Phishing is quickly becoming the single greatest threat to corporate efforts to serve consumers electronically, and with good reason. Undermining trust in online transactions could set the whole movement back years and negate the efficiency and cost gains that companies have realized.In May alone there were nearly 1,200 unique phishing attacks, according to an industry association called the Anti-Phishing Working Group. APWG says it has 400 members, including eight of the top U.S. banks and four of the top five U.S. ISPs.This association is only one of many groups cropping up to combat this scourge. A few weeks ago IBM, Best Buy and other companies in the financial, retail and technology sectors formed the Trusted Electronic Communications Forum.There is a sense of urgency because the phishing scams are getting more and more sophisticated. Consider this one targeting Citibank users last week. Some customers got an HTML e-mail from a spoofed address, “Citibank safe@citibank.com>,” saying, “We recently noticed one or more attempts to log into your Citibank account from a foreign IP address . . .” Then it went on to say that “because user identification on the Internet is difficult, Citibank cannot and does not confirm every user’s purported identity. Thus we have established an online verification system to help you evaluate with whom you are dealing. The system is called CitiSafe and it’s the most secure Citibank wallet so far. If you are the rightful holder of the account, click the link below, fill (sic) the form and then submit . . .”Clicking on the link opens the phish site and, according to the APWG, starts a Java script that spoofs the browser address bar so it looks like you’re connecting to a legitimate URL. The APWG labels this “one of the most dangerous phishing schemes so far.”According to Jerry Brady, managed security services chief security officer for VeriSign, advances in phishing schemes are resulting in 3% to 5% success rates, up from 1% to 2% a year ago. “These guys have gotten very sophisticated,” Brady says. They profile their victims and sometimes survey them, acting like a financial institution and inquiring about what services they want, their net worth and whether they use security tokens.The best way to fight back today is educating customers and shutting down phishers as fast as possible, but the industry needs stronger authentication methods sooner rather than later. This needs to be a top industry priority. Related content how-to Doing tricks on the Linux command line Linux tricks can make even the more complicated Linux commands easier, more fun and more rewarding. By Sandra Henry-Stocker Dec 08, 2023 5 mins Linux news TSMC bets on AI chips for revival of growth in semiconductor demand Executives at the chip manufacturer are still optimistic about the revenue potential of AI, as Nvidia and its partners say new GPUs have a lead time of up to 52 weeks. By Sam Reynolds Dec 08, 2023 3 mins CPUs and Processors Technology Industry news End of road for VMware’s end-user computing and security units: Broadcom Broadcom is refocusing VMWare on creating private and hybrid cloud environments for large enterprises and divesting its non-core assets. By Sam Reynolds Dec 08, 2023 3 mins Mergers and Acquisitions news analysis IBM cloud service aims to deliver secure, multicloud connectivity IBM Hybrid Cloud Mesh is a multicloud networking service that includes IT discovery, security, monitoring and traffic-engineering capabilities. By Michael Cooney Dec 07, 2023 3 mins Network Security Network Security Network Security Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe