Phishing scam reports skyrocket in April

Financial services and retail companies were hit particularly hard

Reports of a type of online crime known as "phishing" surged last month, according to figures from a computer security industry group.

The Anti-Phishing Working Group (APWG) received reports of more than 1,100 unique phishing campaigns in April, a 178% increase from the previous month, according to figures shared with the IDG News Service. The reports represent a significant increase in phishing scams, which attempt to capture personal information from Internet users with a combination of unsolicited commercial e-mail messages and Web sites designed to look like legitimate online businesses, said Dan Maier, director of product marketing at Redwood City, Calif.-based Tumbleweed Communications Corp. and an APWG spokesman.

The large increase comes on the heels of a 43% rise between February and March, and financial services and retail companies were hit particularly hard, said Maier.

Citibank alone was the target of 475 unique phishing scams in April. Each of those scams is a separate e-mail campaign that could contain tens of thousands or millions of fraudulent e-mail messages, Maier said. Citibank didn't immediately respond to a request for comment.

EBay Inc. and its PayPal Inc. online payment service were also hit hard in April. The online retailer was the target of 221 unique phishing campaigns, and 135 targeted PayPal, Maier said.

Other leading financial institutions were also frequent targets, including U.S. Bancorp and FleetBoston Financial Corp., Maier said.

"Based on what [Tumbleweed] has been hearing in the last three or four weeks from our banking customers, there's an increasing urgency to solve the phishing problem," he said. "What's driving it, if you look at the [APWG] statistics for April, is that these companies are getting nailed."

Although each report recorded by the APWG corresponds to a unique phishing campaign, the type of attack that's used may not be new in every case, Maier said. In fact, the APWG has evidence that phishing Web pages are being traded online, in the same way that e-mail addresses are traded and sold by spammers.

"This stuff is really prepackaged and ready to go. All you need is a Web server to host it on," he said.

The growing problem also points to increasing interest in the scams by malicious hacking groups and organized crime, Maier said.

"We've had confirmation from law enforcement in the U.S. that organized crime is behind some of these scams. We also do work looking at hacker sites, and we can see that hackers and script kiddies are definitely paying attention to this phenomenon and are beginning to work together," he said.

Financial gain may be one motivation for the increase in phishing scams. A recent study by Gartner Inc. found that as much as 3% of phishing scams may be successful, resulting in Internet users divulging sensitive information to the scam artists (see story). Based on a survey of 5,000 adult Internet users, Gartner estimated that as many as 30 million adults have experienced a phishing attack and that 1.78 million adults could have fallen victim to the scams.

The APWG has said that around 5% of phishing scams are successful, but that figure is based on anecdotal evidence, Maier said.

Copyright © 2004 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon