Digital Home reports of the latest Anti-Phishing Working Group (APWG) report. During January, there were 12,845 new and unique phishing e-mail messages reported to APWG, making this a 42% increase over the previous month of December. In addition, the number of unique (or new) phishing email messages increased by 47% over the previous month. According to APWG 80% of the phish attacks are targeted to financial institutions and services.
Besides the report, APWG reiterates what people should do to avoid becoming phishing victims:
- Be suspicious of any email with urgent requests for personal financial information -
- Don’t use the links in an email to get to any web page, if you suspect the message might not be authentic
- Avoid filling out forms in email messages that ask for personal financial information
- Always ensure that you’re using a secure website when submitting credit card or other sensitive information via your Web browser
- Consider installing a Web browser tool bar to help protect you from known phishing fraud websites
- Regularly log into your online accounts and check that your bank,
credit and debit card satements to ensure that all transactions are
- Ensure that your browser is up to date and security patches applied
- Report "phishing" or "spoofed" e-mails to the following groups by forwarding the email to email@example.com
[Via Digital Home, Canada -]
At least four sites that were targeted by the Artists Against 419 and its Mugu Marauder screensaver are now offline, Netcraft reports. The Mugu Marauder is designed to exhaust bandwidth allotments for financial scam sites with repeated image requests.
Artists Against 419 targets web sites it has connected with advance fee (419) scams
involving international money transfers. The group uses web
applications and organized "flashmobs" of web users to target sites
that remain online after hosting firms and law enforcement have been
Four of the five are now offline, with crownsecuritiesandfinance.com
(removed from DNS) and www.firstglobaltrust.com (account terminated by
web host) shutting down within days. Three sites housed at Chinese
hosts lasted longer. Abbeytrustonline.com and bancoplatinum-online.com,
housed at fz.fj.cn, became inaccessible last week.
Although screensavers who attack scammers or spammers’ websites and try to increase their bandwidth bill or bring them down altogether have a short term impact, do they really help in the fight against spam or Internet fraud? In what seems like a cat-and-mouse game fraudsters and spammers are very good and experienced in evading law enforcement. Won’t they be able to escape a simple DOS attack?
[Via Netcraft, UK -]
It seems that the recent problems ChoicePoint had are not its first contact with identity theft.
A review of public records across the country reveals the
Alpharetta-based company has been involved in at least 11 lawsuits
since 2000 involving possible misappropriation of information.
While it is not really clear what those misappropriation of information cases were about, it is somewhat inevitable for a major personal data clearinghouse not to get involved with identity and personal information misappropriation. I am hesitant to draw a pattern from these 11 lawsuits against ChoicePoint.
[Via MSNBC -]
Are we (or more accurately businesses, government, or other entities holding data) treatin our personal information too casually? A great editorial by Michael Hiltzik in LA Times on how if there was no California law requiring disclosure of potentially missing personal information of Californian residents, the company holding the data is required to disclose the incident to the affected users. Without this law, we probably would have never learned about ChoicePoint’s breach.
Indeed, there are indications that ChoicePoint’s first impulse was to
inform only California consumers, who account for about 35,000 of the
145,000 total victims identified so far. A public outcry soon convinced
it to change its mind and inform everybody.
[Via Los Angeles Times, CA -]
A report released this month by a legislative committee found that
information on Web sites of New York state agencies and authorities has been
hacked at least 72 times in six years. The breaches occurred between 1999 and 2004 in the computer systems of the Department of Motor Vehicles, the Department of Education, the Department of Correctional Services, and the New York Port Authority. It is not clear whether personal information was breached.
"We rely on business and government when we give them personal
information … that they’ll keep it safe and secure," said State Sen.
Jeff Klein, D-Bronx, who headed the Assembly’s oversight committee that
wrote the report before he was elected to the State Senate last year.
"Unfortunately, the state and private companies are not keeping that
information safe, which can lead to ID theft."
Another breach in what seems like an endless week to guardians of personal account information. A "small" number of backup tapes with Bank of America records went missing this week. What was on the tapes - information on 1.7 million customers, most if not all of them government accounts. According to BofA, the annual transactions conducted via these accounts total to more than $21 billion. Not a small change.
"Federal law enforcement officials were immediately engaged when the
tapes were discovered missing, and subsequently conducted a thorough
investigation into the matter, working closely with Bank of America,"
the bank said in a statement. "The investigation to date has found no
evidence to suggest the tapes or their content have been accessed or
misused, and the tapes are now presumed lost."
What does that mean - "presumed lost?" That BofA will write off the cost of the tapes - let’s say $50 and everybody will go on their marry way? Hopefully not.
Yes, there are many implications of Paris Hilton’s stolen numbers. One of them - the trade in the NBA.
Dallas Maverick owner Mark Cuban, on the radio (KTCK 1310AM
to be specific) defending the trade of Alan Henderson and Calvin Booth
to the Milwaukee Bucks for Keith Van Horn, said he was nearly out of
the loop on the trade because he had to get a new phone number because
his phone number was among those found in the hotel heiress’ cell phone.
It’s sad when such a simple phone hacking can cause ecomonic damages in such far-reaching areas. Also, half of Hollywood now probably has new cell numbers - watch out for a mad new phone number exchange on tomorrow nights’ Oscars’ red carpet.
[Via InfoWorld -]
Are the estimated costs to businesses worldwide due to spam. An estimate of the impact of spam on worldwide businesses is hugely difficult task, and even if do not accept this number as 100% accurate and substantiated, it certainly is close to the true cost of fighting spam.
IT News reports that phishers are gradually switching their target - from large banks and organizations such as Wells Fargo, eBay, etc. they are moving to smaller banks which are less prepared to handle a phish attack on their customers. With the creation of many anti-phishing consortiums by many of the large institutions involved in the anti-phishing battle, there are many tools and systems to prevent phishing attacks on the major players. However, small banks are often left unprotected and this is what phishers are exploiting.
"(The latest trend) could mean the counter-phishing
systems that big banks have deployed are effective and the Phishers are
moving onto softer targets," APWG [Anti-Phishing Working Group] Chairman David Jevans said in a
[Via iT News, Australia -]
Despite efforts by Microsoft to provide a free anti-spyware tool, US Congress has stepping up its efforts to pass some legislation controlling the spread of spyware. eWeek reports that there are two opposing anti-spyware bills currently on the floor of Congress after persistent lobbying by the tech industry. Opponents of this legislation argue that it may outlaw legitimate uses of downloadable software, such as security patches. Of course, opponents may also point to the weak effect of CAN SPAM Act of 2003 on the level of spam and argue that federal legislation of similar type is simply not effective.
[Via eWeek -]