Friday, April 25, 2008

Phishing Scams - What's Old is New Again

The amazing thing about crime is that criminals continue to perpetuate the same old scams, with remarkably good results, time and again.

I just finished reading "The Rescue Artist" this morning - the story of the recovery of Munch's "The Scream", post its theft from an Oslo museum in 1994. It's a good read. But what stands out is the number of times criminals have perpetrated exactly the same crime against exactly the same asset, with outstanding results.

An example: The most valuable paintings shown in Russborough House, a private gallery outside of Dublin, have been stolen four times in twenty years - from exactly the same hooks on the wall. No doubt the police and insurers have advised the owners several times as to the weaknesses in their systems. Yet the crimes keep being committed.

Like other security companies, Authentium has a number of antiphishing partners and approaches, including interception and user education. The challenge seems to be that as far as user education is concerned, the lure of gain will ensure the crimes keep on being committed, over and over again.

Case in point: Today, I received an email from The Camelot Group PLC, Operators of "The Uk National Lottery" (note lower case "k"), informing me that I have won over $1.2m.

Reading through the phishing email, I had the feeling that I was viewing an extremely amateurish "first time" output of a phishing kit. The obvious grammatical issues and bad use of cut and paste stood out like beacons.

But even though it reeked of a scam, I knew that someone somewhere was busy sending in their personal details to the hackers. Half a million pounds is a lot of money. Which is why this stuff keeps working, and will continue to keep working for years to come.

Note: We have a new beta phishing interception approach scheduled for release on May 22nd that will provide users with a much better feedback mechanism than currently exists. Stay tuned.

No comments: