KEEP your eyes wide open when you fill in details online, especially if it is from an Asian website.

That is because rock phishing attacks originating from the region are on the rise.

Phishing is performed by e-mail messages made to appear as though they come from legitimate businesses in order to deceive users into giving out sensitive information.

While the US and Europe used to host most of the attacks, increasingly, rock phishing is using more Asian host countries.

Of the top 10 hosting countries, half are from Asia-Pacific. They include China, Hong Kong, Philippines, South Korea and Mongolia.

Mr Jason Pearce of US-based anti-fraud company RSA explained that this spike is due to the "domain range
that's untapped here". A domain locates an Internet address for an organisation or other entity on the Internet.

The director of technical services for Asia-Pacific said: "Rock phishers are increasing their presence in the region
and countries like Vietnam and Thailand might be next."

He stressed that these attackers like to target countries that are not equipped to defend themselves from phishing, so the region has to bump up its level of protection.

But Mr Pearce added that Singapore is not as likely to be used as a host country in rock phishers' attacks because we are "more mature in terms of technology".

Rock phishing is based on phishing toolkits that make it easy for ordinary individuals to conduct phishing activities.

While a normal phishing toolkit essentially allows an attacker to spoof legitimate websites of different brands, including their images and logos, rock phishing is more lethal as it can attack multiple organisations at once and is difficult to track.

RSA's monthly online fraud report for December 2007 pointed out that phishing picks up during the months of June, July and December.

Although it's hard to pinpoint a pattern here, Mr Pearce said festive seasons are generically a good time for rock phishers.

Besides that, Mr Ooi Szu Khiam, Symantec's principal technical product manager for Asia-Pacific and Japan,
noted that the attackers have also shifted from using system-level vulnerabilities to attack computers, to using
browser-level vulnerabilities such as ActiveX, that can be exploited on the Internet.

Deloitte's 2007 Global Security Survey found that 36 per cent of financial institutions in Asia-Pacific experienced
repeated internal breaches over the past 12 months.

To tackle this, Mr Ooi said financial institutions can deploy technologies that monitor user and administrator activities on critical systems, as well as prevent unauthorised activities.

Last year alone, there were more than 230,000 cases of attacks worldwide.

Is this article useful to you?