
Email phishing has been around since the first days of the internet, with cyber criminals long looking to take advantage of the vast base of potential victims likely to fall for a scam.
As internet security has evolved, so have the phishing techniques that try to evade them, according to a recent Computerworld report. Citing security intrusions at the Oak Ridge National Laboratory and the RSA Security division at EMC, the report explained that new phishing threats have become so complex that even the highest-level enterprise users are susceptible.
At Oak Ridge, for example, a phishing attack led to the eventual infiltration of malware throughout the company. The email that unleashed the malicious program was designed to emulate one of Oak Ridge’s human resources memos, prompting many of the 570 employees who received it to download a malicious file, according to the report.
This is just an example of the many complex phishing scams that threaten to surpass today’s data protection technology.
Internet security experts have seen this problem grow lately as well. In an interview with Computerworld, Anup Ghosh, founder of security firm Invincea, said it is not uncommon for employees to fall for a phishing scam and put their company’s sensitive information at risk.
"You only need a very low click-through rate to establish several points of presence inside an organization," Ghosh said. "If you have 1,000 employees in your organization and you train them all on not opening untrusted attachments, you'll still have someone doing it. This is not a problem you can train yourself out of."
Research on the subject supports these beliefs. Since last year, spam levels have plummeted, according to a McAfee report on the fourth quarter of 2010, while malware levels have risen. This suggests that cyber criminals are scaling down the number of malicious programs and phishing emails they release in favor of producing a smaller number of more potent threats.