Phishers hit Hilton Honors Club

Share this article:

Phishers are targeting smaller organisations to maximise profit and fool even the net savvy, the latest report from the Anti-phishing Working Group (APWG) shows.

By hitting targets such as the Hilton Honors Club (a honor scheme for frequent users of the company's hotels), as opposed to traditional phishing sites such as Paypal, phishers hope users who adhere to warnings will still be caught.

"It's more likely the Honors club would ask for your account details than Paypal or Citibank, especially now these larger organisations are getting on top of it," said Mark Murtagh, technical director EMEA at Websense, who conducted the report. "With the levels of sophistication we're now seeing many people will be fooled." The April report also highlighted continued growth in phishing reports sent to the APWG, which received 14,411 last month.

As SC reported last week phishers are legitimising themselves with real domain names. "There's also been a decrease in sites without domain names, phishers are now registering cousin domain names," said Murtagh. "By doing this they bypass common security advice, such as checking for a domain name."

Murtagh said that phishers were likely to continue targeting large financial organisations but the growing trend towards smaller, perhaps more obscure groups, especially within the U.S., was likely to continue.

"As long as there's money to be made phishing will continue, and that's true of all ecrime," Murtagh said.

www.antiphishing.org

Share this article:

Sign up to our newsletters

More in News

Leahy bill would end bulk data collection, introduce reforms

Leahy bill would end bulk data collection, introduce ...

Sen. Patrick Leahy introduced an NSA reform bill that would update the USA Freedom Act.

House passes two cyber security bills

One bill aims to improve agencies' website security, while another works to thwart critical infrastructure attacks.

A five-month-long Tor attack attempting to 'deanonymize' users

For roughly five months beginning in January, traffic confirmation attacks were used to attempt to "deanonymize" Tor users.