Reports of phishing scams skyrocket in April

Reports of "phishing" crimes surged by almost 200% in April, a computer security industry group claims.

Reports of "phishing" crimes surged by almost 200% in April, a computer security industry group claims.

The Anti-Phishing Working Group (APWG) received reports of more than 1,100 unique phishing campaigns,, a 178% increase on March.

The large increase comes on the heels of a 43% rise between February and March, with financial services and retail companies being hit particularly hard. 

Citibank alone was the target of 475 unique phishing scams in April. Each of those scams is a separate e-mail campaign that could contain tens of thousands or millions of fraudulent e-mail messages.

Citibank did not immediately respond to a request for comment.

Ebay and its online payment service, PayPal, were also hit hard in April. Ebay was the target of 221 unique phishing campaigns, PayPal of 135.

Other leading financial institutions were also frequent targets of phishing scams, including US Bancorp and FleetBoston Financial.

While each report recorded by the APWG corresponds to a unique phishing campaign, the type of phishing attack used may not be new in every case. In fact, the APWG has evidence that phishing web pages are being traded online, in the same way that e-mail addresses are traded and sold by spammers.

The growing problem also points to increasing interest in the scams by malicious hacking groups and organised crime.

A recent study by Gartner  found that as much as 3% of phishing scams may be successful, resulting in internet users divulging sensitive information to scam artists.

Based on a survey of 5,000 adult internet users, Gartner estimated that as many as 30 million adults have experienced a phishing attack and that 1.78 million adults could have fallen victim to the scams.

The APWG said in the past that around 5% of phishing scams are successful, but that figure is based on anecdotal evidence.

Paul Roberts writes for IDG News Service

Read more on IT risk management