Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response

Phishing Attacks: Industry Segmentation of Spoofed Brands

Created: 22 Dec 2006 08:00:00 GMT • Updated: 23 Jan 2014 18:54:13 GMT
Zulfikar Ramzan's picture
0 0 Votes
Login to vote

As part of the look at phishing statistics that I’ve blogged about recently, we analyzed the industry segmentation of the brands spoofed in a phishing attack. We divided the spoofed brands into the following categories:
• Financial - sites associated with online banking, brokerage, lending, and similar financial services or sites that directly support such a brand
• Service provider - sites that provide some common Internet-related services, including one or more of the following: Internet access, email accounts, or information portals
• General retail - sites that are associated with the sale of merchandise online
• Computer hardware - sites that are associated almost exclusively with the sale of computer hardware and peripherals
• Government - sites whose common URL ends in the .gov extension
• Social networking - sites whose exclusive purpose is to facilitate connection, collaboration, and communication among members, possibly resulting in the formation of online communities
• Certificate authority - sites whose purpose is to issue digital certificates for the purposes of enabling PKI-leveraging services, such as secure sockets layer (SSL) communications

We then went through data gathered from our Norton Confidential servers and ranked each spoofed brand by the number of unique phishing URLs associated with that brand, for the period from June through September, 2006. It turned out (not too surprisingly) that nine of the top ten spoofed brands are in the financial sector. In terms of the overall data picture the financial sector represented almost 84 percent of spoofed brands, retail came in second at 5.19 percent, and the remaining sectors were all below five percent (see table 1 and figure 1). Again, these numbers are not surprising because phishers are motivated by economic interests and therefore are more likely to go after financially oriented brands. For example, even the government sites that were spoofed were financially oriented.

phish_ind_tab2.jpeg
Table 1. Number and percentage of spoofed brands across industry sectors (Source: Symantec Corporation)


Figure 1. Industry breakdown of spoofed brands outside financial sector (Source: Symantec Corporation)

What we are seeing overall (as was pointed out in the tenth edition of the Symantec Internet Security Threat Report) is that phishers are focusing on where the money is; that is, in the financial services sector. At the same time, the scope of these attacks goes beyond financial services into other areas, such as Internet service providers and social networking sites. Further analysis is included in a more comprehensive report I put together on phishing statistics, available here.