Avira has published their January statistics of the most phished brands. This information can be helpful to identify or avoid services that are targeted the most by phishing attacks.

Most of the phishing attacks are carried out against financial services and sites. The only non-financial service in the top 16 list is Facebook.

The phishing list is tipped by PayPal which was the target of the phishing attack in 61.89% of all cases followed by HSBC Bank with 8.59% and Bank of America with 6.09% of all attacks.

Other companies in the list include Ebay, Abbey Bank, Chase Bank, Banco Poste Italiane, Alliance Leicester, Western Union and Citibank.

It is obviously not always possible to switch a company or service based on the phishing statistics but it should warn users that use these brands to be very cautious when they receive emails that seem to come from those companies. (via Avira)

I want to go beyond the usual recommendations to discuss PC security issues that many users do not think about at all or not enough.

Update

You can install a secure operating system, an award winning anti-virus software and firewall and still fall prey to attackers through outdated system components. Programs that are used on the computer system need to be up to date. That is especially true for the operating system and programs that connect to the Internet. This includes the web browser (including web browser plugins like Flash), email client, instant messengers, but also the security software programs (which usually come with automatic updates turned on). The computer is vulnerable if the operating system and programs are not up to date.

Email

There are only three rules for emails: Do not open attachments, do not click on links and do not use HTML emails. Email attachments can contain malicious software. They usually do if the sender is unknown or by a company that never send you attachments before. Links can be disguised to look as if they point to a trustworthy website when in fact they lead to a phishing website to grab your username and password. HTML emails can be used to exploit the browsing engine and are also used for tracking users.

Here is how I handle these three risks. Attachments send by friends are usually safe. It is important to check the extension of the attachment. I’m cautious if it is an executable (even when send by a friend). Executables send by senders I do not know are deleted instantly. I check the remaining executable attachments at the online service Virus Total. If I’m still unsure I contact the friend asking about the attachment and why it was send to me.

I never click on links in the email client. If it points to a site I know I open the site manually in my web browser. I otherwise check if the link text and the link are pointing to the same url. If they do I copy and paste the link in my web browser (Firefox with Noscript, so barely any risk here). I do not have to supply username and password since I do not know the service so no fear of phishing in this case.

HTML can be disabled in most email clients.

The Web

I use Firefox mainly for the add-ons and in particular because of the NoScript add-on which provides an excellent layer of security (it disables all scripts by default with the option to enable them individually again). NoScript takes care of most threats on the Internet if it is used in the right way. Someone who always enables all scripts on a website (because it is faster than enabling only some) is not more protected than someone without NoScript. If you enable scripts only on websites that you trust then you are well protected (yes there is always a tiny chance that you are attacked on these sites as well e.g. through malicious banner advertisement).

Another add-on that I have come to love is Last Pass. A password manager and secure password generator that can create and remember passwords and profile information. Last Pass connects urls and passwords which is an excellent phishing protection as well. Say you have username and password saved in Last Pass for PayPal.com. If you open a phishing website that mimics the PayPal website you will notice that Last Pass will not automatically fill out the username and password. Something that the add-on would have done on the real PayPal website.

Files that can be executed are another threat on the Internet. A good way of dealing with those files is to use Virus Total again to check them out before executing them on the local system. It is advised to only download these files from trustworthy sources (big download portals, websites of trusted developers).

Verdict

The majority of attacks can be rendered useless with the right PC security. Updates are probably the most important part of every PC security strategy but caution is a close second. It is always advised to double-check a file or site. This might take more time but it can prevent attacks on a computer system which will save the user lots of time in the end.

A new widget has been recently added to Gmail labs that increases email security by offering phishing protection for the two services PayPal and eBay. Emails send by these two services are authenticated by the widget and an authentication icon is displayed in the Gmail interface so that the user can see at first glance that the emails are coming from the original source.

The main advantage of this added layer of phishing protection is that emails that claim to be from either PayPal or eBay but are not will now be deleted before they reach the user’s email account meaning that they will not appear in the spam folder either. Google is hoping to add additional services in the future to increase the reach of the additional email security layer.

Users can add the new phishing protection by logging into their Gmail account, clicking on the Settings link in the top right corner, switching to the Labs tab and enabling the Authentication icon for verified senders widget.

Enter Truemark by Iconix. Truemark uses authentication techniques to identify more than 1500 different company email addresses including the three companies in the example above. It is backed by some of the most popular shopping and financial websites on the Internet which makes it attractive for many users. Even better is the fact that the software is free to use and compatible to several popular email providers like Gmail, Hotmail, Yahoo! Mail or Aol Webmail but also Microsoft Outlook 2003 and 2007.

Another advantage of Truemark is that is it working in both Internet Explorer and Mozilla Firefox which should cover more almost 90% of the web browser market. The installation of the software will install a Browser Helper Object in Internet Explorer and an add-on in Firefox.

Truemark will automatically scan the emails in the mail inbox if the user opens a supported email client or web email client. It will display a verification icon next to the email to notify the user that the email is legit.

Moving the mouse over the icon will show an overlay with additional information about the sender and if the sender passed both identification and authentication.

The attacker basically set filters in Gmail to forward emails from the domain registrar to another email account. To ensure that the account owner would not notice the mails they were set to be deleted afterwards.

Most domain registrars offer web forms that can be used to retrieve account information. Godaddy for instance provides web forms to retrieve the username and reset the password of an account. They do send out emails to the primary email account. Those emails are however forwarded and deleted so that they can only be accessed by the attacker.

The two emails will contain the account’s username and a new password which can be used to log into the account and initiate a domain transfer to another registrar.

The exploit makes use of a specially prepared website to steal the Google Mail cookie from the user to set the filter in an hidden iframe. This is why the account owners were never logged out of their account by the attacker. He never had physical access to the account. But the filter was enough to hijack the domains.

Gmail users should regularly check their Filters to make sure that none exist that have not been added by them. A better solution would be to retrieve the emails from a desktop email client like Thunderbird or Microsoft Outlook instead.No word yet from the Google Mail team about the vulnerability.