January 20, 2005 1:29 PM PST

Banks bearing the brunt of phishing scams

Related Stories

Man arrested for tsunami e-mail scam

January 18, 2005

Texas aims to snag spammers

January 14, 2005

FTC sues to stop porn spammers

January 11, 2005

Report: Schools swamped by spam

January 10, 2005

Firefox flaw raises phishing fears

January 7, 2005
Financial services companies remain the most frequent targets of online phishing schemes, according to the latest figures released by an organization working to fight the scams.

The Anti-Phishing Working Group, a consortium of businesses and law enforcement officials, said Thursday that 85 percent of all reported phishing attacks during the month of December directly focused on banks and similar companies.

Phishing schemes typically consist of e-mail messages that appear to come from trusted companies which attempt to lure people to bogus Web sites where they're asked to divulge sensitive personal information. Once armed with that data, criminals will often attempt to use it to commit identity fraud.

Related feature
Have you been phished?
Check here to see whether an e-mail that appears to be from your bank or an online merchant is actually an attempt to defraud you.

Overall, the group said that there were 9,019 new, unique phishing campaigns reported over the course of December, representing a 6 percent increase over November's total. Since July 2004, when there were only 2,625 reported attacks, the volume of new schemes has grown by approximately 38 percent.

APWG said that the number of Web sites supporting the scams has grown at an even faster rate. In December, there were 1,707 phishing-related sites reported--a jump of 10 percent over November, when the group tracked 1,546 such fraudulent URLs. The tally has increased by roughly 24 percent per month since August 2004.

The APWG report also found that the number of individual companies targeted by the schemes is growing. There were 55 brands specifically mentioned in phishing campaigns last month--up from 51 companies in November, and 44 in October 2004.

Executives at APWG said the predominance of financial services phishing scams during the month of December bucked the widely held notion that retail sites would come under intense attack as unsuspecting consumers logged on to do their holiday season shopping.

"The concurrent proliferation of targeted brands and concentration of phishing focus on financial institutions is, of course, disturbing," APWG Chairman David Jevans said in a statement. "No brand is really safe, but it is interesting to note that the concentration on phishing attacks against financial institutions actually increased to a new high during a time when many were concerned that opportunistic phishers would spoof retail sites."

In a recent interview with CNET News.com, Mike Cunningham, senior vice president of fraud management at Chase Card Services, a division of financial services giant JPMorgan Chase, said that despite the proliferation of phishing schemes aimed at companies in his industry, consumers have yet to grow reluctant to conduct their business online.

"I don't believe customers are avoiding the online channel because of (phishing), I think they're becoming more wary and figuring out what sort of things banks will or will not send you via e-mail," Cunningham said. "We haven't seen any decline in use of online channels and, in fact, that business continues to grow."

However, industry watchers following the growth of the phishing phenomenon have predicted that that the explosion of financial services-oriented scams could have a long-term effect on that industry and encourage customers not to communicate with their providers via the Web.

"At one point we thought these attacks were rare, but now they are so common in financial institutions that we see huge amounts of them and have to continually warn people to be wary," said Susan Larson, vice president of global content for SurfControl, a company that markets e-mail filtering software. "There's a growing perception that you have to be careful of anything coming from financial institutions, or companies like PayPal, and that can't be good for business in the long run."

1 comment

Join the conversation!
Add your comment
Paypal phishing & Bank emails
I feel sorry for PayPal. I've received so many phishing emails
from the phished support@paypal.com that I blocked the
address. Legitimate emails from them will never make it to me.

But for email where you have to sign in to view your account,
there's a solution that seems both elegant & phish/spoof-proof
that BofA has implemented: The only way I can send or view
email from them is if I'm logged onto my account on their site.
And if I need to know that a response is posted on the site, the
bank can email me to tell me to 'check my bank mail'.

When I log on it's obvious if I have new mail. It is a little
inconvenient, but it's a price I'm willing to pay for safety.

Yes, I do get emails from _individuals_ at the bank, but those
individuals are known to me.
Posted by Cynthialk (2 comments )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.