Cloudmark Research Exposes Underground Phishing Networks
Groundbreaking Report from Leading Messaging Security Company Uncovers Sophisticated Economic Infrastructure and Process Flow for Attacks
San Francisco, CA — June 30, 2005 — Cloudmark™ Inc., the proven leader in secure messaging from the desktop to the gateway, has completed groundbreaking research that describes for the first time how loosely-affiliated — but surprisingly organized — phishing networks prepare, launch and distribute money stolen through phishing attacks. The report entitled, "The Economics of Phishing" will be published by FirstMonday next month.
Of all the different types of email and messaging threats, phishing is perhaps the most insidious. It has eroded the brand of many well-known organizations, stalled their ecommerce initiatives and even compromised sensitive corporate and customer data through direct attacks. However, the most malevolent aspect is phishers scamming unsuspecting users out of thousands of dollars in life savings and ruining their credit reputation for years to come. Phishing differs from other email or Internet intrusions in that phishers aren't merely marketers trying to attract the attention of a user nor are they hackers seeking to disrupt computer networks. Phishers are criminal members of a highly organized economy of supply and demand where the only purpose is to steal personal identities and money.
Among the report's findings:
- Through the phishing "marketplace," phishers obtain and purchase separate bits of information such as target email lists, scam page templates, and a ready supply of compromised hosts that ultimately result in numerous but otherwise unrelated attacks
- Phishing networks depend on a confluence of highly-specialized skillsets, so phishers need not be especially tech-savvy to jeopardize hosts
"Our goal in publishing the findings of our phishing report is to alert businesses, consumers and other security vendors that phishing is not a scattershot operation," said Vipul Ved Prakash, Cloudmark's chief science officer. "It's highly organized and extremely effective in duping even the most sophisticated computer users into compromising personal information that leads to identity theft and drained bank accounts."
"The public is finally catching on that phishing is a threat, but most security vendors tasked with protecting them aren't doing a very good job," said Gary Iwatani, president and COO of Cloudmark. "The only way to develop effective solutions for combating phishing is to understand the complex infrastructure in which phishing economies thrive."
Many highly phished sites and financial institutions are taking extensive measures to ensure their members' protection. PayPal has gone so far as to protect it's users by offering them with a free download of SafetyBar, a free anti-phishing/anti-fraud toolbar powered by Cloudmark, which only allows valid emails into a user's inbox to eliminate inadvertent visits to criminal sites.
Cloudmark, the Cloudmark logo, Cloudmark Exchange Edition, SafetyBar, and SpamNet are trademarks or registered trademarks of Cloudmark Inc., for use in the United States and other countries. All other product and company names herein may be trademarks of their respective owners.
About Cloudmark
Cloudmark builds messaging security software that protects communications service provider networks and their subscribers against the widest range of messaging threats. Only Cloudmark Security Platform™ delivers instant security and control across diverse messaging environments, enabling communications service providers to create a safe user experience, protect revenue and safeguard their brand, while streamlining infrastructure and reducing operational costs. Cloudmark's patented solutions protect more than 120 tier-one customers worldwide, including AT&T, Verizon, Swisscom, Comcast, Cox and NTT.