Andrew Patrick

A new report from Trusteer has shown that phishing attacks are rarely successful, but still worth millions of dollars to the attackers.

Trusteer makes a browser plugin called Rapport which is given away for free to customers of certain banks (including some Canadian banks). The plugin monitors for phishing attacks and can detect when someone is submitting login information to a false banking site. Rapport has been installed on about 3 million computers in Europe and North America, and data collected by the plugin provides a valuable look into the damage caused by phishing attacks.

In the recent study, Trusteer monitored the data from the Rapport plugin during a three month period, and in that time it analyzed phishing attacks against 10 large banks in the US and Europe. The key findings were:

• each bank was targeted by an average of 16 phishing attacks per week (or about 832 attacks per year)
• out of every million bank customers, about 12 (0.00125%) are lured into visiting each false web site that was studied. This is a very low success rate, but…
• given that a bank experiences many phishing attacks in a year, about 1.04% of it customers were lured to one of the false web sites each year
• once people were lured to a false web site, about 50% of the time they entered and submitted their login information
• doing the math, this means that about 0.47% of a banks customers revealed their login information to criminals each year
• if the losses from stolen login information total $2,000 per case, then a bank with a million customers lost about $9.4 million per year
• …and that money is going to criminals

Whoever said that crime does not pay did not try phishing.

A Chinese woman managed to enter Japan illegally by having plastic surgery to alter her fingerprints, thus fooling immigration controls, police claim.

This is a case of a woman who underwent surgery to alter her fingerprints in order to get past Japanese immigration procedures. Apparently, the measures worked and she was only found out when arrested on an unrelated charge.

The surgery switched the fingerprints of the thumbs and index fingers between the two hands, presumably to allow the person to present the original or modified fingerprint when given the option of which hand to present to a scanner.

It makes me wonder if fingerprint transplants between people are also a viable threat. It is also not clear how 10-print systems that record fingerprints from all the fingers, such as those now used by US immigration, who handle such finger swapping.