Phishing growing exponentially

Online phishers are taking consumers hook, line and sinker with new e-commerce and social engineering scams

The number of phishing Web sites is increasing by 50 percent every month and fraudsters are using increasingly sophisticated techniques to fool Internet users into revealing personal information, according to the Anti-Phishing Working Group's (APWG) latest figures.

Phishing sites are usually doctored versions of an organisation's legitimate Web site. Victims are often lured to the sites using sophisticated socially engineered emails and many are fooled into disclosing online passwords, user names and other personal information.

However, according to research by the APWG throughout July, there has been an increase in the number of generic e-commerce Web sites where victims believe they are ordering products or services from an "independent" reseller.

The APWG found that the most common fraud-based sites seen during July were fake loan scams, mortgage frauds, online pharmacy frauds, and fake online banking institutions.

"As phishing sites continue to grow exponentially, this newer breed of advanced fraud-based websites is also proliferating, raising the stakes of Internet scams," the report said.

Rob Forsyth, managing director of anti-virus firm Sophos in Australia and New Zealand, said that phishers are modifying their methods to extract as much information -- and cash -- as possible.

Forsyth said a prime example was during the Olympic Games in Athens when a fraudulent Web site was asking for donations to help disabled athletes participate in the Paralympic games.

"It was a fraudulent site, but well-meaning people dumped money directly into the fraudsters account. They are looking for every opportunity to defraud," said Forsyth.

Graham Connolly, Australia and New Zealand manager at Internet security firm Websense said the problem will get worse as long as the fraudsters continue to make money.

"We predict this problem will worsen. New techniques to dupe users are being developed and the accuracy, creativity, and sophistication is increasing -- proof that there is money to be made," said Connolly.

Mike Bosch, Australia and New Zealand managing director of email security firm Ironport Systems, said there is a possible technological solution on the horizon but it will require the continuing co-operation of service providers, vendors and targeted companies.

"ISPs have to work hand in hand with technology vendors and the banks to effectively block these types of attacks. We are probably at least five to six months away from being able to do that," said Bosch.