Phishers Have Joined The Holiday Shopping Spree

What better way is there for a crook to go on a Christmas shopping binge than to go with someone else's money?

John Dickinson, Contributor

December 22, 2004

3 Min Read

It's no surprise that phishing attacks are on the rise during this holiday season. After all, the season that brings out the best in people also, sadly and inevitably, brings out the worst. And what better way is there for a crook to go on a Christmas shopping binge than to go with someone else's money?

Proofpoint's Anti-Spam Lab has identified nearly 100 new and unique phishing attacks that were started in November. That's an increase in their measure over the previous month of 80 percent, and an increase of more than 1,000 percent, which reflects the growing popularity of the technique among identity thieves. The company expects a similar, or even larger, increase this month.

The Anti-Phishing Working Group (located at, hijackers are having approximately a 5% success rate in convincing recipients of their bait to turn over their information. That may seem high, but e-mail users can be very nave about what they click on and what they type in to forms. And some new forms of attack are geared to spoof messages from employers, creating a new destination for ill-placed trust.

Proofpoint's technologists offer advice on how to avoid being "phished" that you might want to share with your users:

  1. Be aware: Consumers should view any email with urgent requests for personal identifying information, personal financial information, user names or passwords with suspicion. Your bank, online services or legitimate e-commerce sites are unlikely to ask you for this type of information via email. Consumers should also be wary of similar emails that look like they come from their employer. Never send personal financial information or sensitive information such as social security numbers via email.

  2. Don't click: If you receive a suspicious email, don't click the links in that email to visit the Web site in question. These links may take you to a fraudulent site that looks similar or identical, but is designed to steal your personal information. Instead, open a browser and type the actual Web address (e.g., for the site into the address bar. Alternatively, call the company using a phone number you already know.

    Be secure: When you are shopping online, entering important information such as credit card numbers, or updating personal information, make sure you're using a secure Web site. If you are on a secure Web server, the Web address will begin with "https://" instead of the usual "http://". Most Web browsers also show an icon (such as Internet Explorer's "padlock" icon) to indicate that the page you are viewing is secure. Don't fill out email forms: Never fill out forms within an email, especially those asking for personal information. Instead, visit the company's actual Web site and ensure that the page you are using is secure before entering sensitive information. Keep an eye on your accounts: Check the accuracy of your credit card and bank statements on a regular basis, especially during this busy holiday season. If you see anything suspicious, contact the financial institution immediately.

Read more about:


About the Author(s)

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights