Antiphishing group casts line at new threats

Faced with a rise in so-called pharming and crimeware, Anti-Phishing Working Group will expand to include the emerging threats.

Faced with a rise in so-called pharming and crimeware attacks, the Anti-Phishing Working Group will expand its charter to include these emerging threats.

The shift may serve as a harbinger, raising the question of whether phishing will eventually become passe--despite the current rise in phishing incidents.

"Over time, as banks get a better grip on fighting conventional phishing that uses social engineering, phishers will be forced to find other vectors of attack," Peter Cassidy, secretary general for the antiphishing group, said Wednesday.

Within a couple of years, he said, conventional phishing could become obsolete. "It could be even faster. Events have always eclipsed our expectations," Cassidy said.

Conventional phishing campaigns reported to the group rose less than half a percent to 15,050 in June over the previous month, according to the group. But pharming attacks climbed 6 percent to 526 cases in the same period and crimeware cases soared 95 percent to 154, according to the group.

Phishing involves criminals sending out bogus e-mails in the hope that people are fooled into sharing personal information such as bank account passwords and credit card information.

In pharming attacks, people are redirected to a bogus Web site that looks legitimate. Once the victims are redirected to the bogus site, keyloggers are downloaded to steal information from the person or to dupe them into disclosing personal data.

With the rapid rise in crimeware, which is spyware designed to steal identities rather than just monitor online behavior, the group this month launched "Project Crimeware."

The project will investigate malicious software that steals consumer, government and corporate access credentials with the aim of launching attacks, stealing identities or engaging in financial fraud.

The antiphishing group's "belief is that conventional phishing via social engineering schemes will be eclipsed by advanced, automated crimeware based on keyloggers, redirectors and session hijacking technologies," David Jevans, the group's chairman, said in a statement.