Credit Unions, Smaller Institutions Now Phishing Targets
EBay and PayPal are no longer the primary targets of phishing emails; the phishers have cast their lures at customers of smaller businesses, including credit unions and other institutions, according to security vendor Sophos.
At this time last year, the number of messages pretending to be from eBay or its payment arm PayPal was about 85 percent of all phishing emails. Now it racks up 21 percent of the total phishing emails in September, says Graham Cluley, senior technology consultant at Sophos. "That's an impressive turnaround by anyone's standards," says Cluley.
“The phishers are not turning away from their life of crime, however,” he says. “They are now turning to a bigger pool of potential victims.”
This is confirmation of earlier stories that phishers are beginning to aggressively target progressively smaller institutions. (See Related Stories: https://www.bankinfosecurity.com/articles.php?art_id=510 Smaller Institutions and Phishing: Don’t Be Complacent; https://www.bankinfosecurity.com/articles.php?art_id=475 Online Attacks Increase at Financial Institutions).
The reason eBay and PayPal aren’t as popular targets as they used to be is attributed in part to online initiatives by those firms to educate their customers about phishing scams and to PayPal’s launch earlier in the year of its authentication token (See PayPal demo of its token: https://www.paypalobjects.com/en_US/m/demo/demo_SecurityKey/securitykey_us.html). This allows customers concerned with being a victim of fraud when using PayPal to generate a password to get onto the payment site.
Unsuspecting fresh phish is baited by spoofing small credit unions, other online retailers and overseas companies, says Cluley. He adds the amount of phishing attacks circulating has stayed relatively consistent over the past year, but now phishers are using these different tactics to try and fool recipients. He cautions that phishers are beginning to diversify, and any institution could be a target.