschlüsselungs- und Endpoint-Security-Produkte, darüber hinaus Lösungen für Web- und E-Mail-Sicherheit sowie Network Access Control (NAC). Das Angebot wird von einem weltweiten Netzwerk eigener Analysezentren, den SophosLabs, unterstützt. Mit mehr als 20 Jahren Erfahrung gehört Sophos laut den Top-Analystenhäusern zu den führenden Unternehmen für IT-Sicherheit und Datenschutz und hat zahlreiche Branchenauszeichnungen erhalten.
Sophos hat seinen Hauptsitz in Boston, USA, und Oxford, Großbritannien. In Deutschland ist das Unternehmen in Wiesbaden und in Österreich sowie der Schweiz je an einem Standort vertreten. Weitere Informationen unter: www.sophos.de.