More banks reeled in by phishing


1 Mar 2005

Phishing emails rose by 42pc for the month of January as evidence emerged that online fraudsters are now targeting smaller financial institutions, new research from the Anti-Phishing Working Group (APWG) has indicated.

There were 12,845 new unique phishing email messages reported to the APWG in January, an increase of 42pc over the reports for December. The number of phishing websites supporting these attacks rose even further. In January, there were 2,560 unique sites reported, a jump of 47pc over the December figure of 1,740. This represents more than double the figure of 1,186 reported last October, the APWG said.

Phishing scams involve sending fake emails that typically appear to come from a bank and that ask users to divulge sensitive information such as credit card numbers and online banking passwords. In order for the scam to work, the phishing mails are designed so that they seem to come from legitimate institutions. Users are often directed to elaborate fake websites, complete with banking logos.

Commenting on the findings, Dan Hubbard, senior director of security and technology research at Websense, said: “Hackers are continuing to evolve their phishing techniques and money and an advancing internet crime infrastructure is a major driver to these attacks.”

The APWG also found that those behind phishing scams are turning their attention to smaller financial providers, having initially concentrated on targeting the same number of institutions for most of last year. The total number of reported hijacked brands rose to 64 in January, including nine brands reported for the first time that month. Of these, eight were financial institutions, the APWG reported. This comes after December’s report in which eight of nine other newly phished brands that month were also held by financial institutions.

APWG chairman David Jevans said: “It could mean that counter-phishing systems that the big banks have deployed have been successful and the bad guys are moving on to softer targets. It could mean the phishers think they have enough hardware now to aim at institutions in which the probabilities of getting a hit on a broad spam-based attack are relatively low.”

The phishing problem came to prominence last year. Customers of several major financial institutions worldwide have been targeted, including AIB and MBNA here in Ireland. Garda sources indicated that some Irish customers were defrauded of sums of money as a result of these scams.

By Gordon Smith