80% of net phishing victims take easy bait

Stan Beer
Tuesday, 27 September 2005 10:00

Business IT - Security

The vast majority of victims of internet phishing scams fall prey to very simple lures rather than complex hard to identify schemes, according to a new report.

According to statistics from internet security company, Trend Micro, 76% of phishing scams use easy to reveal illegitimate URLs. The scammers rely on users neglecting to read the URL address carefully on the address bar of their browsers.

Phishers, unlike hackers who write malicious code, do not compete with each other for notoriety. Instead, they spend their time coming up with and improving tricks used to gather valuable information. According to Trend Micro, there is no direct relationship between successful scams and technical complexity. 

According to data collected by Trend Micro, the following are the top five commonly used phishing techniques and are listed in order of their increasing technical complexity:

1. Explicit display of phishing URL without disguise by the hacker.

2. Address bar spoofing which involves altering the URL displayed in the browser's address bar. Spoofing displays an image with a white background and whatever desired URL text in front of the real address bar. To the user, this simply looks like browsing a normal online banking site. However, the real address can be viewed by looking at the web page content window.

3. Pop-up windows which use a script to open a normal website and spoof a pop-up window that is not related to the normal website in the background. This technique fools users into believing the pop-up window is related to the website they are browsing.

4. Some phishing emails use HTML format and include embedded forms that can be used to collect personal account information that is then either sent back to a hacker's email address or posted on a specified website.

5. Website Spoofing is a technique that requires some effort to recreate an exact copy of a bank or other commercial website. The fake site contains all the same links as the original, except that they will link to domains on the phishing site instead of the real site.