E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants

Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


Source: VNUnet

Posted on August 24, 2005

      Phishers are rapidly becoming more sophisticated with the development of malicious crimeware software that can bypass conventional IT security systems and steal identity information for financial crime, the Anti-Phishing Working Group (APWG) warned today.

      In July 2005, APWG researchers found that phishers are designing systems specifically to neutralise the counter-phishing technologies being deployed by financial institutions and ecommerce sites.

      "The technological contest between phisher and counter-phisher is well and truly underway," said APWG chairman David Jevans. "It is a contest of escalation."

      APWG researchers reported a marked increase in screenscraper technology by phishers. This shift aims to counter the graphical keyboard systems some financial services firms are using to avoid the hazards of keylogging Trojans that phishers have been using to mine the usernames and passwords directly from the keyboard entry of alphanumerics and symbols. When the user mouseclicks a character on the graphical keyboard, the screenscraper takes a snapshot of the screen and sends it to the phishers' server for inspection, according to APWG researchers.

      Dan Hubbard, senior director of security for Websense and APWG analyst, said: "Crimeware continues to evolve as we have seen the deployment of advanced techniques to steal information.

      "These Trojan horses are moving beyond keylogging and now capture screenshots to obtain end-user credentials."

      APWG reported that it had received some 14,135 unique phishing reports in July, down from 15,050 in June. In July 2005, 71 brands were reported as being phished, down from a high of 107 different brands being phished in May 2005.

      However, phishers were found to be spreading their nets, and moving away from some traditional marque name financial institutions and hitting a wider base of smaller financial institutions. Financial institutions made up 86 per cent of all phishing targets, down slightly from a recent high of 91 per cent.

      APWG secretary general Peter Cassidy said: "Our hope was that as the large financial institutions gained expertise in thwarting and deflecting phishing attacks, phishers and their spam-based schemes would become ineffective as probabilities of landing phishing mails into inboxes of small institutions' customers decreased their intake of user credentials."

      "Instead, phishers have employed internet marketing practices of list creation and affinity marketing to target and leverage the trust of small institutions."

      APWG also reported that in July, there have been increased numbers of variants and new banking keyloggers. There were some 174 phishing-based Trojans detected in July, up from 154 in June. The numbers of websites that were hosting these keyloggers rose even more dramatically, with almost a 100 per cent increase.

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.