Fishing for 'phishers'

Report says fake e-mails that try to finagle financial information could be stopped by tools that check a sender's ID.

CNET News staff

June 28, 2004 2:09 p.m. PT

2 min read

Almost 95 percent of e-mail fraud and "phishing" reported in May emanated from forged addresses, according to new research from the Anti-Phishing Working Group, which argued that emerging e-mail authentication standards could take the sting out of such nasty attacks.



		Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section.

Phishing attacks trick people into parting with personal information by luring them to bogus corporate Web sites. Almost 5 percent of recipients of such deceitful e-mails disclosed vital information such as credit card numbers, account user names and passwords, leading to identity theft and financial loss, the report said. The past few months saw phishing e-mails emerging as a major threat.

The study, however, conducted by the Anti-Phishing Working Group with technical help from Tumbleweed Communications, showed there was only a 6 percent increase in new phishing attacks last month. May witnessed 1,197 new cases, compared with 1,125 unique attacks in April. Of the new attacks, 848 targeted the financial services sector.

"One Achilles' heel of phishing, and other related e-mail threats like spam and viruses, is the reliance on forged 'from' addresses to hide the sender's identity," APWG Chairman Dave Jevans said in a statement.

Despite varying specifications, several evolving technologies designed to provide verification of an e-mail sender's identity can prevent such fraudulent mails from reaching customers.

Several top Internet providers, including Yahoo, Microsoft, EarthLink, America Online, British Telecom and Comcast, formed an alliance last week to push for new technical guidelines to fight spam mails. EarthLink is already working on putting antiphisher software in place.