Printer Friendly
The Free Library
19,588,385 articles and books
Member login
User name  
Password 
 
Join us Forgot password?

Analysis of Email Fraud and Phishing Attacks in May Reveal that 95% Contain Forged 'From' Addresses.


REDWOOD CITY Redwood City, city (1990 pop. 66,072), seat of San Mateo co., W Calif., on San Francisco Bay; inc. 1868. Manufactures include commmunications, electrical, electronic, and medical equipment. , Calif. -- Anti-Phishing Working Group The AntiPhishing Working Group (APWG) is a consortium that brings together businesses affected by phishing attacks, businesses that provide security products and law enforcement.

The APWG has more than 2700+ members from more than 1600 companies & agencies worldwide.  Report Concludes That Email Authentication See e-mail authentication.  is a Critical Component in the Fight Against Phishing

Tumbleweed tumbleweed, any of several plants, particularly abundant in prairie and steppe regions, that commonly break from their roots at maturity and, drying into a rounded tangle of light, stiff branches, roll before the wind, covering long distances and scattering seed as (R) Communications Corp. (Nasdaq:TMWD) and the Anti-Phishing Working Group today released the "Phishing Attack Trends Report" for May 2004, an analysis of phishing scam attacks submitted to www.anti-phishing.org, the Internet's most comprehensive archive of email fraud and phishing attacks. While this analysis shows that the numbers of unique attacks grew by only 6% in May, it also reveals that over 95% of attacks rely on the use of forged 'from' addresses to hide the identity of the scammers and evade spam filters. This trend underscores the utility of email sender authentication See e-mail authentication and Sender ID.  technologies as a critical step toward reducing the effectiveness of phishing campaigns by preventing fraudulent emails from reaching inboxes.

Several email authentication standards have been proposed by members of the Anti-Phishing Working Group, and while the specifics vary, each aims to prevent messages with forged addresses from reaching email users. Once deployed by ISPs, email authentication promises to reduce the number of phishing attacks reaching inboxes, with the added bonus of stopping most spam and the majority of e-mail based worms and viruses.

Phishing attacks use 'spoofed' e-mails and fraudulent websites to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, social security numbers, etc. By hijacking hijacking

Crime of seizing possession or control of a vehicle from another by force or threat of force. Although by the late 20th century hijacking most frequently involved the seizure of an airplane and its forcible diversion to destinations chosen by the air pirates, when  the trusted brands of well-known banks, online retailers, ISPs and credit card companies, phishers are able to convince up to 5% of recipients to respond to them. The result of these scams is that consumers suffer credit card fraud Credit card fraud is a wide-ranging term for theft and fraud committed using a credit card or any similar payment mechanism as a fraudulent source of funds in a transaction. The purpose may be to obtain goods without paying, or to obtain unauthorized funds from an account. , identity theft, and financial loss.

In May, there were 1197 new, unique phishing attacks reported to the Anti-Phishing Working Group. This was a relatively minor 6% increase over the number of attacks reported in April (1125). The average number of phishing attacks per day in May was 38.6 (up slightly from the 37.5 per day for April). Analyzing this information on a weekly basis shows two weeks that averaged over 300 attacks, but a significant dip during the week of May 29. This dip may be due to the Labor Day Labor Day, holiday celebrated in the United States and Canada on the first Monday in September to honor the laborer. It was inaugurated by the Knights of Labor in 1882 and made a national holiday by the U.S. Congress in 1894.  holiday in the U.S., and a resultant reduction in reported phishing attacks. Highlights the Anti-Phishing Working Group's May report include:

--95% of phishing and email fraud attacks used spoofed or forged 'from' addresses.

--The company most-targeted by phishing attacks in May was Citibank with 370 unique attacks. This is down from 475 in April.

--Attacks against U.S. Bank surged 170%.

--Attacks against AOL (A division of Time Warner, Inc., New York, NY, www.aol.com) The world's largest online information service with access to the Internet, e-mail, chat rooms and a variety of databases and services.  doubled.

--The most-targeted industry sector was Financial Services with 848 unique attacks.

For more information and analysis, please download a copy of the "Phishing Attack Trends Report" for May 2004 free of charge at http://www.antiphishing.org/APWG_Phishing_Attack_Report-May2004.pdf.

"One Achilles heel of phishing, and other related e-mail threats like spam and viruses, is the reliance on forged 'from' addresses to hide the sender's identity," said Dave Jevans, Chairman of the Anti-Phishing Working Group and Senior Vice President at Tumbleweed Communications. "The problem is that for the most part, email servers haven't cared where an email message claims to be from -- they'll accept anything. Once ISPs start to verify the source of messages, a lot of the bad things in email, including phishing, will be greatly reduced. Not many scammers will use their personal email accounts to launch a crime wave."

About the Anti-Phishing Working Group

The Anti-Phishing Working Group (APWG APWG Anti-Phishing Working Group
APWG Action Plan Work Group
APWG Acquisition Policy Working Group
APWG Advocates for Prostituted Women and Girls
APWG AFSCN Prioritization Working Group
APWG AFSCN Priorities Working Group ) is focused on eliminating the problem of phishing and email spoofing attacks, by developing and sharing information about the problem, and promoting the visibility and adoption of industry solutions. Membership in the group is open to qualified financial institutions, corporations, law enforcement agencies A law enforcement agency (LEA) is a term used to describe any agency which enforces the law. This may be a local or state police, federal agencies such as the Federal Bureau of Investigation (FBI) or the Drug Enforcement Administration (DEA). , public policy groups and solution vendors.

The Web site of the Anti-Phishing Working Group is www.antiphishing.org. It serves as a public and industry resource for information about the problem of phishing and email fraud, including identification and promotion of pragmatic technical solutions that can provide immediate protection and benefits against phishing attacks. The analysis, forensics See computer forensics. , and archival of phishing attacks to the Web site are currently powered by Tumbleweed Communications' Message Protection Lab(TM).

About Tumbleweed Communications Corp.

Tumbleweed is a leading provider of secure Internet messaging software products for enterprises. By making Internet communications secure, reliable and automated, Tumbleweed's anti-spam, email firewall, secure file transfer, secure email, and identity validation solutions help customers significantly reduce the cost of doing business. Tumbleweed products are used by millions of end-users and tens of thousands of corporations. Tumbleweed customers include ABN Amro, Bank of America
See also:  and


Bank of America (NYSE: BAC TYO: 8648 ) is the largest commercial bank in the United States in terms of deposits, and the largest company of its kind in the world.  Securities, Catholic Healthcare West Catholic Healthcare West (CHW) is a California not-for-profit public benefit corporation that operates hospitals in California, Arizona, and Nevada[1]. As such, it is exempt from federal and state income taxes. , JP Morgan Chase & Co., The Regence Group (Blue Cross/Blue Shield), St. Luke's Episcopal Healthcare System, the US Food and Drug Administration, and the US Navy and Marine Corps. Tumbleweed Communications was founded in 1993 and is headquartered in Redwood City, Calif. For additional information about Tumbleweed go to www.tumbleweed.com or call 650-216-2000.

SAFE HARBOR Safe Harbor

1. A legal provision to reduce or eliminate liability as long as good faith is demonstrated.

2. A form of shark repellent implemented by a target company acquiring a business that is so poorly regulated that the target itself is less attractive.  STATEMENT

Tumbleweed cautions that forward-looking statements contained in this press release are based on current plans and expectations, and that a number of factors could cause the actual results to differ materially from the guidance given at this time. These factors are described in the Safe Harbor statement below.

Except for the historical information contained herein, the matters discussed in this press release may constitute forward-looking statements that involve risks and uncertainties that could cause actual results to differ materially from those projected, particularly with respect to phishing techniques and patterns, as well as methods to combat phishing and other forms of email fraud. In some cases, forward-looking statements can be identified by terminology such as "may," "will," "should," "potential," "continue," "expects," "anticipates," "intends," "plans," "believes," "estimates," and similar expressions. For further cautions about the risks of investing in Tumbleweed, we refer you to the documents Tumbleweed files from time to time with the Securities and Exchange Commission, particularly Tumbleweed's Form 10-K Form 10-K

A report required by the SEC from exchange-listed companies that provides for annual disclosure of certain financial information.

Form 10-K

See 10-K.  filed March 15, 2004 and Form 10-Q Form 10-Q

See 10-Q.  filed May 10, 2004.

Tumbleweed assumes no obligation to update information contained in this press release, including for example its guidance regarding its future performance, which represents the Company's expectations only as of the date of this release and should not be viewed as a statement about the Company's expectations after such date. Although this release may remain available on the Company's website or elsewhere, its continued availability does not indicate that the Company is reaffirming or confirming any of the information contained herein.
COPYRIGHT 2004 Business Wire
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2004, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

 Reader Opinion

Title:

Comment:



 

Article Details
Printer friendly Cite/link Email Feedback
Publication:Business Wire
Geographic Code:1USA
Date:Jun 28, 2004
Words:1083
Previous Article:Ryerson Tull to Automate Data Center Management with HP and Tidal Software.
Next Article:Tumbleweed Unveils Latest Version of Industry Leading MailGate with Anti-Virus Technology and Improved Anti-Spam Performance.
Topics:



Related Articles
Phishing lures: bogus e-mail and copycat Web sites threaten school users.
Tumbleweed Communications and the Anti-Phishing Working Group Report 1,422 Unique Phishing Attacks in June.
Do-it-yourself phishing kits found on the internet.
Taking the bait.
Hook, line and sinker: life insurers and their policyholders could be the next targets of online phishing scams.
Safety tips for last-minute online shoppers.
Security news and products; Webwasher6.0 proactive anti-malware protection.
Security news and products; on the menu today is Phish and Spam.
Who can you trust? Trustworthiness is a precious commodity, and online criminals are expert at faking it. Aston Fallen, CEO of Steganos, highlights...
87 percent of UK claim to have good understanding of spyware.

Terms of use | Copyright © 2012 Farlex, Inc. | Feedback | For webmasters | Submit articles