UGN Phishing & Online Crime Reports UGN Phishing & Online Crime Reports
criminals want your identity... they'll stop at nothing to get it. BEWARE
The following are the latest developments in the computer industry's war on Phishing -- which has now become one of the most dangerous threats against computer users. Understand what it is, and help your friends, neighbors and relatives learn and understand as well...
Show the world you don't like online criminals with our anti-phishing buttons and stickers!
Table of Contents
Measuring spam, viruses, spyware and phishing, ConsumerReports estimates that American consumers spent at least $7.8 billion for computer repairs, parts and and replacement over the past two years as a result of viruses and spyware alone.
SpamHaus says:
80% of spam received by Internet users in North America and Europe can be traced via aliases and addresses, redirects, hosting locations of sites and domains, to a hard-core group of around 200 known spam operations ("spam gangs"), almost all of whom are listed in the ROKSO database.
See: spamhaus.org report
Consumer Reports says:
[Quote]
Cyber insecurity -- You're more vulnerable than you think
Attacks on the Internet spread like measles across an animated world map in a war-room-style chamber. The red dots advancing across the projected continents signified attempts at unauthorized entry into enterprise or home computers, probably to steal data or spread malicious software. That was the scene our reporter observed when he recently visited the Alexandria, Va., facility of security provider Symantec.
An accompanying tally certified the cyberassaults as a full-blown plague: More than 59 million such attempts had come from North America alone during the previous 24 hours of monitoring. SEE: Consumer Reports: Cyber Security Report
Consumer Reports also published the State of the net 2006 report in their September issue, saying:
"Phishing attacks are as rampant as they were last year, while the median cost per victim has increased fivefold. In 2006 alone, the number of fraudulent sites has risen at an alarming rate:
1 person in 115 lost money from an account
Cost per incident - $850
Total damage - $630 million
(Read More) or read the report in eMarketer - New York, NY, USA
PITTSBURGH - A federal grand jury has accused a Florida man of creating a bogus Hurricane Katrina relief Web site and several other bogus sites meant to gather sensitive financial information from would-be donors.
Jovany Desir, 20, of Miami, was charged with wire fraud in the five-count indictment issued Wednesday. The investigation was undertaken in Pittsburgh because the purported relief effort was said to be linked to an American Red Cross chapter in western Pennsylvania, authorities said. Another bogus site mimicked the Web site for Pittsburgh-based PNC Bank Centre Daily Times - Centre County, PA, USA
Recent incidents of lost or stolen laptops have focused public attention on the huge amount of personal information that can very easily make its way outside the control of corporate IT. However, in spite of so many incidents involving hundreds of thousands of individuals, it is not clear that the lost or stolen information was actually used for gain.
Unfortunately, the flurry surrounding these laptop incidents has shifted focus away from a very real threat -- the increasing severity of spam, deceptive e-mail and phishing exploits that truly are intended to garner personal information and use it for illicit purposes. It would be a real shame if people began to lower their guard when confronted with a phishing attack, in the mistaken belief that nothing bad would really happen if they were to disclose personal information, such as online banking username-password combinations, to the wrong entity. (Print Version) Important Opinion piece from Tanya Candia at TechNewsWorld - Sherman Oaks, CA, USA
Websense Security Labs has observed a change in the technique used in Yahoo! phishing attacks. These phishing attacks attempt to capture a user's Yahoo! ID and password by displaying a fake Yahoo! Sign In page. This variant of attack has been on-going for over a year. After the Yahoo! acquisition of Flickr, these attacks have started to shift from targeting Yahoo! Photos to targeting Yahoo! Flickr. CIOL - Bangalore, India
DON DARE, reporter for Knoxville TV station WATE.com, says:
Online thieves often try to steal identities and college students are at a bigger risk than any other age group. But there are several simple ways to keep safe. The Federal Trade Commission says college students filed more than 69,000 identity theft complaints in 2005.
#2 out of 10: Don't get caught in a phishing scam. When you're directed to a counterfeit site, it will ask for your personal info, such as your Social Security number. One way to spot phishing is to hover your cursor over a link while looking at the bottom of the browser. If the URL displayed is very long, it's probably a fraud.
WATE.com - Knoxville, TN, USA
site, but caution is still needed. This phishing expedition might net more than the catch of the day. A fraudulent e-mail, complete with a Wells Fargo logo and design elements similar to the bank's Web site, was given to the San Angelo Police Department this month by Tom Green County Assistant District Attorney John Best San Angelo Standard-Times - San Angelo, TX, USA
Horizon National Corporation is using the Symantec Online Fraud Management Solution to help prevent e-mail fraud by combating phishing attacks that may lead to identity theft. Using Symantec's system to detect and block fraudulent e-mail, First Horizon is protecting the integrity of its customers' online transactions and securing their sensitive financial information. Market Wire (press release) - USA
At the end of the day, however -- since phishing is really a human behavior problem -- training and awareness programs are the most effective ways (This page actually has a series of fairly good PDF files on prevention and protection. It does require a simple, free registration.) ZDNet - Bayern, Germany
A similar attack, again ostensibly pointing to Barclays'website, but in reality directing surfers towards a phishing net,has been reported by other fraudulent emails look more convincing. An alert Reg reader noticed the trick in scam emails he received. [The article urges victims of this scam to go to :: this scam reporting page]
"Barclays Bank's website has a security flaw which will allow a phisher to provide a link which appears to be a legitimate Barclays URL, but actually redirects to fraudulent site. It seems very irresponsible to not do any checking that a URL is internal, or legitimate, before redirecting," Register - London, England, UK
This vulnerability caught the media's attention because two-factor authentication is often touted as being the solution to the password problem. This phishing attack merely demonstrates the inherent problem of all clear text authentication mechanisms. by RussCooper. Microsoft Certified Professional - USA
Bank of Ireland customers have been hit by a new phishing scam, which has already cost some of its customers more than of EUR 110,000. Phishing attacks attempt to fool internet users intorevealing sensitive information, such as log on codes and passwords for online banking, using e-mails. ElectricNews.net - Dublin, Ireland
Following a spate of recent phishing attacks targeting its customers, Bank of Ireland has said that it never requests people's personal login details by email. Bank of Ireland said it was aware of the fraudulent emails and said it takes the matter seriously, working with Garda to shut down the fake sites. The bank said it immediately investigated all reported incidents of phishing as well as reporting them to the Garda Siliconrepublic.com - Dublin, Ireland
Fifth Third Bank and its online customers are the latest victims of increasingly sophisticated "phishing" schemes that attempt to extract personal information from people who are unaware that banks don't ask for it through e-mails. Since mid-July, would-be thieves have sent fraudulent e-mails claiming Fifth Third's technical department is doing a scheduled software upgrade and asking recipients to click onto a link, where they then are asked to provide personal information. Kentucky.com - Lexington,KY, USA
Multiple vulnerabilities have been identified in Horde Application Framework, which could be exploited by attackers to execute arbitrary scripting code or conduct phishing attacks. (Also see: secunia.com/advisories/ FrSIRT - Montpellier,France
The Kaua'i Community Federal Credit Union became the latest Hawai'i financial institution to be targeted by phishing scams that have ensnared six local financial institutions to date. Honolulu Advertiser - Honolulu,HI, USA
Please share your concerns or discoveries, we're listening.
Return to: the top of this page, or the INDEX for this department
Exit to: The User Group Network front page
Contact: The Editor, Webmaster or Membership Director