March 24, 2005

Phishers Start Trolling Vulnerable IM Waters

It's the vulnerability and naivet of users that's really causing the problem.

By John Dickinson

Messaging Pipeline

Reports are starting to indicate that the phishers have discovered the instant messaging waters. Is anyone surprised? You shouldn't be if you understand the inherent vulnerability of messaging systems of all types. However, in IM's case it's the vulnerability and naivete of users that's really causing the problem.

That's because IM is a permission-based system. It is easier to block an instant message than it is to receive it if the sender is unknown to the receiver. The problem comes when users accept messages from strangers, and then click on the links that lead them to spam and phishing sites.

The best data about this is the recent study done by Mirapoint and the Radicati Group (See Radicati-Mirapoint Study Shows Bad E-Mail User Hygiene). It covers e-mail users, but it's instructive here because it indicates that as many as 10% of users actually buy spam products, and that over 30% click on spammer and phishers links. It's easy to believe that these same ratios apply to instant messaging users.

For some reason, people are trusting of people they don't know but get to meet in Cyberspace. And they just do things like that, and get themselves screwed. As a chief of security at an e-mail security services provider said to me, "People will click on damned near anything."

There are plenty of opportunities in the enterprise space to add security and spim-blocking features to public instant messaging systems. As far as I can tell from talking to vendors like FaceTime, Akonix, and IMLogic, not enough of you have taken advantage of those systems, and your employees remain vulnerable to all sorts of IM security breaches.

In all events, we need to educate our enterprise and consumers user communities. Maybe the only school that will count is that legendary School of Hard Knocks, but let's hope not, and let's hope banks and other vulnerable identity and credential theft candidates find a way to stop the spoofing that is the sinkhole into which these vulnerable people fall.

--John Dickinson, Editor, Messaging Pipeline


		MESSAGING PIPELINE MARKETPLACE (sponsored links)
		Digital Warehouse buys, sells, & rents used Cisco networking hardware such as routers & switches, as well as Juniper, Extreme & Foundry at 50-80% off list price. One year warrantee and fast delivery. Stop spam on your terms with CanIt-PRO, the most flexible and customizable anti-spam solution available for the mail server. Offers per-user or per-group controls and is available as software or hardware appliance. Use your Intranet to manage Software Licenses, plan for Windows XP/2000 upgrades, do Security Audits and more. Click to try and ask for our white paper - PC Management for the Internet Age. Analysts at the Tolly Group put a leading Branch Office IT services solution to the test, measuring performance, security and data reliability. Download the results, detailed in this free report, now. Whether you need temporary or permanent access to remote PCs, LogMeIn has your solution: LogMeIn IT Reach for automatic maintenance of remote and mobile systems, and LogMeIn Rescue for instant, web-based remote access without pre-installing software.