CIO - Email phishing scams have grown more sophisticated since they first began popping up in corporate inboxes in the 1990s. Early phishing emails were relatively easy to detect as they were characterized by poor grammar and spelling. No legitimate business would send an email to customers chockfull of typos.
As email users grew wary of phishing attempts, cybercriminals have had to change their tactics and their lures. Today, phishers are churning out much more convincing and effective emails. Not only are the most persuasive specimens well-written, they are also often personalized, addressing the recipient by name. In addition, they replicate the look and feel of authentic emails from legitimate businesses down to the fonts, footers, logos and copyright statements those companies use in electronic correspondence with their customers.
Why Criminals Keep Casting Phishing Lines
The result of these refinements has been an explosion in phishing attempts. In 2011, approximately one out of every 300 emails circulating the web was deemed to contain elements indicative of phishing, according to "The Year in Phishing," a report from RSA. The cumulative number of phishing attacks recorded that year was 279,580, a 37 percent increase over 2010, by RSA's count.
RSA says that phishing attacks are on the rise despite heightened user awareness in part because they've become so easy for cybercriminals to execute. Malware writers have created automated toolkits that fraudsters use to easily create and host phishing pages. On average, every phishing attack nets a $4,500 profit in stolen funds for the perpetrator, according to RSA.
Because phishing attacks are easier for cybercriminals to produce and more convincing than ever, RSA predicts even more of them in 2012. To help you and your end-users determine whether those suspicious emails in your inboxes are legitimate or phishing scams, CIO.com asked Daniel Peck, a research scientist with Barracuda Networks, a provider of email and web security products, to analyze a particularly convincing specimen allegedly from American Express. We include below a copy of the email in question, along with Peck's tips for discerning the validity of suspicious emails.
This "Fraud Protection Alert" allegedly from American Express is in fact a phishing scam.
The above email is an alleged "Fraud Protection Alert" from American Express. It informs the recipient and would-be cardholder of potential fraudulent charges on their credit card.
This email is, in fact, a phishing scam, but it's convincing for a variety of reasons. For one, it sounds authoritative. Second, the footer--with its putative links to American Express Customer Service and the company's privacy statement--makes it look authentic. The message at the end of the footer that reads, "Your Cardmember information is included in the upper-right corner to help you recognize this as a customer service e-mail from American Express. To learn more about e-mail security or report a suspicious e-mail, please visit us at americanexpress.com/phishing," makes it look even more authentic and is designed to further confuse the recipient. Finally, because the message assumes the recipient did not recently charge a Hilton Hotel reservation, it attempts to win the recipient's trust, as if to say, "We're looking out for you."
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Desktop Apps White Papers | Webcasts