Ready for some spear phishing

Antispam/phishing vendor iS3 discusses the current state of phishing attacks and the next defensive measure in the antiphishing arsenal.

With Jess Kalish, director of technical and corporate communications at iS3, makers of Stopzilla. The company is a member of the Anti Phishing Working Group.

Question: Is phishing declining, holding steady or getting worse?

Kalish: It's getting worse. It's getting worse because it's getting more sophisticated. In the beginning when phishing started, it was unsophisticated. You would have an email with grammatical mistakes, with a link to a Web site that was essentially a bitmap. It was obviously a fraudulent Web site. Today, creators are much more sophisticated. You can't really tell a phishing Web site unless you know what to look for. Also, they've developed spear phishing. Spear phishing is a much more virulent form of phishing, much more effective. Phishing email response is typically 3 to 5%. With spear phishing, the return is 19%. Spear phishers use any number of tools such as remote access tools and rootkits.

Question: How big a trend is spear phishing?

Kalish: It's a huge trend. As people become more sophisticated, as technology improves, it's a race. We have phishing. People get hip to phishing, so phishing technology improves. [Spear phishing is] a combination of technological deception and social engineering. In order for spear phishing to be effective, the phishing email needs to be sent to a person who has an affiliation with the Web site that is being spoofed. They put spyware on your computer. It could be a keylogger, it could be any number of techniques. It is something on your computer monitoring your searches. If you are doing business with ABC Credit Union, they could deliver a phishing email pretending to be from that organization. The [security] technologies that have been used in the past have been reactive technologies. When somebody gets phished, the Anti Phishing Working Group [helps take] them down. But that's a reactive technology. Somebody must be phished in order for them to discover it.

Question: It doesn't seem like a pretty picture. Is progress being made?

Kalish: We're making progress fighting it. The way we are making progress is with the use of heuristics. Heuristics is essentially a mathematical rules engine. What we do is when you go to a particular Web site, we subject the URL to a consecutive series of criteria. Bottom line, if it looks like a phishing site and smells like a phishing site, it probably is a phishing site -- for example, if you go to a site that has certain characteristics, such as not having HTTPS, or if the URL is a number, which doesn't conform to the naming convention. When the heuristic program gets a particular percentage, we deliver an alert, a warning that says the site is known to be or is potentially malicious.

This 3 Questions originally appeared in a report from IT Business Edge.

Dig Deeper on Cybersecurity risk assessment and management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.