Phishing Exposed

Now it s time to say goodbye (pester the publisher for a sequel on antiphishing because this was fun). Here we cover some of the statistics we re seeing in 2005 and look at some antiphishing products on the market, including some slight analysis of them. This is where we get the vendors upset.
The battle against phishing is not always a losing battle; it just requires a bit of thinking outside the box. Don t take this the wrong way, but I m happy that phishing is an epidemic, because it forces corporations, ISPs, security professionals, and home users to start thinking less reactively and a bit more about what we ve already done to put ourselves in this position. The threat model is changing rapidly, and from the point of the view of the security professional, our defenses aren t as scalable compared to those of the attackers. This is due to multiple conditions, including the law, technology, liability, and skill sets.
The first three months of 2005 saw the continued trend of phishers increased use of sophisticated malware techniques. Although financial institutions were the primary targets, phishers have begun to focus new attacks on both the small business sector and individual technology users. There was a noticeable increase in spam, with the appearance of IM worms for instant messenger applications in early 2005, particularly in the mobile computing and telephony sectors. Overall, phishing activity reported by APWG and others reached an all-time peak in December 2004 through mid-January 2005 and...