According to an article on theWhir.com, MarkMonitor.com released a report early this week that found phishing is at a two-year high. As most know, phishing is the process by which information such as logins, passwords, bank accounts, etc. are obtained by a malicious party representing itself as a trusted institution. This is done via various means such as spoofed emails and websites. Unfortunately, this seems to be the way of the internet: every step forward in technological innovation gives those with malicious intent more avenues to exploit.
"With 151,000 unique attacks reported in Q2 2009, phishing attacks were at their highest in two years. Brands in the financial and payment services sectors were once again the top target for phishing with 80 percent of the total attacks reported in Q2 2009. Meanwhile, attacks targeting the login credentials of social networking sites saw a 168 percent increase between Q2 2008 and Q2 2009."
I know that my spam boxes get several phishing emails each day, and I don't have the time to report them, so I am guessing that the actual amount of phishing attacks is exponentially more than what is reported. Other than a heads-up, why am I writing about this today? Well as I mentioned, there are so many avenues for phishers to exploit, that they rarely do it above the board and sign up for their own servers, email accounts, Facebook profiles, etc. from which to launch their attacks. One of the major exploits is hacking into legitimate servers and using them to send phishing emails and host the bogus websites. This type of exploit directly affects my clients, and I deal with it quite often.
In my experience, the best defense is to keep the root or administrator password secure and make sure all of the software running on the server is up to date. As exploits in software are frequently found, the developers patch them as quickly as possible. Unfortunately, this generally does not automatically trickle down to users of the software and manual updates need to be made. At SingleHop we are always looking for ways to offer the most protection possible to our clients. In the next few days we will be releasing one of the most comprehensive and powerful tools that maintains a server's security without sacrificing its running stability. I know it sounds a bit crazy, but such a thing does exist and we will be the first dedicated hosting provider to feature this.
To find out more - feel free to contact us or keep checking our homepage for the announcement!