It appears that the annoyances driven from spyware, adware and general malicious software (malware) are down significantly as we approach the middle of 2008. However, there is one constant threat that’s still alive and well: Phishing. I’ll take a look at some perspective on what this means for us now and what it will mean for the future.
Spyware, Adware and Malware all generally hit their peak in 2004 and 2005 leaving Internet users frustrated, confused and at-risk for further infections. In response to the need to help empower Internet users, legitimate solutions appeared to help users mitigate the infections they received as well as prevent further ones. Examples include Lavasoft Ad-Aware, Microsoft Windows Defender and Spybot Search & Destroy. These solutions were all effective, but would often require constant updating in order to continue to war against unauthorized software installations by spyware companies.
As we can see in the graph below, people eventually became aware of Spyware and the ways they could prevent and address infection. Graph provided by Google Trends:
This is good, but not good enough. Clearly there are still a lot of search volume on Google for “spyware” and related topics. I’d like to see it down significantly more, I urge others to continue to advise your friends on how to protect their computer from spyware. (And if that means switching to Mac, that’s not a bad choice either.)
Overall, I’m satisfied with the war against spyware, adware and other intrusions to daily computer life. But I am shocked that Phishing is still as prevalent — which subsequently means more compromised identities and machines and more fraud. Let’s take a look at Phishing, provided by Google Trends:
An interesting juxtaposition between consumer education and industry change. Consumers are able to react quicker than the industry when it comes to addressing security concerns — usually with the help from friends, family, technical support and the media. The industry didn’t change all that much; spyware is still readily-available and rogue spyware products are being slung like Yeyo, for example.
Phishing is still alive and well, probably because phishers have become more sophisticated in launching Spear Phishing, making their e-mails more and more like the real consumer notifications. Phishing has also evolved much more dynamically than “Download these Smilies,” usually targeting viral events like terrorism, humor and funny videos; and more recently, 2008 Econominic Stimulus Check and Tax Court Summons scams.
The fact that Phishing continues to rise without fail, validates my belief that people on the web are greedy, impatient and immoral. That’s not necessarily an insult; but one can’t dispute the fact the people aren’t spending enough time evaluating if an e-mail is legitimate or not. A number of phishing scams involve “something for nothing,” promise “instant” gratification and usually prey on one’s need to be be immoral.
There is help! There are a number of Web sites that can help you learn what it takes to prevent phishing, spyware and other security vulnerabilities. Here are a number of anti-phishing resources that I recommend everyone checks out:
- McAfee Threat Center
- Norton Security Response
- Defense in Depth Blog
- US-CERT (Government) Activity
- Fraud.org Phishing Tips
- FTC’s ‘Fishy’ E-Card
- Phishing Scam Report Database
- PhishTank – Anti-Phishing Community
[Image credit: hell_ra on Flickr]