New ways to phish as criminals look for new blood

New research indicates that phishers never give up - they just move on to weaker targets, and VoIP users look like the next victims.

Users and businesses will have to deal with new phishing threats, as a new report out today says that criminals are shifting their focus onto new industries and technology.

The research said that 'vishing', which is the practice of using voice over IP (VoIP) to manipulate users into giving away personal details over the phone, is becoming more prevalent as the use of VoIP increases.

"There are many different forms of vishing, but fundamentally it's just a different form of delivering a phish," said Charlie Abrahams, vice president and general manager of MarkMonitor, which carried out the research.

One of the ways in which vishing is done is by calling the target with an automated phone call, telling them they are at risk of bank or credit card fraud and persuading them to type in personal details. It differs from traditional forms of phishing as it is done over the phone. Customers have to answer the call rather than it being filtered out through an email junk filter.

The findings were part of a 'Brandjacking' index which measured what threats were to online brands and industries throughout 2007. One of the reasons phished VoIP calls are likely to become much more common in 2008 and beyond is that it doesn't cost money like traditional phone calls, which is especially useful for sending many messages at a time.

The report also said that phishers moved to new areas such as VoIP because more commonly known threats such as domain kiting (the use of bogus temporary websites which take advantage of domain registration systems free five-day grace period) and related pay-per-click fraud had decreased. This showed in statistics where both had yearly lows in the fourth quarter of 2007. This was mainly due to lawsuits taken by larger online brands against enabling registrars.

"Brandholders have proven they can fight back - we've witnessed an incredible turn-around in domain kiting and pay-per-click abuse," said Irfan Salim, president and chief executive officer of MarkMonitor.

The most common form of phishing was cybersquatting, where the phishers would profit from the trademark of somebody else, which rose 33 per cent over 2007. The research also revealed that banks and financial institutions were becoming less of a target and phishers were now moving on to other industries like retail.

"The phishers move on and the banks have taken quite a lot of measures to protect themselves," said Abrahams. "Other industries haven't done to the same extent and [the phishers] are just moving on to where they can reap most reward."

Featured Resources

Become a digital service provider

How to transform your business from network core to edge

Download now

Optimal business results with the cloud

Evaluating the best approaches to hybrid cloud adoption

Download now

Virtualisation that enables choices, not compromises

Harness the virtualisation technology that's right for your hybrid infrastructure

Download now

Email security threat report 2020

Four key trends from spear fishing to credentials theft

Download now

Recommended

How LogPoint uses MITRE ATT&CK
Whitepaper

How LogPoint uses MITRE ATT&CK

15 Jan 2021
Weekly threat roundup: Microsoft Defender, Adobe, Mimecast
vulnerability

Weekly threat roundup: Microsoft Defender, Adobe, Mimecast

14 Jan 2021
Mimecast admits hackers accessed users’ Microsoft accounts
Security

Mimecast admits hackers accessed users’ Microsoft accounts

13 Jan 2021
What is public key infrastructure (PKI)?
Security

What is public key infrastructure (PKI)?

12 Jan 2021

Most Popular

How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021
The fate of Parler exposes the reality of deregulated social media
Policy & legislation

The fate of Parler exposes the reality of deregulated social media

14 Jan 2021
Should IT departments to call time on WhatsApp?
communications

Should IT departments to call time on WhatsApp?

15 Jan 2021