Tuesday, November 7, 2006
Phishing May Net More Than Previously Thought
Researchers at the Indiana University School of informatics found, in a recent study, that phishers may be netting responses from as much as 14 percent of the targeted populations per attack, as opposed to 3 percent per year, a higher-than-expected percentage of internet users who are likely to fall victim to scam artists.
In computing, phishing is a criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an electronic communication.
Surveys by the Gartner Group report that about 3 percent of adult Americans are successfully targeted by phishing attacks each year, an amount that might be conservative given that many are reluctant to report they have been victimized, or may even be unaware of it.
Approved in advance by the IU Bloomington Human Subjects Committee, "(The) goal was to determine the success rates of different types of phishing attacks, not only the types used today, but those that don't yet occur..." says Markus Jakobsson, associate professor of informatics. These experiments, says the report, have the advantage of reporting actual numbers.
"We wanted to proceed ethically and yet obtain accurate results," says Ratkiewicz, a computer science doctoral student. One experiment was to launch a "spear phishing" attack in which a phisher sends a personalized message to a user who might actually welcome or expect the message. in this approach, the phisher gleans personal information readily available over the internet and incorporates it in the attack, potentially making the attack more believable.
"We think spear phishing attacks will become more prevalent as phishers are more able to harvest publicly available information to personalize each attack," Ratkiewicz says. "And there's good reason to believe that this kind of attack will be more dangerous than what we're seeing today."