28 August 2009, 11:55

IBM Report: Phishing is going out of style

According to IBM's latest six-monthly trends and risks report, the number of phishing emails as a proportion of total spam fell in the first six months of this year to 0.1 per cent. In the same period last year the figure stood at between 0.2 and 0.8 per cent.

Compared to last year, phishing emails have almost disappeared.

The German Bundeskriminalamt (equivalent to the British Criminal Investigation Department (CID)) has come to a similar conclusion. Only 10 per cent of online banking fraud can now be traced back to fake banking websites. One reason for this is the almost universal introduction of indexed TANs (Transaction Authentication Number), which can't be used by criminals for fraudulent transactions in the usual way.

Instead, criminals are increasingly making use of trojans to obtain login and other online banking data directly from PCs. The trojans frequently penetrate systems via security vulnerabilities in browsers. Attackers are, however, also increasingly exploiting vulnerabilities in the way crafted PDF files are processed. In its report, IBM confirms the figures published by F-Secure, showing that the number of vulnerabilities in programs for processing PDF files has overtaken that in programs for office files.

According to IBM, links to infected websites are everywhere.

According to IBM, it will rarely take a user long to stumble on malicious content or files on the web. 50 per cent of home users' websites are reported to contain at least one dodgy link. In addition, 20 per cent of search engines, portals and directories contain URLs which lead users to infectious websites. Kris Lamb, head of IBM's X-Force security team has expressed his concern to Brian Krebs of the Washington Post, "There is no such thing as safe browsing today and it is no longer the case that only the red light district sites are responsible for malware. We've reached a tipping point where every Web site should be viewed as suspicious."

See also: