‘Spear Phishing’ Increasing
A new study by Cisco Systems Inc., found an increase of personalized spam that lures victims to fake Web sites so criminals can steal their personal information.
Online identity thieves create these fake e-mails using stolen lists of email addresses or poached data about their victims, such as where they went to school or which bank they use.
These personalized spam messages, known as "spear phishing" are not stopped by the e-mail filters. They are sent in smaller chunks, and they often come from accounts the criminals have set up at reputable Web-based e-mail services. The messages are crafted with a link to professionally designed Web sites that are bogus or immediately install malicious programs.
The annual study found that spam is growing quickly, nearly 200 billion spam messages are now sent each day, which doubles the 2007 volume.
Over 0.4 percent of all spam sent in September were targeted attacks with personalized messages, which means 800 million messages a day are spear phishing attempts. In 2007, targeted attacks with personalized messages were less than 0.1 percent of all spam.
The most recent attacks include text-message spam, e-mails trying to trick business owners into coughing up credentials for their Google advertising accounts, or personalized "whaling" e-mails to executives claiming that their businesses are under investigation by the FBI or that there is a problem with their personal bank account.
Cisco is the world’s largest maker of networking gear and is in a unique position to study the traffic flowing through its customers’ networks. The latest study was based on part of the company’s ability to monitor 30 percent of all Web and e-mail traffic through its hardware and software and a network of companies that contribute data.
—
On the Net: