ISTR XIII: Phishing and Spam Trends
Phishing is an attempt by a third party to solicit confidential information from an individual, group, or organization by mimicking (spoofing) a specific, usually well known brand, usually for financial gain. Phishers attempt to trick users into disclosing personal data, such as credit card numbers, online banking credentials, and other sensitive information, which they may then use to commit fraudulent acts.
During the second half of 2007, the majority of brands targeted by phishing attacks were in the financial services sector, accounting for 80 percent. This is virtually unchanged from the 79 percent reported in the first half of 2007. The financial services sector also accounted for the highest volume of phishing Web sites during this period, at 66 percent, down slightly from 72 percent in the first half of 2007. Since most phishing activity pursues financial gain, successful attacks using brands in this sector are most likely to yield profitable data, such as bank account credentials, making this sector an obvious focus for attacks.
Symantec observed 87,963 phishing Web site hosts during the second half of 2007. This is an increase of 167 percent from the first half of 2007, when Symantec detected only 32,939 phishing Web site hosts. Between the second half of 2006, when 13,353 phishing Web site hosts were detected, and the second half of 2007, Symantec observed a dramatic increase of 559 percent in phishing Web site hosts.
There are a number of factors contributing to this increasing trend that Symantec is observing. This includes the growth in availability and adaptability of phishing toolkits that allow phishers to work faster and with greater efficiency, as well as the more prominent use of the fast-flux* communication infrastructure in botnets.
To protect against potential phishing activity, administrators should always follow Symantec best practices as outlined in Appendix A in Volume XIII of the Symantec Internet Security Threat Report. Symantec also recommends that organizations educate their end users about phishing. They should also keep their employees notified of the latest phishing attacks and how to avoid falling victim to them, as well as provide a means to report suspected phishing sites.
For more information on phishing trends, as well as trends in other malicious activity, please see the latest Symantec Internet Security Threat Report.
* Fast-flux basically allows a single URL to resolve to a number of different IP address, or computers, by changing the URL’s DNS mapping rapidly and constantly.