|Web users who visit bogus phishing sites may have
their credit card details stolen.
Sophos experts have discovered that do-it-yourself phishing kits
are being made available for download free of charge from the
Anyone surfing the web can now get their hands on these kits,
launch their own phishing attack and potentially defraud computer
users of the contents of their bank accounts.
These DIY kits contain all the graphics, web code and text
required to construct bogus websites designed to have the same
look-and-feel as legitimate online banking sites. They also include
spamming software which enables potential fraudsters to send out
hundreds of thousands of phishing emails as bait for potential
Sophos researchers believe that hundreds of thousands of
phishing emails are sent across the internet every day, each
designed to defraud money from innocent computer users, and the
problem is growing. With phishing kits now becoming freely
available over the net, Sophos predicts this worrying trend is set
"Until now, phishing attacks have been largely the work of
organised criminal gangs, however, the emergence of these 'build
your own phish' kits mean that any old Tom, Dick or Harry can now
mimic bona fide banking websites and convince customers to disclose
sensitive information such as passwords, PIN numbers and account
details," said Graham Cluley, senior technology consultant. "There
is plenty of profit to be made from phishing. By putting the
necessary tools in the hands of amateurs, it's likely that the
number of attacks will continue to rise."
Sophos is urging computer users to be wary of any emails asking
them to reconfirm sensitive financial information and advises that
anti-spam software at the email gateway can prevent these
unsolicited email messages from even reaching inboxes.
"Recipients of suspicious emails claiming to come from online
banks should just delete them and should certainly not click on the
links contained within the messages," continued Cluley. "Web hosts
and ISPs can also play their part in the fight against phishers by
closing down websites if they find these kits posted on their
Sophos recommends companies protect themselves with a consolidated solution which can defend businesses
from the threats of both spam and viruses.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.