Big Shift as Phishing Now Outnumbers Email Viruses

In what is likely to be a landmark month in email, in January of this year phishing now outnumbers viruses as a threat against email. According to experts, in January 2007, 1 in 93 emails (1.07%) was some sort of phishing attack while only 1 in 120 emails (.83%) was found to be infected by a virus.

While this has several explanations, from the fact that viruses are now being picked-up mostly by surfing the web, and the fact that the email attacks carrying malware are much more targeted nowadays, and no longer represent the huge macro-attacks that try to infect every computer in the country. That's because those big malware attacks are easy to combat with blacklisting and content matching programs, so they've gone much smaller, because the longer they remain unknown to the general public the more damage they can do and the more money they can make cybercriminals.

But the main reason for the big shift is the simple fact that phishing has become so highly effective. Phishers are resorting more to Flash content than HTML, which makes it harder for the anti-phishing browsers to pick-out. Also, phishing is also becoming more targeted, and much more likely to include a fake email from the actual bank or ecommerce site a target uses then simply a random guess at a potential match.

It's simply become a fact of life that email is becoming more profitable for criminals, and more dangerous for users. I can't think of any more persuasive argument for email providers to make sure as much of this crime-mail is stopped dead before it ever gets on a company's server and gets that much closer to the users inbox.

That's why my company, Message Partners, has spent years fine-tuning our pre and post-queue filtering capability, with cuts spam and phishing mail off at the pass. You can read all about it here, at Message Partners.

That's it for today, and hey, safe computing everyone.