Home & Office

Phishers targeting small businesses

Businesses and online users should be on their guard, as phishing scams show no letting up, directing their attacks at smaller companies.
Written by Joel D. Pinaroc, Contributor

Phishing attacks are not going away anytime soon, and Philippine companies, including small businesses with an online presence, should take the necessary precautions.

In its official blog site, Trend Micro, which has a global R&D and customer support facility in the Philippines, said phishing attacks have struck in the Philippines, mainly against major banks and credit card companies.

United Coconut Planters Bank (UCPB), one of the largest banks in the Philippines, has placed a notice on its Web site warning clients of e-mail messages asking them to check their accounts by clicking on a link provided in the fake notices.

Similar cases have been reported by Bank of the Philippine Islands and Equitable PCI Bank in February, said Trend Micro.

Phishing e-mail typically point recipients to a bogus Web site that looks like the real one but is really designed to steal login information such as usernames and passwords. Hackers use the pilfered login details to commit crimes such as identity fraud.

Trend Micro Philippines said in an earlier interview that there have been reports of credit card details being illegally obtained via phishing, but the problem is not as widespread compared to other countries due to the Philippines' relatively small credit card user base.

But small companies in the Philippines should also be on their guard, if the findings of a recent study are anything to go by.

In a study released last week, U.K.-based security vendor Sophos said cybercriminals are targeting more users of a wider range of online companies than ever before, in an attempt to steal information and finances. Such businesses include smaller credit card unions, online retailers and other companies in all geographic regions.

Although Sophos has no data on which regions or countries are more prone to phishing attacks, Graham Cluley, senior technology consultant at Sophos, said: "There does seem to be evidence that there is more English language phishing than any other language."

The Sophos study also said the rise in phishing attacks against smaller firms maybe due to the increasing vigilance of larger and more prominent online companies in safeguarding customer information, prompting hackers to turn their attention to "smaller fish".

"Phishers are now turning to a bigger pool of potential victims," Cluley said in an e-mail interview with ZDNETAsia.

The study also noted a substantial decrease in phishing attacks against online giant PayPal and its owner eBay.

Sophos' research showed that in September, only 21 percent of phishing e-mail purported to come from the two well-known companies. In contrast, 85 percent of bogus messages a year ago claimed to be from eBay or PayPal.

"PayPal and eBay are two big fish on the Internet, but hackers are finding it harder than before to steal from their millions of users because of heightened user awareness, and technology that the firms introduced to help verify if an e-mail communication is legitimate or not," Cluley said.

The Sophos security expert noted: "In September 2006, almost nine out of 10 phishing e-mail messages were trying to steal information from unwary eBay/PayPal customers, now it's more like one in five.

"This is great news, but Internet users should not relax and think the fight is over. Phishers continue to target a wide variety of organizations in their pursuit of easy money," Cluley added.

Joel D. Pinaroc is a freelance IT journalist based in the Philippines.

Editorial standards