"Phishing" and "pharming" are words that have been more and more used to describe two current threats. Both are techniques intended to steal your sensitive personal information for fraud and theft.

Phishing is derived from "fishing" - a social engineering attack attempting to trick you into revealing personal information like passwords and credit card numbers. Emails masquerading as official looking messages from e.g. your bank are typical for tools used by phishers. Phishers are hard to trace and often use a country without too much cyber-law as their point of operation.

In 2005 the use of social engineering attacks are likely to increase even more. Not the least by spammers to avoid spam filters and/or spam traps, but also as a tool for the criminals that are phishing for your confidential information. The phishing problem has already increased and these days it looks extremely professional, indicating that the attacks are organized.

The latest reports from The Anti-Phishing Working Group showed that the average monthly growth rate in phishing sites July through February was 26 %. The average time online for a fake site is less than six days, while the longest site actually lived for 30 days.

February showed a trend back to using cousin domain names (names that are almost identical to the real name).. The standard HTTP port 80 is in use at over 90% of all phishing sites reported. The same month showed that there were more than 13.000 unique phishing email messages. The most hijacked sites are financial institutions (8 out of 9 in January 2005).

The trends show that the phishers are using alternative methods for their phishing. While previous phishing attacks were based around luring a user to perform an action through social engineering (primarily through spoofed email and web sites), the use of Instant Messaging (IM) to spoof companies and phish is becoming more frequent.

In 2005 we will probably see spam and phishing merged together, where viruses and worms will be used to spread and install backdoors. Spammers will then be able to use the computers as open mail relays. This will make the tracking of spammers more problematic.

Pharming (from "farming") on the other hand exploits the Domain Name System (DNS) - the Internet system that translates a computer name into an Internet Protocol (IP) address. The pharmers try to transform the host name into another IP address than the legitimate one. Then it is possible for a pharmer to set up e.g. a web site looking similar to e.g. an Internet bank and harvest losts of personal information. An older word for pharming is DNS poisoning.

There are several techinques used, one is to change the hosts file on your own local computer. This can e.g. be used by viruses and other malicious programs that infect your computer.Another is to make changes in the computer(s) that provide the translation from host name to IP addresses (the DNS servers), by exploiting vulnerabilities in these computers.

Another upcoming threat less connected to computers will be SMS phishing and spam. Receiving an SMS is usually free, however joining certain broadcast channels, losts of people are unaware that they also pay money to the sender per received SMS after subscribing. And unsubscribing is much harder than one thinks. But even if we don’t regard information broadcast channels, receiving spam SMS might cost the user money. When the recipient uses a pre-paid card and is abroad, using roaming facilities of a foreign telecom provider, he will pay for the transmission of the SMS from his origin country to the country he resides in at the moment.

Trends clearly show that the threats are in every way changing rapidly. The authors of malicious codes and the culprits behind IT criminality are working to improve their steeling and frauding techniques. The world of threats is dynamic and fast moving - forcing the IT security vendors to work just as fast - or preferably even faster.

Ella Mæhlumshagen / Per Olav Førland