Monday, April 04, 2005

Phishing and IM usage

I sat in a briefing last year at Black Hat Las Vegas where numbers were cited for SPAM and phishing attacks. The phishing attacks were significantly more successful, even if they only were believed by a relatively small percentage of the receiving audience. The small percentages don't tell the whole story, though, because if you can get 1 out of 1,000 to bite, you still have got a fairly large number of users. A good site to keep up with the latest in phishing attacks is the Anti-Phishing Working Group.

As indicated in their February 2005 Phishing Activity Trends Reports, the Anti-Phishing Working Group has noted an increased usage of IM and other non-email mechanisms to propogate these phishing attacks. There has been quite a bit of strong language against the use of IM in the workplace and while it can be seen as a "work saver," there are enough security concerns around its use to consider deploying appropriate appliances to control usage or blocking it altogether. With IM being utilized increasingly as a mechanism to deliver viruses and phishing attacks, I'm wondering if a balance will be reached, much like with email, before most organizations start blocking IM, period.


Post a Comment

Links to this post:

Create a Link

<< Home