Phishing attacks are hooking more victims as they grow more sophisticated.
So-called phishing attacks attempt to trick users into entering personal information, such as bank details or passwords, on fake websites.
According to Gartner, the number of phishing email recipients has grown 28 percent during this year. Because fraudulent emails negatively impact consumer confidence, the research firm's recent study predicts phishing and other security breaches will inhibit three-year US e-commerce growth rates by 1-3 percent.
Evidence of the growing cunning of the attacks came on Friday from threat protection vendor SurfControl, which said it discovered what it termed a ’secured phishing’ technique capable of displaying the trusted padlock security icon on a fake site.
SurfControl rated the method as high risk because the padlock icon displayed at the bottom corner of a browser is a widely accepted symbol of a safe and secure website.
Secured phishing uses self-signed digital certificates to use the HTTPS security protocol, which triggers the padlock icon, on spoofed websites. Typically, Secure Sockets Layer digital certificates are issued by a certifying authority. Windows generates a warning when it encounters a self-signed certificate, but many web users don't understand the warning or ignore it, according to SurfControl.
To protect against secured phishing, individuals visiting financial sites that ask for personal information should look for a valid SSL certificate issued by a Trusted Certificate Authority. These sites will not prompt an alert dialog box, according to SurfControl.
Stepping up the technology fight against phishers, email security company Iconix this week rolled out visual email identification software to help web users identify trusted email senders. The company also introduced the Iconix Truemark service, which allows businesses to mark their email messages as secure.
To combat phishing, technology solutions need to go beyond authentication, said Lance Tokuda, CTO and Vice President of Engineering at Iconix.