The number of “phishing” attacks has increased dramatically over the last year, with all the negative consequences that this implies for the growth of e-commerce. According to the latest study conducted by consultants Gartner and published in June 2005, the number of “phishing” attacks had already increased by 28% in the first quarter of 2005 compared to the previous year.

A recent report from the “Anti-Phishing Working Group” (APWG) also shows that “phishers” are widening their nets and are beginning to abandon the traditional financial institutions to attack a much greater range of companies.

Therefore, the “phishers” are changing their objective and are now directing their attacks to smaller organisations and other types of businesses, penetrating even health organisations. The war between “phishers” and ”anti-phishing” groups is continually intensifying.

Defending ourselves from this type of threat is an ever more complicated task. The rapidity with which hackers are improving their methods, combining them with other ones such as cracking or Trojans, make businesses easy targets for the attention of these intruders.

There are various forms of “phishing”. From “DNS poisoning” or “URL hijacking”, based on redirecting users to false websites or servers where pages are substituted, through “IM phishing”, where hackers, through instant messaging, pass themselves off as an acquaintance to obtain our personal details, to “Cross-site scripting”, based on the appearance of false “request for details” windows on the web pages of banking organisations. But, in spite of the sophistication of these forms of attack, the more usual way of disseminating “phishing”, and where there is more danger, is with e-mail.

This shows, on the one hand, that nobody is totally protected from “phishing” attacks and, on the other hand, that it is terribly complicated to put an end to this constantly growing “business”. An unprotected e-mail is an open door to intruders.

By Michael Probst, International Account Manager, Norman Data Defense Systems AG