CYBERSECURITY

Is phishing on the decline, or just moving to a new phishing hole?

According to one cyber intelligence and security company, recent reports of the demise of phishing have been greatly exaggerated.

All right, nobody actually is reporting the demise of phishing. But major vendors such as IBM and Symantec have reported downturns recently in the number of phishing attacks — schemes intended to trick victims into unwittingly divulging financial or other personal information that could be used for identity theft.

But Cyveillance says this apparent decrease is only because the companies have focused on e-mail as the primary delivery vehicle for the attacks.

“Traditional e-mail monitoring misses attacks perpetrated through more creative means, including URLs distributed by tweets, instant messages and SMS texts,” Cyveillance said. So, although phishing e-mail volume may have fallen, the number of phishing attacks is actually on the rise, through more sophisticated methods and more focused e-mail campaigns.

The company identified more than 175,000 distinct phishing attacks from June through August of this year, “one of the highest three-month volumes ever detected.”

Cyveillance urges greater caution on the part of consumers as the best defense against phishing. “It is important for consumers to not solely rely on vendor solutions and stay educated about new and evolving threats, as phishing still relies on human interaction to capture sensitive data.”

About the Author

William Jackson is freelance writer and the author of the CyberEye blog.

Reader Comments

Thu, Oct 15, 2009 Gregory Creaser

"It is important for consumers to not solely rely on vendor solutions..." so true - it is a two-sided coin. Security should not be an after thought for users. I know first hand working at VeriSign that web-based security systems are inferior, login screens, phishing attacks, and wow I can write a fear factor episode around some "shopping carts" I have visited. Websites are lining up to adopt Extended Validation SSL. Shoddy security does not give your clients the warm and fuzzy. The green url bar and validate updated CA's do.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above