In this section

• Home
• Press office
• News archive
• Articles
• 2007
• 05

• Journalists' guide
• News archive

Talk to our experts

• Press contacts

Resources

• Sophos Podcasts
• SophosLabs blog
• Image gallery
• Customer case studies
• Free anti-virus
• White papers
• Awards and reviews
• Industry affiliations

Info feeds

• Security news
• Company news

• Security news
• Company news

What are info feeds?

29 May 2007

Phishing season still open in New Zealand Angling may be over for the year down-under, but the phishers are active

Experts at Sophos, a world leader in IT security and control, have discovered an email phishing campaign aimed at Kiwibank, inviting New Zealand customers to perform routine "account maintenance" to ensure that the bank can "guarantee their money".

The phishing email claims to come from Kiwibank.

"According to Kiwi angling lore, the end of April is the time to pack away the rods and waders (it's the start of winter in New Zealand, don't forget) and to get out your shotgun for the duck hunting season, which begins in May," said Paul Ducklin, head of technology, Asia Pacific at Sophos. "Obviously, cybercriminals don't keep to the same schedule."

"The phishing email doesn't read like the sort of prose you would expect your bank to send," continued Ducklin. "And the link in the email leads off to a web server in the USA which is currently blocking downloads, so there seems to be little risk of customers getting caught out."

SophosLabs™ currently estimates that 70% of malicious webpages abused by phishers and malware spreaders are not directly associated with cybercriminals, but rather are legitimate sites which have been broken into and 'borrowed' for criminal activity.

"The website used in this phish appears, at first glance, to be the long-term legitimate website of a sole trader in Massachusetts, served out of a hosting company. That site is now widely blocklisted, and off the air. The genuine owner of the site is left to sort out the mess," explains Ducklin. "Computer security begins at home - consumers and small businesses should take advantage of the many security guidelines that are available online."

• Best practice advice from Sophos about safe computing
• Paul Ducklin discusses phishing in Sophos podcast: who is to blame?
• Find out more about how to protect your computer against online threats at www.getsafeonline.org

Sophos recommends companies defend their users with a consolidated solution to defend against the threats of viruses, spyware, hackers and spam.

• Bookmark with del.icio.us
• Submit this story to digg
• Submit this story to slashdot

About Sophos

Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com

See also:

• SophosLabs launches new blog, providing info on security threats
• Phishing, vishing, phaxing and other identity threats: The evolution of online fraud