How might phishing attacks evolve in the near future?
At the same time, phishers have also grown more sophisticated in their use of e-mail address lists. A phishing e-mail targeting a regional credit union, for example, may be sent only to customers who use ISPs located in that same area. The latest and perhaps ultimate personalization? A technique known as "spear phishing," in which e-mails are customized for particular users, for example executives at certain kinds of companies.
Meanwhile, as customers become more savvy about the risks of divulging personal information, fraudsters are looking for ways to gather information without the victims' knowledge. This is often done with a method known as pharming. Like phishing, pharming aims to collect personal information from unsuspecting victims. The difference is that pharming doesn't rely on e-mail solicitation to ensnare its victims. Instead, this attack method essentially tinkers with the road maps that computers use to navigate the Web, such that large numbers of users can wind up giving personal data to a bogus site even if they've typed in a legitimate URL.
Sign up for CIO Asia eNewsletters.