Phishing, a growing risk to companies

9/28/2005. - Phishing or online fraud is increasing everyday with the help of the low level of awareness of its danger
- In July this year, the Anti-Phishing Working Group (APWG) coalition received over 14,000 incidents of this type of fraud, with over 70 entities worldwide affected
- According to a report published by The Radicati Group, phishing attacks have grown and will increase by 115 percent from 2004 to 2005, with an estimated 404 attacks every day in 2008
- The use of TruPreventTM Technologies in combination with traditional reactive solutions represents the most effective tool for combating this threat

Phishing (online fraud) is fortifying its position as one of the main threats lying in wait in the Internet for users and companies around the globe. Data from a study^[1] carried out by the Anti-Phishing Working Group (APWG), an association made up of companies from different environments, which aims to combat this fraud scam, and of which Panda Software is a member, shows that over 70 companies worldwide were targeted by this type of attack in July 2005. The majority of them, over 85 percent, linked to the financial sector. Despite the intense effort of authorities to eradicate this type of fraudulent websites, and according to APWG, the average time these pages stayed online in July was around six days.

Phishing involves stealing bank details using the Internet. This can be done in two ways: using Social Engineering techniques or with the help of technology. In the first case, the most common method is to send an email to users inviting them to visit a web page, which is actually a copy the entity being spoofing, where users must enter their details, which are then registered.

The second phishing technique is technologically more complex and usually involves dropping a malicious Trojan, which can include a keylogger (program which captures keystrokes), on the victim computer. This program is usually activated when the user visits a website belonging to a bank and from then on, it captures all the keystrokes entered by the user, which usually include usernames, passwords, account numbers and other bank details. Use of these Trojans to steal passwords is growing: between the first and second quarter of this year, the number of variants of this type of Trojan increased by 113 percent, according to data compiled by PandaLabs, and included in the 2nd Quarterly Report for 2005.

This phenomenon is constantly increasing: according to a report published by The Radicati Group^[2], phishing attacks have grown and will increase by 115 percent from 2004 to 2005, (an increase from an average of 51 attacks every day in 2004 to 110 in 2005). The forecast for 2008 is 404 attacks every day.

The risk of this type of attack to companies is evident, as the theft of data, in certain sectors, could seriously affect the functioning of the company. This is not the only way in which companies can be affected. The loss of user confidence in e-commerce can degrade growth of these businesses. A study carried out by the Ponemon Institute ^[3] shows that 59 percent of users claim to have reduced their number of online transactions due to the threat of phishing.

“Don’t make the mistake of underestimating the importance of the phenomenon of phishing in companies,” explains Luis Corrons, director of PandaLabs. “An incident of this type can seriously damage companies; resulting in loss of client confidence, as well as the consequences of falling victim to this type of attack.”

To head off the avalanche of attacks of this type, the combination of proactive technologies, which offer high performance without needing updates, with traditional reactive solutions are the most effective way of combating this threat, as the risk of falling victim in the time between a threat being detected and the vaccine being developed is minimized.

“Our TruPrevent™ Technologies are an essential reinforcement to traditional solutions, as they prevent, for example, local pharming type attacks –a sophisticated variant of phishing-, and have proved very effective at combating Trojans designed to steal banking information from the outset, a long time before traditional solutions have updated the signature file to combat them.”

Anti-phishing and anti-pharming protection in Panda Software’s corporate solutions

The new versions of ISASecure, CVPSecure, ExchangeSecure and ClientShield with TruPreventTM Technologies incorporate effective anti-phishing technology, which allows users to delete these messages, insert a customizable text in them or move them to a specific mailbox. These modules are incorporated in the protection suites for the corporate market, Panda BusinesSecure and Panda EnterpriSecure, which are available along with the most intelligent technologies for detecting viruses and intruders, TruPreventTM Technologies. Contact your vendor for more information

^[1] Anti-Phishing Working Group, July 2005 Phishing Trends Report, August 2005
^[2] The Radicati Group, E-mail Anti-Phishing and Anti-Fraud Market Trends 2004-2008, July 2004
^[3] Ponemon Institute, National Email Safety and Reliability Survey, July 2005

About PandaLabs
Since 1990, PandaLabs’ mission has been to analyze new threats as soon as possible to ensure that our clients are safe. Several teams specialized in each specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc.) work 24x7 to offer global coverage. To do this they are supported by TruPrevent™ Technologies, a truly global early warning system made up of sensors that are strategically distributed and neutralize new threats and send them to PandaLabs for in-depth analysis. According to AV-Test.org, PandaLabs is the fastest in the industry to offer complete updates (more information at www.pandasoftware.com/pandalabs.asp).

Oxygen3 24h-365d
by Panda Software

2005-10-01 14:37

Back

IT News: