Phishing attacks surge in 2008

Phishing attacks surge in 2008

The volume of phishing attacks detected by RSA during 2008 grew by 66% over those observed throughout 2007, with UK and US financial institutions bearing the brunt of the assaults.

The first six months of 2008 demonstrated a dramatic increase in the volume of phishing attacks detected by RSA, peaking in April with 15,002 attempts. Attacks initiated by the notorious Rock Phish Gang and those initiated via other fast-flux attacks accounted for over half of the bombardment during this period.

US financial institutions suffered a whopping 68% percent of the total number of attacks, ten times higher than the number of brands targetted within the UK - which ranked a distant second on the list.

Although the US led by a huge margin in terms of the number of attacked brands during 2008, the UK led in terms of total volume of exploits. This is a result of several massive surges of attacks against a small number of the country's financial institutions during 2008.

RSA also noted the expansion of phishing into new territories, such as Latin America and Asia Pacific as a key contributory factor in this year's volume growth.

Comments: (2)

A Finextra member
A Finextra member 20 February, 2009, 10:34Be the first to give this comment the thumbs up 0 likes

Personal observation leads me to believe that phishing has risen yet more in 2009 and so have 419 scams etc...Hardly unpredictable nor unable to be fixed.

More's Law -

A Finextra member
A Finextra member 27 February, 2009, 17:04Be the first to give this comment the thumbs up 0 likes

The real issue is that there are some brilliant technologies out there to counteract phishing but the drivers for adoption of such technology solutions by the financial institutions, online merchants and other website owners is not happening due to the fear of change.

However on the flip side the developers of the phishing websites can on the fly implement and rollout their latest technology at whim, when and where ever they want. If the phishing application does not work then they try something issues.

Now, if we are going to combat the increasing growth of phishing, the finance industry, online merchants and even government need to act creatively without delay with a combination of solutions and just not rely on a part fix.

The trouble is today the technologies being deployed to stop phishing are still not working, they are based on older methodolologies. The frailty most people or organisations fall into, is looking for the solution in a browser based technology i.e. a plug-in or by developing or implementing anti-phishing tool bar. The problem is then that this approach is also failing time after time. The criminals have stepped beyond the phishing filter barrier with techniques that just walk around these filters. One interesting growth area for phishing is to compromise the computer and injecting code into what appears to be a secure website. Traditional approaches to this type of phishing just do not work and will not stop this attack!

There is already the technology to detect phishing websites and even verify all parts of a website when a consumer visits. The technology even blocks the fake website or the key parts of the authentic website which have a fake overlay i.e. x-site scripting and alerts the consumer if they are visiting a non authentic financial institutions, merchant or even a government website. The technology will even stop code injection. This is done in real-time without delay. This capabilitiy is already developed and does not rely on traditional anti-phishing approaches.

We need to look beyond phishing filters, and the browser plug-in ASAP if there is to be any change in the growth of phishing this year or in the future.