Phishing Trends: Numbers up, Corporate Accounts TargetedAnalyst: 'I Think We're in for a Challenging Year'
All phishing numbers are on the rise. The number of unique phishing reports submitted to APWG for the third quarter of 2009 reached a record 40,621 in August --10 percent more than the previous record set in September 2007.
"What we are all seeing is that the criminals are still continuing their attacks and it is getting worse," Jevans says. "They're getting way more sophisticated."
The number of unique phishing websites reached a record 56,362 in August, displacing the previous reported high of 55,643 in April 2007. The number of hijacked brands rose to a high of 341, up more than 10 percent from the previous record of 310 in March 2009.
What really worries Jevans is the targeting of corporate bank accounts and high-wealth customers, as well as the circumvention of authentication technology. "These criminals are rapidly figuring out how the financial industry works, where there is big money and large transfers, so they can basically do large wires out of these accounts without setting off fraud alerts."
Jevans says bluntly, "I think we're in for a challenging year." He's heard from banks telling him it is a hostile environment. "They're scrambling for answers to this because they just can't be everywhere the hackers are -- even on the users' computers."
Jevans adds he is concerned that the amount of losses and the size of individual companies being defrauded continue to increase. "They're targeting bigger and bigger companies and continue to figure out the entire financial services ecosystem," he says.
Will these attacks make organizations think twice about doing business via online transactions? "This problem must be solved, because the reversion back to non-electronic transactions is just not feasible."
The APWG's next quarterly report will reflect trends following last October's "Operation Phish Phry" in which 100 individuals in the U.S. and abroad were indicted in a sophisticated "phishing" operation that fraudulently collected personal information from thousands of victims.