We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Phishing attacks grow more sophisticated

Consumers confused by security warnings

Phishing attacks are hooking more victims as they grow more sophisticated.

So-called phishing attacks attempt to trick users into entering personal information, such as bank details or passwords, on fake websites.

According to Gartner, the number of phishing email recipients has grown 28 percent during this year. Because fraudulent emails negatively impact consumer confidence, the research firm's recent study predicts phishing and other security breaches will inhibit three-year US e-commerce growth rates by 1-3 percent.

Evidence of the growing cunning of the attacks came on Friday from threat protection vendor SurfControl, which said it discovered what it termed a ’secured phishing’ technique capable of displaying the trusted padlock security icon on a fake site.

SurfControl rated the method as high risk because the padlock icon displayed at the bottom corner of a browser is a widely accepted symbol of a safe and secure website.

Secured phishing uses self-signed digital certificates to use the HTTPS security protocol, which triggers the padlock icon, on spoofed websites. Typically, Secure Sockets Layer digital certificates are issued by a certifying authority. Windows generates a warning when it encounters a self-signed certificate, but many web users don't understand the warning or ignore it, according to SurfControl.

To protect against secured phishing, individuals visiting financial sites that ask for personal information should look for a valid SSL certificate issued by a Trusted Certificate Authority. These sites will not prompt an alert dialog box, according to SurfControl.

Stepping up the technology fight against phishers, email security company Iconix this week rolled out visual email identification software to help web users identify trusted email senders. The company also introduced the Iconix Truemark service, which allows businesses to mark their email messages as secure.

To combat phishing, technology solutions need to go beyond authentication, said Lance Tokuda, CTO and Vice President of Engineering at Iconix.


IDG UK Sites

The best iPhone 6 alternatives: Price and specs compared with the best smartphones

IDG UK Sites

The top 10 Apple products ranked by pixel density: Which Apple devices have the sharpest screens?

IDG UK Sites

SBTRKT's Look Away webcam-based interactive music video won't keep your gaze

IDG UK Sites

Retina MacBook Air release date rumours and specs: Gold 12in Retina MacBook Air almost 1cm thinner...