Beyond Phishing: Pharming and Crimeware Attacks
In a recent study conducted by the Anti-Phishing Working Group, a global association of ISPs, banks, law enforcement agencies and other concerned parties, it was noted that incidents of phishing (or the use of fraudulent emails to dupe people into sharing personal information such as back account passwords, PIN number and/or credit card information), while still rampant on the internet, are increasing at a slower rate.
On the other hand, incidents of pharming and crimeware attacks are rising at a steadily increasing rate. Pharming involves the redirection of internet users to a phony website whereby keyloggers (malicious programs designed record a user's keystokes) are used to steal a user's personal information. Crimeware is similar to spyware in that it monitors a user's online behavior; however, crimeware programs have been modified for the purpose of stealing a user's personal information. This new development in cyber identity-theft has led the Anti-Phishing Work Group to expand its charter to address these emerging threats.
Declining rates of phishing incidents may be attributable, at least in part, to recent steps taken by Banks to educate their customers. Many Banks now post information about the threat of phishing on their websites or disseminate such information via inserts sent in conjunction with a customer's mailed monthly statement. A few banks even hold seminars to educate people about identity theft. Banks are also taking affirmative steps to inform their customers about their communications policies. Three tips to consider to protect yourself:
1. Never provide personal information online unless it's a contact the customer has initiated.
2. Never click on a link in an email requesting personal information and never call the numbers listed on the email. If you need to contact your bank, go to the bank's official website or use a phone number you know to be genuine.
3. Check your financial statements carefully for any evidence that your personal information may have been compromised.
Recent articles on phishing can be found here and here.
DWT Advisory Bulletin on phishing and pharming here.
Posted by Peter Mucklestone and Peter Louie.