Phishing scams: They're the new viruses

Phishing scams are now so prolific in terms of their rapid dissemination that they are outstripping viruses in the severity of their outbreak.

Phishing scams typically include links to a spoofed website or HTML code designed to mirror the look of a well-known bank. With data entry fields and an often compelling reason for customers to hand them over, the email attempts to solicit bank customers' details for the purposes of fraud and ID theft.

According to mail filtering firm MessageLabs, one recent phishing scam, which spoofed a major US bank's website, was intercepted more than 125,000 times within the first five hours of being detected. This certainly puts viruses, such as the recent MyDoom.O worm, into perspective. MessageLabs intercepted 23,000 copies of MyDoom.O during the same time period.

Less than 12 months ago, phishing scams were practically unheard of, but in recent times they have exploded into the public consciousness and currently show little sign of abating - especially as they still continue to make money for the scammers sending them.

Paul Wood, chief information security analyst at MessageLabs, said: “Phishing has literally burst onto the scene."

"A year ago it was practically unheard of, now we’re intercepting more than 250,000 phishing-related emails every month," he added.

Wood said the comparison with viruses is not coincidental as the methods used to send them out are fairly similar for the same tactical reasons - maximum impact before they become 'known'.

Scams, like viruses, rely on a window of vulnerability in which they can take effect. As such the senders try to flood email users with as many as possible in as short a time as possible - aware they have a built-in 'shelf life'. Phishing scams may also start to ape virus activity in terms of seasonality.

"There is already evidence to suggest phishing will follow a similar pattern to viruses, with periods of steady activity punctuated by significant outbreaks," added Wood.