Phishing attacks hitting brand new record levels

The number of phishing attacks being fired into inboxes reached an all-time high at the end of 2005, according to a new study.

  • E-Mail
By  Chris Whyatt.com Published  January 29, 2006

The number of phishing attacks being fired into inboxes reached an all-time high at the end of 2005, according to a new study. In its latest Phishing Activity Trends Report released this month, the Anti-Phishing Working Group (APWG) said that after steadily swelling throughout the year, the number of unique e-mail-based fraud attacks detected in November 2005 peaked higher than ever at 16,882 — almost double the 8,975 attacks that were launched in November 2004. Phishing is a form of e-mail fraud where the attacker sends out legitimate-looking e-mails that appear to come from well-known, trustworthy web sites in an attempt to trick users into revealing their personal information, and more critically, their bank account details. In spite of the seemingly worrying statistics presented by APWG, businesses do not need to worry about the effect on general consumer confidence, according to internet security company Websense, which acts as a research partner for APWG’s monthly reports. “One big attack will temporarily hurt a brand, but the incr- ease in e-commerce is not slowing down,” said Mark Murtagh, Websense technical director for Europe, Middle East and Africa (EMEA). “Although phishing is increasingly in the news, online banking is increasing in popularity,” he went on to note. APWG, the industry consortium that continually charts and publicises phishing trends, also identified in its latest study a rapid upwards curve in attacks that mimic globally famous brands. With global e-commerce and banking institutions most regularly spoofed, the number of well-known brands targeted increased by nearly 50% over the course of last year — from 64% through January rising to an overwhelming 93% in November. “EBay is often spoofed, for obvious reasons,” said Murtagh, who added that phishers’ use of global brands was understandable if the attack, too, was global. “There’s no point in using local names,” he said. “Google is increasingly being targeted because of its expansion into different business application models. The big banking names are used too — HSBC, Citigroup, Lloyds — all the major brands,” he added. Two waves of phishing attacks hit a number of leading banks in the UAE around July and October (see IT Weekly 15-21 October 2005) last year, with some experts warning that the problem targeting Middle East financial institutions had become “endemic”. At the time, the National Bank of Abu Dhabi (NBAD) said that phishers had sent e-mails to its customers, claiming to be from the bank, which linked to a fake website similar to that of the bank’s own. And Mashreqbank said it had also faced the attentions of phishers, with a fake website being hosted from New York, and a low-tech varient of phishing attack launched at its customers.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code