News Stay informed about the latest enterprise technology news and product updates.

Research shows smarter phishing

Recent threat reports all suggest a steady increase in the aggressiveness and sophistication of phishing attacks, and bank customers are still a top target.

Data from a series of recent reports suggest that phishing attacks have steadily grown more aggressive and sophisticated since the start of the year.

The volume of phishing e-mails hasn't grown significantly in recent months, said Paul Wood, senior analyst for New York-based MessageLabs Ltd. But he said the bad guys are findings ways to hit their targets more effectively.

In its March threat roundup, MessageLabs said phishing attacks accounted for 14.5% of all malicious e-mails it intercepted for the month. The company said one in 309 e-mails was a phishing attack. That may not seem like a lot, Wood said, but beyond the raw numbers are other indicators of a threat that's worsening.

As U.S. banks respond more aggressively to phishing threats with tighter security measures, Wood said attackers are simply going after more international banks that may not be as prepared for the threat. Though individuals are becoming more adept at identifying standard phishing e-mails that may appear to come from a bank or auction site they don't use, attackers are finding other ways to fool them. One way is to spoof sites that aren't necessarily tied to the financial sector.

"Phishing is up in South America because they have a lot of online banking down there," Wood said, "but there also tends to be a lot of e-cards that people send back and forth. It's big in the South American culture."

Users may not fall for a spoofed e-mail from a bank, he said, but if they fall for a spoofed e-card and are directed to a malicious site that way, attackers download malware that monitors the user's online activity. When the user visits a banking Web site, the malware strikes.

"The numbers haven't changed a lot at all," Wood said. "We see an upward trend in phishing attacks not in terms of volume and how many phishing e-mails are out there, but we see an increase in how sophisticated and how targeted the attacks are, with more sophisticated use of malware. The trend is that attackers will continue to devise phishing tricks that are a lot more difficult for banks and users to recognize."

Another report from RSA Cyota, a division of Bedford, Mass.-based RSA Security Inc., backed MessageLab's findings that an increasing number of phishing attacks are targeting banks outside the U.S.

The number of attacks on banks outside the U.S. climbed from 29% in February to 49% in March, RSA Cyota found. Most of the banks attacked for the first time were in Germany while Spanish and Italian banks were also targeted.

But while attacks in other countries are on the rise, RSA Cyota found that the U.S. still hosts almost 60% of all phishing attacks.

While companies like MessageLabs haven't seen a huge spike in the volume of phishing e-mails, other organizations have. The Anti-Phishing Working Group (APWG) -- an industry association that includes such members as San Francisco-based MarkMonitor Inc., Bilbao, Spain's Panda Software and San Diego-based Websense Inc. -- outlined a significant spike in phishing attacks in its most recent report (.pdf), which covered January.

According to the organization, January saw:

  • 17,877 unique phishing attacks;
  • 9,715 unique phishing Web sites; and
  • 101 brands hijacked by phishing campaigns.

    Of the phishing e-mails identified in January, 45% contained some form of target name in the URL; 30% included an IP address but no host name; the average time online for a phishing site was five days and the longest time online for a phishing site was 31 days.

    Financial services continued to be the most targeted industry, suffering 92% of all phishing attacks in January.

    Russian AV firm Kaspersky Lab, one of the organization's sponsors, tried putting the report in perspective on its Web site, noting that the 17,877 phishing attacks monitored in January was a new high. The previous record, the firm said, was 16,882 attacks in November 2005.

    "Another huge jump took place in the number of new unique phishing sites opened in January," Kaspersky said. "This time 9,715 sites were detected, representing a massive increase on the 7,197 sites found in December, and the previous record of 5,295 unique phishing sites reported in August 2005."

    Kaspersky attributed the continued increase in phishing attacks to the ability of attackers to launch malicious Web sites in a hurry. "Phishers … have mastered a quick rollout technology with pre-fabricated sites going up in extremely quick time," the company said.

    This article originally appeared on

  • Dig Deeper on Lotus Notes Domino Phishing and Email Fraud Protection

    Join the conversation

    1 comment

    Send me notifications when other members comment.

    Please create a username to comment.

    My mother called me the other day to say she was proud of herself. She had gotten an email and instead of clicking anything, she called the company (not via the number in the email) and asked about the email. They advised her to send it to the email. With that, she was beaming and I was thrilled. As long as my 70+ year-old mother can take these steps, there should be nobody on the planet that gets taken for a ride.

    Sad thing is - as I say in my social media training sessions - people are more dumb than you could ever imagine. And they are. So we are going to see these issues increase and the attacks continue.

    Hang tough mum.




    • iSeries tutorials's tutorials provide in-depth information on the iSeries. Our iSeries tutorials address areas you need to know about...

    • V6R1 upgrade planning checklist

      When upgrading to V6R1, make sure your software will be supported, your programs will function and the correct PTFs have been ...

    • Connecting multiple iSeries systems through DDM

      Working with databases over multiple iSeries systems can be simple when remotely connecting logical partitions with distributed ...