Phishing spreads net wider

Online phishing schemes more than doubled last month, leaving financial institutions struggling to rebuff attempts to steal...

Online phishing schemes more than doubled last month, leaving financial institutions struggling to rebuff attempts to steal private account information from customers, according to the Anti-Phishing Working Group.

Last month, 1,142 sites were used for phishing, up 110% from the 543 sites reported in September, according to the report issued this week by the consortium of law enforcement, financial institutions and IT security firms that tracks the online attacks.

Almost 6,600 different phishing messages were reported to the group in October. Peter Cassidy, secretary general for the group, said the number of unique phishing e-mails had grown an average 36% each month since July. "Organised crime has embraced this technology and automation has increased the availability of phishing technology," he said. "They've become much more sophisticated."

Phishing occurs when con merchants send fraudulent e-mails to customers to lure them to websites that appear to be the home page of a well-known financial institution. The e-mails instruct the customer to leave account information on the site, which the scammers then use for identity theft.

The financial services industry has taken the biggest hit. Last year phishing scams cost banks and credit-card companies $10.2bn (£5.4bn), according to a recent Gartner report.

Banks are trying to fight phishing by educating customers about spoof e-mails. Several banks include information about phishing on their websites and in monthly statements.

Cassidy said that the Anti-Phishing Working Group had expected the phishers to start targeting smaller banks, but that this had not yet happened. "The phishers have not really broadened their attacks beyond established brands such as Citicorp and Bank of America."

The group is also warning companies and users of a new form of phishing that runs a script just when an e-mail is opened. Cassidy said the new technique had only been detected in Brazil, but was probably being tested for wider deployment.

Bob Francis writes for InfoWorld

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.






  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...