Executive Briefing

Ready for some spear phishing

With Jess Kalish, director of technical and corporate communications at iS3, makers of Stopzilla. The company is a member of the Anti Phishing Working Group.

Question: Is phishing declining, holding steady or getting worse?

Kalish: It's getting worse. It's getting worse because it's getting more sophisticated. In the beginning when phishing started, it was unsophisticated. You would have an email with grammatical mistakes, with a link to a Web site that was essentially a bitmap. It was obviously a fraudulent Web site. Today, creators are much more sophisticated. You can't really tell a phishing Web site unless you know what to look for. Also, they've developed spear phishing. Spear phishing is a much more virulent form of phishing, much more effective. Phishing email response is typically 3 to 5%. With spear phishing, the return is 19%. Spear phishers use any number of tools such as remote access tools and rootkits.


Question: How big a trend is spear phishing?

Kalish: It's a huge trend. As people become more sophisticated, as technology improves, it's a race. We have phishing. People get hip to phishing, so phishing technology improves. [Spear phishing is] a combination of technological deception and social engineering. In order for spear phishing to be effective, the phishing email needs to be sent to a person who has an affiliation with the Web site that is being spoofed. They put spyware on your computer. It could be a keylogger, it could be any number of techniques. It is something on your computer monitoring your searches. If you are doing business with ABC Credit Union, they could deliver a phishing email pretending to be from that organization. The [security] technologies that have been used in the past have been reactive technologies. When somebody gets phished, the Anti Phishing Working Group [helps take] them down. But that's a reactive technology. Somebody must be phished in order for them to discover it.


Question: It doesn't seem like a pretty picture. Is progress being made?

Kalish: We're making progress fighting it. The way we are making progress is with the use of heuristics. Heuristics is essentially a mathematical rules engine. What we do is when you go to a particular Web site, we subject the URL to a consecutive series of criteria. Bottom line, if it looks like a phishing site and smells like a phishing site, it probably is a phishing site -- for example, if you go to a site that has certain characteristics, such as not having HTTPS, or if the URL is a number, which doesn't conform to the naming convention. When the heuristic program gets a particular percentage, we deliver an alert, a warning that says the site is known to be or is potentially malicious.

This 3 Questions originally appeared in a report from IT Business Edge.


This was first published in September 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: