Sophos: Gains Attract Phishers

Sophos reminds people of some basic security measures that can hinder phishers

BURLINGTON, Mass. -- Everyday, more and more people log on to websites to manage financial accounts or to purchase various items. As we become more comfortable with the “HTTPS” acronym in the address bar, we conduct transactions online more frequently. But, this level of comfort may be helping us drop our guard despite ongoing news reports of cyber attack victims losing money or suffering at the hands of malicious viruses destroying IT systems.

People earning six figure salaries received nearly half of all phishing emails sent out this past year, reported Gartner. Though the number of people who fall victim to these scams dropped, the dollar amount an individual lost each time increased at least five times the norm in 2005.

“These scammers are getting smarter,” stated Ron O’Brien, senor security analyst at Sophos. “With online security increasing, a phisher’s window of opportunity is much shorter. They’re looking for one big payoff, rather than a million small payoffs. Users must be alert.”

We’ve all received them: Seemingly honest emails from legitimate institutions like our bank or eBay. These emails sport corporate logos, contact information, and an urgent message to login right away to confirm our registered, personal information. These phishing emails take that personal data and give cyber criminals access to all sorts of financial accounts.

“You’d be surprised how many people still don’t protect themselves online,” continued O’Brien. “Once a phisher gets your log-in and password to one site, he uses various methods to gain access to your other accounts. Think about how much information we type in just purchasing a book—credit card number, that card’s security code, billing address, phone number—it doesn’t take long for a smart hacker to use that data to steal money or, worse, your personal identity.”

Sophos reminds people of some basic security measures that can hinder phishers:

  • Do not use the same password or similar variations of a password for multiple accounts

  • Read between the lines of unsolicited emails; phishing scams often can be spotted by bad grammar, obvious typos and an almost too urgent tone to respond

  • Before you respond, call the organization supposedly sending you an email if you think that message is suspicious; the organization will confirm whether it is legitimate

Sophos plc