Phishers change bait as IM use grows

The APWG -- a not-for-profit organisation that monitors phishing trends -- published its report for February last week. The report reveals that, for the third month in a row, the number of attacks that do not use e-mail has steadily grown.

According to the report, "phishers are using alternative methods to 'phish' for end-user information. Previous phishing attacks were based around luring a user to perform an action through social engineering, primarily through spoofed e-mail and Web sites. The use of IM to spoof companies and phish for information is becoming more frequent."

Yahoo last week confirmed users of its Messenger software were being targeted by this type of attack. According to the search giant, attackers are sending members a message containing a link to a fake Web site. The fake site looks like an official Yahoo site and asks the user to log in by entering their Yahoo ID and password. The scam was more realistic because the incoming message appeared to originate from someone on the victim's friends list.

The APWG also highlighted two alternative techniques that could allow an attacker to steal personal information without requiring the potential victim to respond to a phishing e-mail.

"Phishing without a lure is now becoming more prevalent among attack styles. The most common is malicious code which either modifies your hosts file to point commonly accessed sites to the fraudulent site... DNS cache poisoning is also an alternative means that can be used to resolve information to non-legitimate Web sites," the report said.

The APWG found that in February 2005 there were 13,141 new unique phishing e-mails, an increase of two percent compared to January. However, the average monthly growth rate of phishing e-mails since July 2004 is 26 percent.