Ready for Some Spear Phishing?

Carl Weinschenk

Carl Weinschenk spoke with Jess Kalish, director of technical and corporate communications at iS3, makers of Stopzilla. The company is a member of the Anti Phishing Working Group.


Weinschenk: Is phishing declining, holding steady or getting worse?
Kalish: It's getting worse. It's getting worse because it's getting more sophisticated. In the beginning when phishing started, it was unsophisticated. You would have an e-mail with grammatical mistakes, with a link to a Web site that was essentially a bitmap. It was obviously a fraudulent Web site. Today, creators are much more sophisticated. You can't really tell a phishing Web site unless you know what to look for. Also, they've developed spear phishing. Spear phishing is a much more virulent form of phishing, much more effective. Phishing e-mail response is typically 3 to 5 percent. With spear phishing, the return is 19 percent. Spear phishers use any number of tools such as remote access tools and rootkits.


Weinschenk: How big a trend is spear phishing?
Kalish: It's a huge trend. As people become more sophisticated, as technology improves, it's a race. We have phishing. People get hip to phishing, so phishing technology improves. [Spear phishing is] a combination of technological deception and social engineering. In order for spear phishing to be effective, the phishing e-mail needs to be sent to a person who has an affiliation with the Web site that is being spoofed. They put spyware on your computer. It could be a keylogger, it could be any number of techniques. It is something on your computer monitoring your searches. If you are doing business with ABC Credit Union, they could deliver a phishing e-mail pretending to be from that organization. The [security] technologies that have been used in the past have been reactive technologies. When somebody gets phished, the Anti Phishing Working Group [helps take] them down. But that's a reactive technology. Somebody must be phished in order for them to discover it.


Weinschenk: It doesn't seem like a pretty picture. Is progress being made?
Kalish: We're making progress fighting it. The way we are making progress is with the use of heuristics. Heuristics is essentially a mathematical rules engine. What we do is when you go to a particular Web site, we subject the URL to a consecutive series of criteria. Bottom line, if it looks like a phishing site and smells like a phishing site, it probably is a phishing site - for example, if you go to a site that has certain characteristics, such as not having HTTPS, or if the URL is a number, which doesn't conform to the naming convention. When the heuristic program gets a particular percentage, we deliver an alert, a warning that says the site is known to be or is potentially malicious.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making


SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data