88 Percent of Phishing E-mails Use the Target's Domain Name

New Study From Leading Anti-Phishing Firm Internet Identity Reveals That Most Remaining Messages Use Related Domains

April 18, 2006; 03:40 AM
New research reveals that 88 percent of all phishing attacks forge the target company's domain name in the "from" address of the bait e-mails that are used to lure victims to the phishing web site. Almost all of the remaining messages used related domains, like pay-pal.org instead of paypal.com. The study, performed by anti-phishing services provider Internet Identity, looked at phishing e-mails from over 1,000 different attacks launched against more than 60 targeted brands from February 1 to April 10, 2006.

Internet Identity performed the study in its ongoing efforts to better protect its banking and e-commerce clients and to help add to the general anti-phishing community knowledge base. The results were somewhat surprising since existing, inexpensive e-mail authentication technologies can easily detect such spoofing, and since using the targeted company's domain name to send phishing lure e-mail will quickly alert an attentive company to the attack.

"There are three immediate and useful take-aways from these results," said Rod Rasmussen, Director of Operations at Internet Identity. "First, widespread adoption of e-mail authentication by ISPs and companies could virtually stop phishing e-mail as it currently is practiced. Second, phishing targets today can learn about almost all new attacks immediately just by watching the messages that are bounced back to their own mail servers. Third, phishing targets need to control the core domains around their main domain name to prevent their use in phishing."

Microsoft Corp. has proven these three points by reducing phishing attacks against its brands by more than 80 percent during the past year. "By implementing Sender ID in MSN Hotmail, we now have a mechanism to verify our brand identity to help customers know when e-mail from MSN is actually coming from MSN, and it's had a significant impact on our efforts to keep phishing scams out of customers' inboxes," explained Craig Spiezle, director, Microsoft Technology Care and Safety Group. "In addition, we are working to aggressively detect and shut down new phishing sites that spoof our brands and are working with leading organizations like Internet Identity on our domain defense programs to help further protect our brands from online threats."

The release of the study results coincides with the Anti-Phishing Working Group Spring General Meeting today, and the E-Mail Authentication Summit 2006 on April 19. Both events take place at the Hilton Hotel in downtown Chicago, IL.

As an active participant in both industry groups, Internet Identity will also be showcasing at both events its RealPhish™ real-time feed of URLs of 100 percent verified phishing web sites. "Today, Internet Identity's RealPhish data enables ISPs, anti-spam vendors and web browser toolbar makers to immediately obstruct delivery of phishing e-mails and block access to phishing web sites with complete confidence," continued Rasmussen. "We look forward to in-depth discussions with the other attendees at both conferences on how best to rid the world of phishing and other email threats."

More information about Email Authentication Summit 2006 can be found at www.emailauthentication.org/summit2006.

More information about the Anti-Phishing Working Group meeting can be found at http://www.antiphishing.org/events/2006_springGeneralMeeting.html

About Internet Identity

Internet Identity™ is a leader in detecting, verifying and neutralizing phishing web sites, enabling providers of internet, e-commerce and financial services to protect their customers against online fraud. Combining innovative technology with expert human analysis and action, Internet Identity delivers highly effective phishing web site reporting and deactivation for the lowest cost available today. The company's Domain Control program offers a cost-effective way for companies to protect their brands in domain names worldwide. For more information, please visit www.internetidentity.com, or email inquiries to [email protected].

Internet Identity is a trademark of Internet Identity.

The names of actual companies mentioned herein may be trademarks of their respective owners.

Lars Harvey, Internet Identity, Email Contact, (253) 590-4085