New ways to phish as criminals look for new blood
New research indicates that phishers never give up - they just move on to weaker targets, and VoIP users look like the next victims.
Users and businesses will have to deal with new phishing threats, as a new report out today says that criminals are shifting their focus onto new industries and technology.
The research said that 'vishing', which is the practice of using voice over IP (VoIP) to manipulate users into giving away personal details over the phone, is becoming more prevalent as the use of VoIP increases.
"There are many different forms of vishing, but fundamentally it's just a different form of delivering a phish," said Charlie Abrahams, vice president and general manager of MarkMonitor, which carried out the research.
One of the ways in which vishing is done is by calling the target with an automated phone call, telling them they are at risk of bank or credit card fraud and persuading them to type in personal details. It differs from traditional forms of phishing as it is done over the phone. Customers have to answer the call rather than it being filtered out through an email junk filter.
The findings were part of a 'Brandjacking' index which measured what threats were to online brands and industries throughout 2007. One of the reasons phished VoIP calls are likely to become much more common in 2008 and beyond is that it doesn't cost money like traditional phone calls, which is especially useful for sending many messages at a time.
The report also said that phishers moved to new areas such as VoIP because more commonly known threats such as domain kiting (the use of bogus temporary websites which take advantage of domain registration systems free five-day grace period) and related pay-per-click fraud had decreased. This showed in statistics where both had yearly lows in the fourth quarter of 2007. This was mainly due to lawsuits taken by larger online brands against enabling registrars.
"Brandholders have proven they can fight back - we've witnessed an incredible turn-around in domain kiting and pay-per-click abuse," said Irfan Salim, president and chief executive officer of MarkMonitor.
The most common form of phishing was cybersquatting, where the phishers would profit from the trademark of somebody else, which rose 33 per cent over 2007. The research also revealed that banks and financial institutions were becoming less of a target and phishers were now moving on to other industries like retail.
"The phishers move on and the banks have taken quite a lot of measures to protect themselves," said Abrahams. "Other industries haven't done to the same extent and [the phishers] are just moving on to where they can reap most reward."
Become a digital service provider
How to transform your business from network core to edgeDownload now
Optimal business results with the cloud
Evaluating the best approaches to hybrid cloud adoptionDownload now
Virtualisation that enables choices, not compromises
Harness the virtualisation technology that's right for your hybrid infrastructureDownload now
Email security threat report 2020
Four key trends from spear fishing to credentials theftDownload now