ISTR XIV: Spam and Phishing During the Economic Downturn
Despite the recent economic downturn, phishing and spam scams are still profitable for attackers, possibly because phishers are able to quickly target their scams to match prevailing attitudes. For instance, phishers are enticing potential victims with lures that spoof well-known financial institutions and which promise easy access to low-interest loans and credit. Spammers are also attempting to use the uncertainty of the financial situation to their advantage. While it might be expected that spam offering stock market tips or other financial opportunities would drop off during a period of market uncertainty, it is likely that such a drop-off would be balanced out by an increase in spam offering such recession-related enticements as low-interest loans and easy access to credit.
Many phishing attacks that spoof financial services brands prompt users to enter credit card information or banking credentials into fraudulent sites. If this ruse is successful, phishers can then capture and sell such information in the underground economy. This has been made easier for phishers because of the increasing acceptance of ecommerce and online banking. For example, 44 percent of Internet users in the United States perform some degree of online banking, as do 64 percent of users in Canada and 46 percent of those in France. Because of this, end users may be more willing to enter their information into fraudulent websites that mimic the brand of their financial services provider.
The majority of brands used in phishing attacks in 2008 were in the financial services sector, accounting for 79 percent of the total, down slightly from the 83 percent reported in 2007. Phishing is often carried out for the purpose of financial gain. Brands and activities associated with the financial sector are most likely to yield data that could be used in financially motivated attacks, such as bank account credentials.
The rise in phishing lures that spoof financial services is reflected in the significant amount of credit card information that was offered on underground economy servers in 2008. The top two most frequently advertised items observed on underground economy servers were credit card information and bank account credentials, in that order. Together, these two categories accounted for more than half of the goods and services advertised in 2008. One reason for the high number of credit cards advertised may be their high frequency of use. For example, the 23.6 billion credit card transactions in the United States in 2007 represent a growth of six percent over the previous year.
Despite the economic slowdown of the last half of 2008, both the number of online credit cards purchases by consumers and the amount of purchases continues to increase. Online spending for 2008 has been growing since the previous year, with sales increasing six percent for the third quarter. Also, there was a 15 percent increase in sales for Cyber Monday from the previous year in the United States. Cyber Monday is the first Monday after the U.S. Thanksgiving, which marks the beginning of the online shopping season. This is typically the busiest online shopping day of the year. Many online stores were offering financing options, no payments for 90 days, and heavy discounts to attract customers.
Credit cards may also be popular on underground economy servers because using fraudulent credit card information for activities such as making online purchases is relatively easy. Online shopping can be easy and fast, and a final sale often requires only basic credit card information. Someone knowledgeable enough could potentially make many transactions with a stolen card before the suspicious activity is detected and the card is suspended. Once the purchases have been completed and the merchandise delivered, it can then be fenced for a profit. Also, online merchants who do not implement multi-level security features are likely attractive to criminals who wish to conduct fraudulent transactions without hassle.
To protect against phishing attempts, make sure your computer has a strong security profile that includes tools such as antivirus software, antispam software, firewalls, toolbar blockers, and other malicious software detection methods. Also, never disclose any confidential personal or financial information unless you can confirm that such a request is legitimate. You should also avoid following links from within messages, as these may be links to spoofed websites.
If possible, only undertake higher-risk Internet activities, such as online banking or purchases, on your own computer rather than on public terminals. You should avoid storing passwords or bankcard numbers and you should review your banking and credit card information frequently. Finally, you should limit the amount of publicly available information you post online, including on social networking sites, as attackers may take advantage of this public information in phishing scams.
For more information about the current threat landscape, please see Volume XIV of the Symantec Internet Security Threat Report.