We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Phishing attacks grow more sophisticated

Consumers confused by security warnings

Phishing attacks are hooking more victims as they grow more sophisticated.

So-called phishing attacks attempt to trick users into entering personal information, such as bank details or passwords, on fake websites.

According to Gartner, the number of phishing email recipients has grown 28 percent during this year. Because fraudulent emails negatively impact consumer confidence, the research firm's recent study predicts phishing and other security breaches will inhibit three-year US e-commerce growth rates by 1-3 percent.

Evidence of the growing cunning of the attacks came on Friday from threat protection vendor SurfControl, which said it discovered what it termed a ’secured phishing’ technique capable of displaying the trusted padlock security icon on a fake site.

SurfControl rated the method as high risk because the padlock icon displayed at the bottom corner of a browser is a widely accepted symbol of a safe and secure website.

Secured phishing uses self-signed digital certificates to use the HTTPS security protocol, which triggers the padlock icon, on spoofed websites. Typically, Secure Sockets Layer digital certificates are issued by a certifying authority. Windows generates a warning when it encounters a self-signed certificate, but many web users don't understand the warning or ignore it, according to SurfControl.

To protect against secured phishing, individuals visiting financial sites that ask for personal information should look for a valid SSL certificate issued by a Trusted Certificate Authority. These sites will not prompt an alert dialog box, according to SurfControl.

Stepping up the technology fight against phishers, email security company Iconix this week rolled out visual email identification software to help web users identify trusted email senders. The company also introduced the Iconix Truemark service, which allows businesses to mark their email messages as secure.

To combat phishing, technology solutions need to go beyond authentication, said Lance Tokuda, CTO and Vice President of Engineering at Iconix.

IDG UK Sites

Best camera phone of 2015: iPhone 6 Plus vs LG G4 vs Galaxy S6 vs One M9 vs Nexus 6

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 of price of Retina iMac with new model