This week in phishing

Google tests phishing protection for its free Web-based e-mail to alert people to potential fraud.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
2 min read
Google was busy on the security front this week, testing phishing protection for its free Web-based e-mail to alert people to potential fraud.

When a Gmail user opens a suspected phishing message, the software displays a large red dialog box that warns the user the message may not be from whom it claims to be.

Gmail will also remove all live hyperlinks from suspect HTML-based e-mails to protect people's systems from potentially fraudulent Web sites. The addresses of the sites can still be accessed by examining the original code of the e-mail, a feature that Gmail provides.

While the growth of new phishing attacks has slowed, attackers are apparently busy building more sophisticated traps and using advanced technology to perpetrate online fraud. Last week, the Anti-Phishing Working Group, an online fraud watchdog, reported that the number of phishing e-mails it tracked between January and February grew by only 2 percent.

That figure seems to mark a significant shift in the threat, given that the average growth rate has been 26 percent per month since July 2004. But during the January-February period, phishing attacks also became more sophisticated, experts said, with advances in phishing schemes that use e-mail and the creation of fraudulent Web pages that appear almost identical to their legitimate counterparts.

Meanwhile, police in Estonia have arrested a man suspected of stealing millions of euros from bank accounts across Europe, according to a report in the Sydney Morning Herald. The unnamed 24-year-old is believed to have infected hundreds of computers with a Trojan horse program to obtain usernames and passwords from them.