Sophos is an APWG member.
Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis centres, are warning of
a phishing onslaught facing PC users, with more than one fifth now
receiving five or more every day.
A web poll of more than 600 business PC users*, conducted by
Sophos, found that 58% receive at least one phishing email every
day, while, alarmingly, 22% receive more than five a day - evidence
that the drive towards financially motivated computer crime
continues to accelerate. Recent statistics from the Anti-Phishing
Working Group (APWG), of which Sophos is a member, supports this
evidence, revealing that the organisation detected 15,244 unique
phishing reports in December 2005, up from 8,829 in December
2004.
"The reason phishing emails are now so prevalent is due to their
success rate - every day new users fall victim to these underhand
and illegal tactics," said Carole Theriault, senior
security consultant at Sophos. "If you receive more than five
phishes per day, you're either alert to the dangers or you're
likely to have been robbed blind. With crooks employing more and
more devious methods to dupe users, the best advice is to always be
wary of unsolicited emails, and at all costs avoid parting with
confidential information."
Survey results
How often do you receive phishing
emails?
|
| More than five times a
day |
|
|
| More than once a
day |
|
|
| Once a day |
|
|
| Once a week |
|
|
| Once a month |
|
|
* Sophos web poll, January 2006, 640 respondents.
The dangers of phishing were highlighted once again last week
when Visa Asia Pacific announced that it had uncovered and shut
down 20 spoof websites to prevent cardholders from falling victim
to online data theft. The action was taken following reports that
customers had received suspicious emails from the company's
payments network, and Visa was quick to state that the company
would never initiate contact with customers in this manner.
Although most phishes purport to be from online businesses like
eBay and high street financial institutions, Sophos has seen a
variety of different organisations being targeted, including the
Internal Revenue Service (IRS). The 'tax refund
phish' stemmed from an apparent security configuration error on
the real IRS website, allowing phishers to redirect visitors to a
bogus address.
"While organizations have a responsibility to ensure the
security of their own websites, they have little control over
phishers that exploit their brand behind their backs," said David
Jevans, Chairman of the Anti-Phishing Working
Group. "Phishing attacks are likely to become even more
targeted in the future, and it will therefore be all the more
important for users to display caution. If in doubt, they should
contact the relevant organisation to check an email's
authenticity."
Disclaimer: Please bear in mind that this poll is not
scientific and is provided for information purposes only. Sophos
makes no guarantees about the accuracy of the results other than
that they reflect the choices of the users who participated.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.