'Phishing' dries up - are scammers changing their game?

Internet criminals might be rethinking a favourite scam for stealing people's personal information.

A report due from IBM shows a big drop in the volume of "phishing" emails, in which fraud artists send what looks like a legitimate message from a bank or some other company.

If the recipients click on a link in a phishing email, they land on a rogue website that captures their passwords, account numbers or any other information they might enter.

IBM's midyear security report found that phishing accounted for just 0.1 per cent of all spam in the first six months of this year. In the same period in 2008, phishing made up 0.2 per cent to 0.8 per cent of all spam.

It's not clear what, if anything, the decline means. (It also doesn't appear to be a statistical illusion caused by an increase in other kinds of spam. IBM said overall spam volume hasn't expanded, like it did in years past.)

"That is a huge, precipitous decline in the amount of phishing," said Kris Lamb, director of the X-Force research team in IBM's Internet Security Systems division, which did the report. But "I wouldn't tell anybody that phishing has died as a threat."

Lamb believes phishing might have fallen off because computer users are getting smarter about identifying phony websites. Security software is also getting better at filtering out phishing sites before Web surfers ever seen them.

It could also be that criminals are moving on from phishing to another kind of attack, involving malicious software. IBM said it is seeing more instances of "Trojan horse" programs, which are used to spy on victims.

Dean Turner, director of Symantec's global intelligence network, who was not involved in IBM's research, said Symantec has also noticed less phishing, but warned that it could increase again later in the year.

Phishing scams spike around the holidays, he said.

IBM found that criminals are changing the types of businesses they attack with phishing. Sixty-six per cent of phishing targets were banks, down from 90 per cent last year. Meanwhile, companies that handle online payments, like PayPal, are being mimicked in phishing messages more frequently.

To protect yourself against phishing, access sensitive sites on your own, rather than by following links in emails, which might lead to phishing sites.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Please enter a valid email
Please enter a valid email
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Please enter your first name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
Please enter your last name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
You must be over 18 years old to register
You must be over 18 years old to register
Opt-out-policy
You can opt-out at any time by signing in to your account to manage your preferences. Each email has a link to unsubscribe.

By clicking ‘Create my account’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in