Govt departments could prove fertile phishing ground

LATEST NEWS

Computerworld is New Zealand's only specialised information systems fortnightly.
Subscribe now for $100 (23 issues) and save more than 37% off the cover price!

Get the latest news from Computerworld delivered via email.
Sign up now

Banks may be today's target for "phishing" expeditions but the next big thing is likely to be government departments, suggests the Asia Pacific vice president of anti-spam company Brightmail.

By Paul Brislen | Auckland | Thursday, 8 April, 2004

Banks may be today's target for "phishing" expeditions but the next big thing is likely to be government departments, suggests the Asia Pacific vice president of anti-spam company Brightmail.

Garry Sexton says the number of "phishing" emails, those sent to account holders pretending to be from their banks asking for user names and passwords, has increased dramatically in the past year.

"We saw around 250 million worldwide in August last year - that's risen to well over 2 billion in February."

Brightmail anti-spam filters are applied to around 15% of the world's email inboxes, giving it a high level of visibility into the types of email that are being sent and received and Sexton says he believes phishing must be working somewhere along the line.

"To see an increase like that it's got to be effective somewhere."

Sexton says the latest version he's seen, targeting ANZ bank users, is highly sophisticated and does send users to the actual ANZ website.

"They're using a password stealer. You do actually go to the ANZ bank site but you go via a site that downloads the code to catch your keystrokes."

Sexton says while most bank customers are becoming familiar with such antics, the next big target will be users' tax numbers.

"I expect we'll see government departments being used asking for social security numbers or IRD numbers, things like that."

UK-based online security consultancy mi2g says phishing expeditions have increased by over 300% in the past year. It too is warning that non-banking secure sites are also being targeted.

"Government agencies like the FBI, major corporations, e-commerce/information portals and their associated payment systems have also been targeted by the sophisticated identity theft scams," the company says. These include Amazon, AOL, AT&T, eBay, Microsoft, Monster.com, Paypal, UPS and Yahoo.

The number of phishing expeditions reported in 2004 has already exceeded the total for all of 2003, it says.