Patch/Configuration Management, Vulnerability Management

Five phish a day for fifth of email users

More than 20 percent of email users receive more than five phishing emails every day, according to a new report.

A survey of more than 600 business email users conducted by Sophos found that 58 percent receive at least one phishing email every day, while 22 percent receive more than five a day - evidence that the drive towards financially motivated computer crime continues to accelerate.

Recent statistics from the Anti-Phishing Working Group (APWG) supports this evidence revealing that the organization detected 15,244 unique phishing reports in December 2005, up from 8,829 in December 2004.

"The reason phishing emails are now so prevalent is due to their success rate - every day new users fall victim to these underhand and illegal tactics," said Carole Theriault, senior security consultant at Sophos. "If you receive more than five phishes per day, you're either alert to the dangers or you're likely to have been robbed blind. With crooks employing more and more devious methods to dupe users, the best advice is to always be wary of unsolicited emails, and at all costs avoid parting with confidential information."

The dangers of phishing were highlighted once again last week when Visa Asia Pacific announced that it had uncovered and shut down 20 spoof websites to prevent cardholders from falling victim to online data theft. The action was taken following reports that customers had received suspicious emails from the company's payments network, and Visa was quick to state that the company would never initiate contact with customers in this manner.

Although most phishing emails claim to be from online businesses like Ebay and major financial institutions, there have been a variety of different organisations being targeted, including the Internal Revenue Service (IRS). The tax refund phishing attack stemmed from an apparent security configuration error on the real IRS website, allowing scammers to redirect visitors to a bogus address.

"While organizations have a responsibility to ensure the security of their own websites, they have little control over phishers that exploit their brand behind their backs," said David Jevans, chairman of the APWG. "Phishing attacks are likely to become even more targeted in the future, and it will therefore be all the more important for users to display caution. If in doubt, they should contact the relevant organisation to check an email's authenticity."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.