Phishing is, in my opinion, the biggest risk we all face Online.  The deceptions used are very sophisticated.  There is one simple rule for avoiding getting hooked: NEVER enter your password in a website that you were directed to by a link in an unsolicited email.  This is particularly true for banking sites, Paypal and eBay.  I receive 1-2 phishing emails every single day.  Educate yourself and don’t be a victim.

I have mentioned phishing three times before on the TOTD:

http://totd.squarespace.com/tip-of-the-day-blog/2004/9/7/more-on-phishing.html

http://totd.squarespace.com/tip-of-the-day-blog/2004/4/12/phishing.html

http://totd.squarespace.com/tip-of-the-day-blog/2005/12/8/7-in-10-americans-fall-prey-to-phishing-scams.html

Although fewer attacks are successful, the losses per successful attack are growing.

Consumers to Lose $2.8 Billion to Phishers in 2006

http://www.pcworld.com/article/id,127799/article.html#

Robert McMillan, IDG News Service

Thursday, November 09, 2006 07:00 AM PST

Browser makers may have added new antiphishing features to their products in recent months, but the criminals are still gaining ground in their efforts to defraud U.S. consumers, according to the Gartner research firm.

Phishers have hit more victims with their online attacks, and while fewer people are losing money to phishers, successful attempts have been yielding bigger payoffs, said Avivah Litan, vice president and distinguished analyst at Gartner. “When they do succeeded, they’re stealing five times more than they stole last year.”

Phishers Get Big Payoffs

The average loss per phishing attack was $1244 this year, Litan said, up from $256. Gartner estimates that the total financial losses attributable to phishing will total $2.8 billion this year.

And users who are taken in by phishing scams are less likely to recover their money, Litan said. In 2005, 80 percent of victims got their money back. This year, that number dropped to 54 percent.

Gartner estimates that 3.5 million Americans will give up sensitive information to phishers in 2006—up from an estimated 1.9 million last year.

Antiphishing Efforts Playing Catch-Up

Although the recently released Internet Explorer 7 and Firefox 2.0 browsers came with new antiphishing features, Microsoft and Mozilla are still playing catch-up with the crooks.

“It’s still too early to know how effective [these new antiphishing features] are, but certainly that technology is a couple of years too late,” Litan said.

Phishing filters are not working because attackers are moving around their phishing Web sites and making it very difficult for antiphishing tools to tell the difference between a computer that is malicious and one that is simply unknown, she said.

A year ago, the average lifespan of a phisher’s Web site was one week. Now it’s just a few hours. “In the next year or two it will probably be one server per e-mail,” Litan said. “They’re impossible to catch and take down.”

A Failure to Communicate

Antiphishing expert Paul Laudanski agrees that these attacks are on the rise. Part of the problem, he says, is the fact that Internet service providers and the companies being spoofed by phishers are not doing all they could to share information and track down the criminals.

Often companies are reluctant to share information for fear that it may lead to lawsuits, said Laudanski, owner of Computer Cops and the leader of the Phishing Incident Reporting and Termination squad project.

“What we need, I believe, is free, open communication,” he said. “The criminals are working together in this, but it’s hard for us to work together.”