Identity Theft Expert Robert Siciliano
The Anti Phishing Working Group published a new report seeking to understand such trends by quantifying the scope of the global phishing problem, especially by examining domain name usage and phishing site uptimes. Phishing has always been attractive to criminals because it has low start-up costs and few barriers to entry. But by mid-2009, phishing was dominated by one player as never before—the ―Avalanche‖ phishing operation. This criminal entity is one of the most sophisticated and damaging on the Internet, and perfected a mass-production system for deploying phishing sites and ―crimeware – malware designed specifically to automate identity theft and facilitate unauthorized transactions from consumer bank accounts. Avalanche was responsible for two-thirds (66%) of all phishing attacks launched in the second half of 2009, and was responsible for the overall increase in phishing attacks recorded across the Internet.
There were 126,697 phishing attacks during the second half of 2009, more than double the number in the first half of the year or from July through December of 2008, the APWG report said. Avalanche, which was first identified in December of 2008, was responsible for 24 percent of phishing attacks in the first half of 2009 and for 66 percent in the second half. From July through the end of the year, Avalanche targeted the more than 40 major financial institutions, online services, and job search providers.
Adapted from APWG
1. Be suspicious of any email with urgent requests for personal financial information. Call the bank if they need anything from you.
2. Spot a Phish: Phishers typically include upsetting or exciting (but false) statements in their emails to get people to react immediately
3. They typically ask for information such as usernames, passwords, credit card numbers, social security numbers, date of birth, etc.
4. Don’t use the links in an email, instant message, or chat to get to any web page if you suspect the message might not be authentic or you don’t know the sender or user’s handle
5. Avoid filling out forms in email messages that ask for personal financial information in emails
6. Consider installing a Web browser tool bar to help protect you from known fraudulent websites. These toolbars match where you are going with lists of known phisher Web sites and will alert you.
7. The newer version of Internet Explorer version 7 and 8 includes this tool bar as does FireFox version 2
8. Regularly check your bank, credit and debit card statements to ensure that all transactions are legitimate
9. If anything is suspicious or you don’t recognize the transaction, contact your bank and all card issuers
10. Ensure that your browser is up to date and security patches applied