, 2007-02-15
Dr. Neal Krawetz takes a look at the numbers behind reports of laptop thefts and phishing attacks, showing inconsistent metrics and the difficulty in using numbers to determine the real level of threat.
Expand all |
Post comment
APWG Response: Laptop Losses and Phishing Fruit Salad
2007-02-21
APWG (2 replies)
APWG (2 replies)
Our experience is that people contribute phishing emails to sites and services that take action against them (eg. takedown or law enforcement). This can be seen by the growth of the Anti-Phishing Working Group membership, and by the rapid growth of the PhishTank and PIRT anti-phishing communities.
We add new metrics to try and track the new types of behavior. We count both phishing emails and phishing sites. If a phishing blast of 100,000 emails shows them to be all the same, except for the destination email address, then those are the same attack and are counted as 1 email campaign and 1 phishing site. Message body analysis and link analysis can yield information about whether attacks are targeted at specific users. In general, it can be used to indicate whether human review of specific attacks is warranted to do deeper investigation.
We have seen no evidence that "spear phishing" represents any significant level of phishing attacks. Most spear phishing is targeted at corporate users, and is very low volume. This keeps it under the "radar" of spam filters. There have been some notable wider-spread spear phishing attacks, for example when a stolen AT&T DSL subscriber database was used as the basis for a spear-phishing attack against 19,000 consumers.
- Dave
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/435/34396#34396