According to a 2004 report released by Gartner, Inc., an IT marketing research firm, phishing exploits cost banks and credit card companies an estimated $1.2 billion in 2003. Moreover, according to the Anti-Phishing Working Group (a nonprofit group of government agencies and corporations trying to reduce cyber fraud), more than 2,800 active phishing sites were known to exist.

In April 2005, a new “cousin” of phishing was defined and called “WiPhishing” (pronounced “why phishing”)—an act executed when an individual covertly sets up a wireless-enabled laptop computer or access point to get other wireless-enabled laptop computers to associate with it before launching a crack attack. About 20% of wireless access points use default SSIDs. Because users failed to rename them, a cracker can quite easily guess the name of a network that target computers are normally configured to, thereby gaining access to the laptop computer and putting malicious code into it. Intrusion detection appliances such as AirPatrol Enterprise have been designed to detect wireless exploits.

Firms having wired networks are at risk of being cracked if employeesÂ’ laptop computers are left on. Instead of exploiting wireless networks with WiPhishing, crackers could do even more damage by hijacking the legitimate connection to a wired computer network, exploiting the soft underbelly of that network, and launching an invasive attack.

See Also: Cracking; Exploit; Electronic Mail or Email; Fraud; Identity Theft or Masquerading.