The impact of phishing attacks on companies is comparable to and in some cases exceeds the effect of some virus outbreaks, according to online security services firm MessageLabs, which says it now intercepts 250,000 phishing-related e-mails every month.
MessageLabs says within the first five hours of a recent phishing attack directed at a US bank, it had already intercepted over 125,000 phishing e-mails containing URLs to a bogus Web site. In comparison, during the recent MyDoom.O outbreak MessageLabs intercepted approximately 23,000 copies within the first five hours.
Paul Wood, chief information security analyst, MessageLabs, says a phishing attack is designed in a similar way to a virus outbreak - as many e-mails as possible are spammed out as quickly as possible. Both virus writers and phishers take advantage of the window of vulnerability - the period of time during which traditional security vendors are unable to offer protection.
"While the number of phishing e-mails has remained relatively consistent over the past few months, there is already evidence to suggest that phishing will follow a similar pattern to viruses - with periods of steady activity punctuated by significant outbreaks," he adds.