Security news, Virus news October 18, 2006

New research by a team of scientists from Indiana University has revealed that the success rate of phishing attacks might be much higher than previously thought. The research was published in a paper titled “Designing Ethical Phishing Experiments: A Study of eBay Query Features” and reported a real-life study of phishing practices using eBay and its users as a test site. Researchers Markus Jakobsson and Jacob Ratkiewicz chose eBay (which for legal reasons they call “rOnl” in the paper) because it is currently one of the largest phishing targets in real life, and has millions of users, representing a huge statistical sample.

A previous survey by Gartner that tried to ascertain the success rate of phishing scams suggested that between 3 and 5% of US online users fell victim to this type of crime each year, leading to annual losses of nearly $2.5 billion. Other studies showed that people were far more willing to click on suspicious links and enter private information, with up to 15% of users willing to give up their details on a site they were led to by an unknown user from their own domain. Research carried out by Jakobsson and Ratkiewicz suggests that while the Gartner figure is a very conservative estimate, the second may be much closer to reality. Their own study has indicated that up to 14% of people were willing to enter their private details into a form on a site they were linked to, with the link being doctored just as it would be in a real phishing attack. Interestingly, up to 10% of people in their sample group also entered their details on a site they were linked to, with the link being shown as an IP address, which is in itself highly suspicious.

All this could mean that phishers are in fact much more successful in luring private information out of Internet users than previously thought. The number of phishing attacks has grown significantly over the last year, according to monthly statistics provided by the Anti-Phishing Working Group. The $2.4 billion annual losses by US users alone, cited by Gartner, could also be a very conservative estimate and be much higher in reality. According to Jakobsson, associate professor of informatics at IU “our goal was to determine the success rates of different types of phishing attacks, not only the types used today, but those that don’t yet occur in the wild, too.” And Ratkiewicz, a doctoral student at IU’s Department of Computer Science, warned that so-called “spear phishing”, which contains a high degree of personalisation to improve the criminal’s chances could be much more widespread in future. “We think spear phishing attacks will become more prevalent as phishers are more able to harvest publicly available information to personalize each attack,” he claimed. “And there’s good reason to believe that this kind of attack will be more dangerous than what we’re seeing today.”

*

Related Articles:
  • Summer no holiday period for cybercrime: The latest phishing activity and trends report released by the
  • Microsoft Outlook 2003 Vulnerable to Critical IE Bug: A critical bug in the Internet Explorer (IE) browser also
  • IE bug lets hackers phish with Google Desktop: A bug in Microsoft Corp.'s Internet Explorer Web browser gives
  • Microsoft to Release 80's Games for XBOX 360: Microsoft announced today that due to the popularity of its
  • Why is Linux Successful? : The success of Linux over the past 15 years boils
    • Articles:

    Leave a Reply

    You must be logged in to post a comment.