Gone Spear Phishing

PEOPLE in many other countries, including the United States, have reason to feel queasy as well, say Internet security specialists and government agencies that monitor cyberfraud. Over the last few years, enticing offers wearing the friendly guise of e-mail solicitations have been at the center of well-publicized frauds known as "phishing," in which con artists troll online for valuable personal and financial information. In September, the Anti-Phishing Working Group, a coalition of corporate and law enforcement groups that track identity theft and other online crimes, said it had received more than 13,000 unique reports of phishing schemes in that month alone, up from nearly 7,000 in the month of October last year.

More recently, however, a hybrid form of phishing, dubbed "spear-phishing," has emerged and raised alarms among the digital world's watchdogs. Spear-phishing is a distilled and potentially more potent version of phishing. That's because those behind the schemes bait their hooks for specific victims instead of casting a broad, ill-defined net across cyberspace hoping to catch throngs of unknown victims.

Spear-phishing, say security specialists, is much harder to detect than phishing. Bogus e-mail messages and Web sites not only look like near perfect replicas of communiqués from e-commerce companies like eBay or its PayPal service, banks or even a victim's employer, but are also targeted at people known to have an established relationship with the sender being mimicked. Gone Spear-Phishin' - New York Times

Linked by shanmuga Saturday, 3rd December 2005 11:44PM