According to the Anti-phishing Working Group's February Phishing Trends report, which includes research from Websense Security Labs, more and more phishing emails are not relying on tricking users to divulge information via social engineering.
Among the 13,141 unique phishing email messages reported, the most common attack methods include the use of malicious code that modifies host files to point regularly accessed sites to fraudulent sites -- called pharming, as well as the use of malicious code that logs user keystrokes based on predetermined URLs that are accessed(keylogging). DNS cache poisoning is also being used to channel information to pharming web sites.
"As reported in December and January, the phishers are using alternative methods to 'phish' for end-user information," said Dan Hubbard, senior director of security and technology research for Websense, Inc. "Previous phishing attacks, primarily through email, were based around luring a user to perform an action through social engineering. However, we are seeing additional attack methods which do not necessarily rely on the lure of email becoming more frequent."
Among its other findings, Websense Security Labs has seen a large number of small e-commerce sites and regional banks becoming victims of phishing attacks.
"It's important for companies to use education and technology to help mitigate the newest attack vectors, such as IM, within their organization," added Hubbard.
February's phishing activity is an increase of 2 percent over the number of unique reports for January, despite February being a shorter month. The country hosting the most phishing sites in February was the U.S. The full report is available at http://antiphishing.org/APWG_Phishing_Activity_Report_Feb05.pdf.