Posted February 5, 2009
To better understand the daily risks consumers face from Phishing: The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. attacks, Cyveillance test sampled unique and confirmed phishing attacks uncovered against a variety of organizations. To measure the effectiveness of some of today’s leading anti-phishing solutions, Cyveillance fed these confirmed live attacks through four of the most widely used anti-phishing browser-based offerings. The data was fed in real time to each solution and then again 24 hours later to determine detection rates over a minimal period of time. The specific detection rates of each solution used during the testing are below:
As the results show, even the most popular Internet browser anti-phishing applications detect less than half of the phishing attacks when the attacks are initially launched. The attack detection rate improves significantly after a period of 24 hours. Unfortunately, the majority of the damage caused by phishing attacks is realized during the first 24 hours after an attack is launched as illustrated in The Cost of Phishing: Understanding the True Cost Dynamics Behind Phishing Attacks, which can be downloaded at http://www.cyveillance.com/web/forms/request.asp?getFile=112. Given these facts, reliance on browser-based tools to protect consumers against phishing attacks is not an adequate phishing defense strategy.
For more information about Cyveillance’s research findings, please visit: http://www.cyveillance.com/web/forms/request.asp?getFile=113