Stay ahead of online security attacks, such as phishing, by understanding how they work. Read this white paper to learn how phishing attacks work, and how to avoid them.
W H I T E PA P E R
Fraud Alert: Phishing -The Latest Tactics and PotentialBusiness ImpactW H I T E PA P E R
C O N T E N T S + Introduction 3
+ Phishing Knows No Limits 3
+ Be Aware of the LatestPhishing Schemes 4Spear Phishing 4Business Services Phishing 4Phishing that Plays on Economic Fears 4Blended Phishing/Malware Threats 4Man-in-the-Middle SSL Stripping 5Texting and Mobile Phone Phishing Scams 5
+ How Phishing Could ImpactYour Business 5
+ Protecting Your Business 5Consumer and Employee Education 7
+ Conclusion 7
+ Glossary 7
+ Learn More 7
+ About VeriSign 7W H I T E PA P E R
Fraud Alert: Phishing -
The Latest Tactics and Potential
Business Impact
+ IntroductionAs one of the top cyber crime ploys impacting both consumers and businesses, phishing hasgrown in volume and sophistication over the past several years. The down economy isproviding a breeding ground for new, socially-engineered attempts to defraud unsuspectingbusiness people and consumers. With honest money-earning avenues less available, thecyber crime ecosystem is ready with off-the-shelf phishing kits. It no longer takes a hackerto enable and commit fraud on the Internet - anyone with a motive can join in.The potential impact on a business can be great - whether an employee or its customershave been phished, or the company Web site has been compromised. Organizations needto stay current on the latest methods employed by cyber criminals and proactively takesteps to prevent this type of fraud.This fraud alert highlights the current growth and trends in today's phishing schemes,the potential impact on companies, and insight into how businesses can applytechnology to protect themselves and their customers.
+ Phishing Knows No LimitsPhishing - luring unsuspecting users to provide sensitive information for identity orbusiness theft - is a serious threat for both consumers and businesses. In the last decadesince phishing arrived on the scene, this fraud method has been growing rapidly, with1one estimate citing approximately 8 million daily phishing attempts worldwide.
Figure 1. Spear-Phishing Attacks on the Increase
1. "Counterfeiting & Spear Phishing - Growth Scams of 2009," Trade Me, Infonews.co.nz,March 2, 2009
3W H I T E PA P E R
The Anti-Phishing Working Group (APWG) reported that unique phishing attackssubmitted to APWG rose 13 percent during the second quarter of 2008 to more than228,000. It also reported that, during the same period, the number of malware-spreadingVeriSign® iDefense® - security URLs infecting PCs with password-stealing code rose to a new record of more than 9,500intelligence teams which identify, sites - a 258% increase compared with the same quarter in 2007. Figure 1 shows oneverify, and track global threats area of phishing - spear phishing - and its growth over a 16-month period.and vulnerabilities - reportedthat in May 2008 more than2,000 victims were compromisedwith spear phishing e-mails + Be Aware of the Latest Phishing Schemesclaiming to come from the U.S. Spear PhishingInternal Revenue Service, the Targeted versions of phishing, called spear phishing, have emerged over the past severalUnited States Tax Court, and the years. While common phishing is indiscriminate in its targets, spear phishing targets areBetter Business Bureau. known customers of a specific bank, mortgage provider, or other type of organization.Consumers aren't the only targets of spear phishing. Increasingly, corporate employees arebeing targeted by savvy criminals. In these attacks, the goal is to gain access to corporatebanking information, customer databases, and other information to facilitate cyber crime.According to VeriSign iDefense, spear phishing against corporations reached new heightsduring April and May 2008. Many of these attacks target senior executives and otherhigh-profile individuals. The victim counts from these attacks is staggering - over15,000 corporate users in 15 months. Victims include Fortune 500 companies,government agencies, financial institutions and legal firms.
Business Services PhishingIn addition to spear phishing targeted at employees, there have been recent schemestargeting businesses using services such as Yahoo! or Google AdWords. PhishTankreported that AdWords customers were sent e-mails alerting them that their accountsrequired updating. The account holder was encouraged to log int... [download for more]
