Phish Net

Phishing's growing at a phenomenal rate, and the net effect is a king-sized drag on business

InformationWeek Staff, Contributor

December 14, 2006

3 Min Read
InformationWeek logo in a gray background | InformationWeek

9:35 AM -- One of the buzz phrases in IT these days is "disruptive technology" -- technology so new and different that it changes the way business operates. Despite the negative-sounding connotation of the phrase, disruptive technology is usually a good thing, a way of praising truly revolutionary innovations that have a real impact on business.

Unfortunately, some of us in security are discovering that there are bad disruptive technologies out there as well -- attacks and exploits so significant and far-reaching that they actually stop businesses from working properly.

By this definition, phishing has become one of the most disruptive technologies in the industry.

Unlike worms, viruses, and other security exploits, phishing is not just growing -- it's exploding. According to the Anti-Phishing Working Group, there were 37,444 phishing sites detected in October, up from 24,565 in September. That's an increase of more than 35 percent in just four weeks. PhishTank says it found more than 18,000 phishing scams in November. A new McAfee European cybercrime report says 17,000 incidents of phishing are reported each month. (See Report: Phish Jump.)

And those are just the figures for phishing sites, scams, and incidents that are detected or reported. Many phishing scams -- the most effective and damaging ones -- go completely unnoticed, experts say.

The net effect of this growth is that many banks and financial institutions (the most popular targets of phishing scams) have completely stopped using email as a means of communication with their customers. Can you imagine eliminating one of the world's most popular media from your company's arsenal because it has become so rife with crime? "Dear customer: We regret to inform you that we will no longer be able to speak with you by telephone."

An exploit that causes major companies to completely cease the use of a popular medium, such as email or Internet access, is not just disruptive, it's arresting. And greater effort should be made to stop it, or at least stem the tide.

Several anti-phishing groups are now publishing lists of sites and scams, which is helpful. These lists make it possible for vendors and enterprises to create programs that block the blacklisted phishing exploits, which limits the effectiveness of those scams over time. Unfortunately, like signature-based antivirus tools, this anti-phishing approach only works for known exploits -- unknown attacks often go undetected and unblocked.

There are some new technologies that have promise. Startup RavenWhite, for example, has developed Remote Harm Detection and "active cookies," two technologies that help protect users from phishing and pharming without violating their privacy in the process. (See Startup Finds Phish in Browsers.)

Much more needs to be done. And if it isn't, some companies may soon find themselves "disrupted" right out of business.

— Tim Wilson, Site Editor, Dark Reading

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights