Now that we’re near the end of the year, I thought I’d spend some time looking back at the phishing threat and reviewing some of the noteworthy trends. There are three high-level aspects that I’d like to touch upon:
1) The overall increase in phishing activity
2) New phishing attack vectors
3) New antiphishing techniques
First, phishing activity has steadily increased during the course of 2006. We’ve seen increases in both the number of phishing Web sites that go up as well as the number of unique phishing emails being sent out. Most targets are in financial services, but phishers have expanded their scope to include retailers, social networking sites, service providers, government sites, and even certificate authorities.
In addition, we’re seeing semblances of “corporate” behavior in phishing attack patterns. For example, phishers seem to be working normal business workdays and, therefore, are less active during...