Identity theft email attacks, known as phishing, on internet service providers (ISPs) are causing up to 70.000 phone calls to customer service centres per scam.
Recent phishing attacks in the US have lead the way for spammers to target ISP customers around the world in a similar way.
This week Australian ISP Ozemail also suffered an attack. Experts are warning that UK ISPs will be next.
“We’re seeing a lot of attacks on ISPs threatening account deactivation,” said David Jevans, chairman of the Anti-Phishing Working Group, which has the backing of vendors, ISPs and some financial organizations. “The priority targets are the US, Australia and the UK.”
Scammers send the emails disguised as messages from authentic companies, such as Visa or Ebay, and provide a link to a web page that requests users to enter their identity data.
The Anti-Phishing Working Group (APWG) reported that between November and December 2002, the number of phishing scams rose by 400 per cent. The group said it sees more than 30 scams emerge every week.
Phishing fraudsters originally targeted banking customers, but the APWG said it believes that the attacks are evolving as the public learns to be wary of the older scams. Fraudsters have recently exploited a bug in Microsoft Internet Explorer (IE) to give further authenticity to their websites. The bug makes it easier for scammers to spoof website addresses,
“We have the world’s largest archive of phishing attacks,” said Jevans. “It’s on the rise. The sophistication is disturbing. The social engineering will get cleverer and spread. Some of the most successful ones don’t use the Microsoft IE bug. They are teaming up with virus writers. If the MyDoom guy hooks up with [phishing] guys, well…”
Jevans added that to avoid the pitfalls of phishing, companies need to educate users and the industry must concentrate on authentication.
“We need a multi faceted solution. Authentication of mail is important. We can’t wait for anti-spam standards. But the main thing is education. Until we change the way we use the internet, everything we do will help.”
In November 2003, the US Government launched Operation CyberSweep, a project that targeted online fraudsters, and made 125 arrests. The operation identified more than 125,000 victims, with total losses in excess of $100 million.
The APWG was established up in 2003 to reduce the number of phishing attacks. It is a vendor neutral organization comprising more than 100 members, including banks, ISPs security vendors and law firms.