Monday, December 15, 2008

Something Phishy About This



A recently published report dealing with phishing and crimeware trends in Q2 2008 indicates a marked increase in the activity of cybercriminals seeking to steal sensitive financial data from consumers who manage their finances online.

Phishing, essentially defined as a criminal mechanism designed to steal consumers’ personal identity data and financial account credentials, has two major components, which according to the report manifest conflicting tendencies. Social engineering-based phishing activities – which uses false emails to direct online customers to false websites which mimic legitimate business and agencies websites – have declined slightly; however, the report indicates that technical subterfuge phishing schemes – which download crimeware directly onto PCs to steal credentials and intercept consumers’ online account user names and passwords – have registered a sharp increase. The report thus indicates that the number of crimeware-spreading URLs at the end of Q2 2008 grew 258 percent compared to the end of Q2 2007. Also, the number of malicious application variants identified by the company which drew the report registered a record high of 442 in May 2008, up 105 percent from May 2007.

The report also highlights that the number of brands – that is, financial service providers – targeted by phishing attacks is on the rise, and that fraudsters are investing in advanced IT infrastructures and marketing tools in order to conduct targeted phishing campaigns. Favorite targets for phishers are the websites of distressed financial institutions, with criminals seeking to take advantage of the confusion surrounding various mergers and takeovers to trick consumers into revealing their account data. Finally, the report indicates that in Q2 2008, the industry sectors mostly targeted by phishing schemes were the financial sector (52 percent of phishing attacks), followed by the auction and payment service providers, which were at the receiving end of 25 percent and 18 percent of phishing attacks, respectively.

The Q2 2008 Phishing Activity Trends Report was drawn by the Anti-Phishing (APWG), an industry, law enforcement and government coalition focused on eliminating identity theft and fraud that result from the growing problem of phishing, email spoofing, and crimeware in general.




Reblog this post [with Zemanta]

Disqus for ePayment News