PHISHING DROPS AS USERS GET SMARTER

Internet criminals might be rethinking a favorite scam for stealing people’s personal information. A report being released by IBM Corp on Wednesday shows a big drop in the volume of “phishing” emails, in which fraud artists send what looks like a legitimate message from a bank or some other company. If the recipient clicks on a link in a phishing email, they land on a rogue website that captures their passwords, account numbers or any other information they might enter. IBM’s midyear security report found that phishing accounted for just 0.1% for all spam in the first six months of this year. In the same period in the year 2008, phishing made up 0.2 to 0.8% of all spam. It’s not clear what, if anything, the decline means. (It also doesn’t appear to be a statistical illusion caused by an increase in other kinds of spam. IBM said the overall spam value hasn’t expanded like it did in years past.) “That is a huge, precipitious decline in the amount of phishing,” said Kris Lamb, director of the X-Force research teaming IBM’s internet security systems division, which did the report. Lamb believes phishing might have fallen off because computer users are getting smarter about identifying phony websites. Security software is also getting better at filtering out phishing sites before web surfers ever seen them. It could also be that criminals are moving on from phishing to other kind of attack. IBM said it is seeing more instances of “Trojan horse” programs, which are used to spy on victims. To protect yourself against phishing, access sensitive sites on your own, rather than by following links in emails, which might lead to phishing sites. IBM found that criminals are changing the types of businesses they attack with phishing. 66% of phishing targets were banks, down from 90% last year. Meanwhile, companies that handle online payments, like paypal, are being mimicked in phishing messages more frequently.