Phishers look to cash in on bank chaos

Phishers look to cash in on bank chaos

There has been a surge in the number of phishing e-mail attacks over the last month as fraudsters look to cash in on the confusion surrounding bank mergers and acquisitions, according to figures from security services firm MessageLabs.

The firm says that between August and September phishing attacks rose by 16% before a surge of 103% the following month as criminals looked to extract personal data from worried and confused bank customers.

Bank of America, currently in the midst of a merger with Merrill Lynch, has been a major target. On October 16, MessageLabs says it intercepted 7000 phishing e-mails exploiting the bank within a two hour period - 1.2 percent of the total attacks for that day.

The attack was stepped up the following day, with 15000 e-mails intercepted and continued through the weekend, with 125,000 attacks on the 18th and 19th - 16% of all phishing for the period.

The phishers then abandoned BoA and began targeting American Express customers, sending 35,000 e-mails on Monday, 20th.

MessageLabs says its analysis of IP data shows the scams were the work of the Cutwail botnet, which controls more than one million active bots.

Mark Sunner, chief security analyst, MessageLabs, says: "During a trying time like this when banks are making global headlines, we would expect spammers to latch on to the credit crisis to take advantage of vulnerable investors and anxious consumers who have been sorely affected by the events of the past few months and are looking for relief or a boost in confidence."

In addition to these attacks, spammers are also raising their game by increasing the volume of messages they send out offering mortgages, debt consolidation, credit counselling and other financial advice, says MessageLabs.

Earlier this month the US Federal Trade Commission warned that phishers would take advantage of upheavals in the financial marketplace to confuse people into handing over personal information.

Phishing has been on the rise in the UK for several months. There were more than 20,000 reported phishing incidents in the first half of 2008, an increase of more than 180% from the same period last year, according to figures from payments association Apacs.

Comments: (0)