ParetoLogic

CNET reports, in their article This week in Phishing, that Google has been busy testing out phishing protection for its Gmail clients. According to the CNET site:

When a Gmail user opens a suspected phishing message, the software displays a large red dialog box that warns the user the message may not be from whom it claims to be.

Gmail will also remove all live hyperlinks from suspect HTML-based e-mails to protect people's systems from potentially fraudulent Web sites. The addresses of the sites can still be accessed by examining the original code of the e-mail, a feature that Gmail provides.

Though the number of threats has eased off in recent months, it would appear that the threats are getting more sophisticated, though new email protection is always welcome. The Anti-Phishing Working Group reports a new trend, too:

Previous phishing attacks were based around luring a user to perform an action through social engineering, primarily through spoofed email and websites. The use of Instant Messaging (IM) to spoof companies and phish for information is becoming more frequent.

Phishing without a lure is now becoming more prevalent among attack styles. The most common is malicious code which either modifies your hosts file to point commonly accessed sites to the fraudulent site (so-called “Pharming”) and malicious code that logs your keystrokes based upon a set of predetermined URLs that are accessed (“keylogging”).

The Group have an interesting report for the month of February which lists the numbers or reported attacks, comparisons with previous months, most targeted sectors and countries where phishing sites are hosted.