Phishing tops e-mail security threats of 2004

Phishing attacks have, in the course of 2004, become the biggest e-mail security threat, according to an annual report from MessageLabs. In September 2003 it encountered just 279 phishing e-mails; in September 2004, the figure was over two million.

According to the security firm's Annual Email Management and Security Report, in the course of 2004 it intercepted a total of more than 18 million phishing e-mails and has seen the development of new techniques to increase the success rate of attacks.

These techniques include e-mails that capture on-line banking details automatically when a user opens the e-mail, rather than when the user clicks on links within messages. Attackers have also tried to dupe unsuspecting users into becoming middlemen for money laundering operations.

The report suggests that the increase in phishing-related on-line identity theft may signal the beginning of a wave of e-mail attacks targeted at individuals and small groups of companies. This, says the firm, puts business firmly on the front line in the fight against on-line attacks.

"We believe that the singling out of certain companies to be the victim of phishing attacks could signal the beginning of a wider trend," said Mark Sunner, Chief Technology Officer of MessageLabs. "Already, particular businesses are being threatened and blackmailed, which could indicate a shift from random, scattergun approaches to customised attacks designed to take advantage of the perceived weaknesses of some businesses."

More traditional security threats are still a problem, with spam and virus attacks also increasing over the last 12 months.

During the year, says MessageLabs, the e-mail virus infection average ratio was 1 in 16, compared to 2003 when it was 1 in 33. The most widespread outbreak of 2004 was W32/MyDoom.A, which hit in January, while the average percentage of e-mail identified as spam in 2004 was 73%, with figures peaking at 94.5% in July; in 2003, the average was 40%.

MessageLabs also witnessed tailored malicious activity ranging from blackmailing on-line gaming sites with Denial of Service attacks to threats to send out child pornography in the name of a particular organisation. Recent evidence also suggests that Trojans and other malicious code have been developed during the year specifically to compromise particular organisations, a trend that MessageLabs expects to continue in 2005.

As well as the threat from targeted fraud, MessageLabs sees the other key issue facing IT departments and executives as regulatory compliance.

See: The report  (11-page PDF)

Feedback | Printer-friendly page | Latest news | | All news feeds | Ask a lawyer