|
|
|
 |
|
PHISHING TRENDS
- Over the first six months of 2006, the Symantec Probe Network detected 157,477 unique phishing messages. This equates to 865 unique phishing messages a day. It represents an 81% increase over the 86,906 unique phishing messages that were detected in the last half of 2005, and an increase of 61% over the 97,597 messages detected in the first half of 2005. Source: Symantec Internet Security Threat Report X.
- Over the first six months of 2006, the financial sector was the most heavily phished, accounting for 84% of phishing sites tracked by the Symantec Phish Report Network and Symantec Brightmail AntiSpam. In fact, nine of the top ten brands phished for this period were from the financial sector. Phishing activity that targeted Internet service provider (ISP) accounts made up the second largest percentage of attacks this period, accounting for eight percent of the total volume. The top 3 phished sectors was rounded out by retail, which is dominated by online retailers and e-commerce sites. Source: Symantec Internet Security Threat Report X.
- Crimeware is increasingly used in conjunction with fraudulent Web sites by leveraging common Web browser vulnerabilities to infect victim machines. This trend means that by simply following the link in a phishing email to a bogus Website, a user's identity could be stolen as the phisher would no longer need to have the victim enter their personal information - the Trojan or spyware placed onto the infected machine would capture this information the next time the victim visits the legitimate Web site of your bank or other online service. This genre of crimeware has become more targeted (capturing just the information the phisher wants) and more silent, using rootkit and other aggressive stealth techniques to remain hidden on an infected system.
- An example of the growing skills of the phishing groups is their use of flaws in Web site design to make their attacks more convincing. For example, a flaw in the IRS Web site allowed phishers to make their "bait" URLs appear to be the IRS' Web site, even though the victim was headed to a different, criminally-owned Web server.
- Phishers have been seen using new means of enticing victims to fraud websites, such as instant messaging and postings on blow. A handful of newer attacks don't use websites at all, but direct the would-be victim to call an phone number which sounds like the real company who is being impersonated.
- The overall volume of phishing attempts blocked by Symantec Brightmail AntiSpam in the first six months of 2006 indicates a decrease in phishing activity from the previous reporting period. In the first half of 2006, Symantec blocked 1.30 billion phishing attempts, an 11% decrease from the 1.46 billion phishing attempts detected in the last six months of 2005 (figure 33). It is still 25% higher than the 1.04 billion blocked phishing attempts detected in the first six months of 2005. Symantec believes that the slight decrease in blocked messages may be indicative of more targeted attacks in phishing activity. With the increasing number of unique phishing attacks on the rise; this likely reflects an attempt by phishers to bypass current filtering attempts, most of which use previous phishing messages as the basis of detection. For this reason, attackers may be sending a higher number of unique messages but in lower volumes and to more focused groups and individuals. For example, if the brand being phished is an Australian bank, the attacker may limit the list of recipients to those with email addresses in the .au domain since those are the users most likely to associate with that brand. Source: Symantec Internet Security Threat Report X.
|
|
|
|
