Security news
Security news21 February 2006
58% of people receive at least one phishing email every day One in five users suffer five or more phishing attempts each day, Sophos survey reveals
 |
| Sophos is an APWG member. |
Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centres, are warning of a phishing onslaught facing PC users, with more than one fifth now receiving five or more every day.
A web poll of more than 600 business PC users*, conducted by Sophos, found that 58% receive at least one phishing email every day, while, alarmingly, 22% receive more than five a day - evidence that the drive towards financially motivated computer crime continues to accelerate. Recent statistics from the Anti-Phishing Working Group (APWG), of which Sophos is a member, supports this evidence, revealing that the organisation detected 15,244 unique phishing reports in December 2005, up from 8,829 in December 2004.
"The reason phishing emails are now so prevalent is due to their success rate - every day new users fall victim to these underhand and illegal tactics," said Carole Theriault, senior security consultant at Sophos. "If you receive more than five phishes per day, you're either alert to the dangers or you're likely to have been robbed blind. With crooks employing more and more devious methods to dupe users, the best advice is to always be wary of unsolicited emails, and at all costs avoid parting with confidential information."
Survey results
|
How often do you receive phishing emails?
| ||||
| More than five times a day |
| |||
| More than once a day |
| |||
| Once a day |
| |||
| Once a week |
| |||
| Once a month |
| |||
* Sophos web poll, January 2006, 640 respondents.
The dangers of phishing were highlighted once again last week when Visa Asia Pacific announced that it had uncovered and shut down 20 spoof websites to prevent cardholders from falling victim to online data theft. The action was taken following reports that customers had received suspicious emails from the company's payments network, and Visa was quick to state that the company would never initiate contact with customers in this manner.
Although most phishes purport to be from online businesses like eBay and high street financial institutions, Sophos has seen a variety of different organisations being targeted, including the Internal Revenue Service (IRS). The 'tax refund phish' stemmed from an apparent security configuration error on the real IRS website, allowing phishers to redirect visitors to a bogus address.
"While organizations have a responsibility to ensure the security of their own websites, they have little control over phishers that exploit their brand behind their backs," said David Jevans, Chairman of the Anti-Phishing Working Group. "Phishing attacks are likely to become even more targeted in the future, and it will therefore be all the more important for users to display caution. If in doubt, they should contact the relevant organisation to check an email's authenticity."
Disclaimer: Please bear in mind that this poll is not scientific and is provided for information purposes only. Sophos makes no guarantees about the accuracy of the results other than that they reflect the choices of the users who participated.
When considering your anti-malware security vendor, what is more important to you?
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
