Earlier this year there were stories based on IBM’s midyear X-Force Threat Report with headlines such as “Phishing Drops,” “Is Phishing Finally on the Decline?,” and “Phishing Dries Up as Users Get Smarter.” The sound bites left the impression that the problem was all but solved and that scammers had moved on to other methods.
But this clearly isn’t the case, as noted by the Anti-Phishing Working Group’s Phishing Threat Trends Report for the first half of 2009. They found that the number of consumer-reported phishing attacks in May (37,165) was 7% higher than last year’s peak, and that the number of phishing sites detected in June (49,084) was the second-highest ever (April, 2007 still holds the record).
Want more proof? Just this week we hear about tens (hundreds?) of thousands of accounts that have been compromised at Hotmail, Gmail and other webmail services. Presumably the credentials were acquired via phishing attacks, indicating that this form of fraud is alive and well. Looking at the comments on the articles, the age-old opinions about phishing are rampant – “I can’t believe anyone would fall for that” and its companion “I’m too smart to let that happen to me.”
It’s ironic, but probably appropriate, that this news hits during the sixth annual National Cybersecurity Awareness Month. Admittedly there are obvious spoofs, but what about the ones that look real and are from entities you do business with? Clearly, many people are succumbing to the schemes arriving in their inbox, and most of us don’t have the ability to peel into an email message to determine its legitimacy.
So what’s a person to do to stay safe online? The Cybersecurity Awareness site above has a great list of resources for consumers, but most experts admit there’s no silver bullet to address this issue (except possibly to stop using the Internet ;-)). Still, there are practical measures users can take, ranging from behavioral approaches (don’t click on links or open attachments in email) to the use of tools to detect/eradicate malware and verify the legitimacy of email and websites.
In particular, there are several useful free services that help consumers avoid missteps online – our Truemark service highlights legitimate email messages from thousands of companies and organizations, and the top security software companies all offer tools to visually confirm the safety of websites (e.g., Trend Micro’s TrendProtect, McAfee’s SiteAdvisor , and Norton’s Safe Web. Using these tools will help consumers bypass the bad guys’ offers, no matter how innocent or enticing they look.