Fears grow over ‘longlining’ - a powerful new breed of phishing attacks

Businesses are being warned over the increased prevalence of ‘longlining’, a form of phishing attack that combines the traditional mass bombardment of bogus messages with customised targeting, creating an assault that overwhelms security defences.

The worrying trend was highlighted yesterday by author and financial crime expert Jeffrey Robinson, who was speaking at the Gartner Identity and Access Management Summit in London. Robinson said organisations are failing to keep up with the new breed of cybercriminals, who are fusing a number of different hacking techniques to bypass typical data protection.

“We’re now into the second or third generation of very bright people fooling around on the Internet, because [hacking] is the back door into your business,” Robinson said.

Spear-phishing, which attempts to lure specific individuals into online traps by tailoring messages to make them appear convincing, is “yesterday’s news,” according to Robinson. “Today’s news is longline phishing… What longline phishing does is combine regular phishing with spear-phishing. It targets you and can send you a hundred thousand emails to lure you onto the [infected] site from 50,000 IP addresses, so that your filters and all your defences forget it. You can block two IP addresses, you can block 10,000. You’re not going to be able to block 50,000.

“Longline phishing is the latest thing because it gets right past all your defences and comes right in your back door,” he added.

Robinson also cited statistics that claim “99 per cent of mobile apps have at least one vulnerability,” which was providing cybercriminals with a convenient gateway to commit fraud.

Meanwhile, the author said the situation was worsened by the fact that out of the 55 per cent of businesses (US-based) who suffer a data breach, only 33 per cent actually report the incident. The determination among businesses to preserve their reputation and trust means little intelligence is brought to light, which damages the war on cybercrime as a whole, Robinson argued.

ITProPortal is also attending Gartner’s Business Process Management Summit in London today, so stay here for more on this week’s conference.