Phishing scam reports skyrocket in April

Reports of a type of online crime known as "phishing" surged by almost 200 percent in April, according to figures from a computer security industry group.

The Anti-Phishing Working Group (APWG) received reports of more than 1,100 unique phishing campaigns in April, a 178 percent increase from the previous month, according to figures shared with the IDG News Service. The reports represent a significant increase in phishing scams, which capture personal information from Internet users with a combination of unsolicited commercial ("spam") e-mail messages and Web sites designed to look like legitimate online businesses, said Dan Maier, director of product marketing at Tumbleweed Inc. and an APWG spokesman.

The large increase comes on the heels of a 43 percent rise between February and March, with financial services and retail companies getting hit particularly hard, said Maier.

Citibank Inc. alone was the target of 475 unique phishing scams in April. Each of those scams is a separate e-mail campaign that could contain tens of thousands or millions of fraudulent e-mail messages, Maier said.

Citibank did not immediately respond to a request for comment.

Ebay Inc. and its online payment service, PayPal, were also hit hard in April. Ebay was the target of 221 unique phishing campaigns, PayPal of 135, he said.

Other leading financial institutions were also frequent targets of phishing scams, including U.S. Bancorp. and FleetBoston Financial Corp., Maier said.

"Based on what (Tumbleweed) has been hearing in the last three or four weeks from our banking customers, there's an increasing urgency to solve the phishing problem," he said. "What's driving it, if you look at the (APWG) statistics for April, is that these companies are getting nailed."

While each report recorded by the APWG corresponds to a unique phishing campaign, the type of phishing attack that is used may not be new in every case, Maier said. In fact, the APWG has evidence that phishing Web pages are being traded online, in the same way that e-mail addresses are traded and sold by spammers, he said.

"This stuff is really prepackaged and ready to go. All you need is a Web server to host it on," he said.

The growing problem also points to increasing interest in the scams by malicious hacking groups and organized crime, Maier said.

"We've had confirmation from law enforcement in the U.S. that organized crime is behind some of these scams. We also do work looking at hacker sites, and we can see that hackers and script kiddies are definitely paying attention to this phenomenon and are beginning to work together," he said.

Financial gain may be one motivation for the increase in phishing scams. A recent study by Gartner Inc. found that as much as 3 percent of phishing scams may be successful, resulting in Internet users divulging sensitive information to the scam artists.

Based on a survey of 5,000 adult Internet users, Gartner estimated that as many as 30 million adults have experienced a phishing attack and that 1.78 million adults could have fallen victim to the scams.

The APWG said in the past that around 5 percent of phishing scams are successful, but that figure is based on anecdotal evidence, Maier said.

Subscribe to the Best of Macworld Newsletter

Comments