Phishing Trends: Numbers up, Corporate Accounts Targeted

Analyst: 'I Think We're in for a Challenging Year'
Phishing Trends: Numbers up, Corporate Accounts Targeted
The latest report from the Anti Phishing Working Group paints a distressing picture for anyone doing transactions online, says Dave Jevans, Chairman of the APWG.

All phishing numbers are on the rise. The number of unique phishing reports submitted to APWG for the third quarter of 2009 reached a record 40,621 in August --10 percent more than the previous record set in September 2007.

"What we are all seeing is that the criminals are still continuing their attacks and it is getting worse," Jevans says. "They're getting way more sophisticated."

The number of unique phishing websites reached a record 56,362 in August, displacing the previous reported high of 55,643 in April 2007. The number of hijacked brands rose to a high of 341, up more than 10 percent from the previous record of 310 in March 2009.

What really worries Jevans is the targeting of corporate bank accounts and high-wealth customers, as well as the circumvention of authentication technology. "These criminals are rapidly figuring out how the financial industry works, where there is big money and large transfers, so they can basically do large wires out of these accounts without setting off fraud alerts."

Jevans says bluntly, "I think we're in for a challenging year." He's heard from banks telling him it is a hostile environment. "They're scrambling for answers to this because they just can't be everywhere the hackers are -- even on the users' computers."

Jevans adds he is concerned that the amount of losses and the size of individual companies being defrauded continue to increase. "They're targeting bigger and bigger companies and continue to figure out the entire financial services ecosystem," he says.

Will these attacks make organizations think twice about doing business via online transactions? "This problem must be solved, because the reversion back to non-electronic transactions is just not feasible."

The APWG's next quarterly report will reflect trends following last October's "Operation Phish Phry" in which 100 individuals in the U.S. and abroad were indicted in a sophisticated "phishing" operation that fraudulently collected personal information from thousands of victims.

About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.