How might phishing attacks evolve in the near future?
As phishing e-mails and websites have grown more sophisticated, phishers also have changed the kinds of companies they are spoofing. Early phishing e-mails usually targeted large banks, credit card companies, online payment services, ISPs and large online retailers. As those large companies put defense mechanisms in place to limit the damages, phishers have moved on to smaller companies that may be less prepared to defend themselves. At the same time, phishers have also grown more sophisticated in their use of e-mail address lists. A phishing e-mail targeting a regional credit union, for example, may be sent only to customers who use ISPs located in that same area. The latest and perhaps ultimate personalization? A technique known as “spear phishing,” in which e-mails are customized for particular users. One scam targeted just executives at certain kinds of companies. Security analyst Steve Hunt reports another spear-phishing scam in which he received a text message from a “bank” direc
