ISPs urged to filter spam and phishing attacks

By

Huge rise in malware should be tackled at the internet level, says security
firm.

ISPs urged to filter spam and phishing attacks
Consumers should lobby their ISPs to adopt aggressive filtering technology to cleanse email of phishing and spam attacks before it reaches their home PCs, a security expert has said.

Phishing emails now comprise more than half of all malware intercepted by security firm MessageLabs, the company said in its latest quarterly security report, and phishing techniques are becoming increasingly sophisticated. 

Mark Sunner, chief technical officer at MessageLabs, told vnunet.com that the best protection is not more stringent end-user security, but filtering by ISPs at the internet level. 

Phishing accounts for 52 percent of malware, up from 30 percent in August and 20 percent in July.

Botnets sending out spam and phishing emails are programmed to avoid segments of the internet where MessageLabs filters are active, according to Sunner.

But where MessageLabs has set up 'honeypots' of seemingly unprotected PCs, the rate of phishing is close to 90 percent.

"The huge jump is probably because the phishers are making hay while the sun shines and targeting banks which do not yet have two-factor authentication," said Sunner.

European banks have been moving from simple password protection to two-factor authentication based on a password plus a number generated for a single online banking session.

Examples of these systems include a random number generator given to account holders, a series of scratch-off numbers on the account statement or a number delivered on-demand by SMS.

But Sunner warned that two-factor authentication is not the 'silver bullet' that banks assume it to be.

MesageLabs has seen key-capture trojans specifically targeted at banking sites which only activate once the customer has gained access to the banking site.

The trojans then enable the session to be remotely hijacked and funds siphoned off into another account.

"So far this looks like a proof-of-concept and we have not seen it used in earnest," said Sunner.

Phishers are also harvesting information from other sites so that they can target only the known account holders of a certain bank. MessageLabs warned of more sophisticated spam and phishing attacks early in September.
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
andattacksfilterispsphishingspamtelco/isptourged

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
Telstra launches satellite messaging service

Telstra launches satellite messaging service
Telstra server migration cut access to emergency number

Telstra server migration cut access to emergency number
Telstra addresses external antenna claims by Vodafone

Telstra addresses external antenna claims by Vodafone
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?