Phishers Casting More Lures than Ever
Phishing shows no signs of slowing down, according to a new research report issued by brand monitoring specialist Cyveillance.
According to the company's Online Financial Fraud and Identity Theft Report covering the first six months of 2008, an average of two new companies per day showed up in emerging phishing campaigns during that period.
Cyveillance said at least 367 unique brands were first-time victims of targeted phishing attacks during the first half of '08, representing an 80 percent increase over the second half of '07.
The increase in attacks on new brands represents close to 20 percent of all new attacks recorded by Cyveillance since it started charting the related stats in 2005.
Since that time, Cyveillance has identified over 2,000 unique brands that have been the victim of phishing campaigns.
Financial institutions remain the leading targets of phishing attacks, accounting for nearly 95 percent of all attacks.
Phishers also continue to expand their activities worldwide, Cyveillance said. Over the first half of 2008, the company tracked phishing attacks in 30 different countries, with numerous new targets in the Middle East and Latin America regions specifically.
The Cyveillance figures back up data published by IBM July 29 in its latest X-Force security research paper.
According to that report, spammers have also returned to basics, eschewing the more complex image-based spam and obfuscation trends of years past in favor of simpler messages loaded with links to poisoned URLs.
"This spam generally consists of a few simple words and a URL, making it difficult for spam filters to detect," IBM researchers said.
The company estimated that some 90 percent of spam is now URL-oriented.
In a nod to regional activity, IBM noted that Russia continues to account for the highest volumes of spam, or roughly 11 percent of all unsolicited messages worldwide. Turkey is holding at No. 2, accounting for 8 percent, followed by the United States at 7.1 percent.
Other spam trends cited by IBM included the growing popularity of spam attacks aimed at online gamers, particularly messages bearing links to malware sites. In fact, the X-Force report claims that the top four password-stealing Trojans of the first half of '08 were targeted at gamers.
Yet, all but two of the top 20 phishing targets in that time frame were financial institutions, IBM said.
Attacks go where the money is, plain and simple. And that's one trend that's seemingly never going to change.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWEEK and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.