> Enterprise > Security Response > Internet Security Threat Report > View the Report > Spam and Fraud Activity Trends

Spam and Fraud Activity Trends

Spam and Fraud Activity Trends | Analysis of Spam Activity Trends | Analysis of Spam Activity by Geography, Industry Sector and Company Size | Analysis of Spam Delivered by Botnets | Spam Botnet Analysis – A Strategic Viewpoint | Significant Spam Tactics | Spam by Language | Spam by Category | Future Spam Trends: BGP Hijacking | Phishing Activity Trends | Analysis of Phishing Activity by Geography, Industry Sector and Company Size

Phishing Activity Trends


This section discusses the proportion of malicious email activity that is categorized as phishing attacks and looks more closely at the emerging trends, particularly social engineering techniques and how attackers can automate the use of RSS news feeds to incorporate news and current affairs stories into their scams.


The data for this section is based on the analysis of email traffic collected from global honeypots and from the analysis of malicious and unwanted email traffic data collected from customers worldwide. The analysis of phishing trends is based on emails processed by Skeptic technology, and analysis of phishing emails collected in spam honeypots. spam honeypots collected between 5–10 million spam emails each day during 2011.

Data and Commentary

Figure C.21. Phishing rates, 2010–2011. Source:
Figure C.22. Phishing category types, top 200 organizations, 2011. Source: Symantec
Figure C.23. Tactics of Phishing distribution, 2011. Source: Symantec


  • Overall for 2011, 1 in 298.9 emails was identified and blocked as a phishing attack, compared with 1 in 442.1 in 2010; an increase of 0.11 percentage points.
  • 85.2% of phishing attacks in 2011 related to spoofed financial organizations, compared with 56% in 2010.
  • Phishing URLs spoofing banks attempt to steal a wide variety of information that can be used for identity theft and fraud. Attackers seek information such as names, government-issued identification numbers, bank account information, and credit card numbers. Cybercriminals are more focused on stealing financial information that can make them large amounts of money quickly versus goods that require a larger time investment, such as scams.
  • Phishing schemes continued to use major events to entice recipients: Many email-based fraud attempts referred to major events in 2011. Examples included the Japanese earthquake, where the criminals would attempt to exploit people’s sympathies for the victims of the disaster. Many charities sought donations to provide support and cyber criminals exploited this by sending 419-scam emails in which they spoofed legitimate charities with fraudulent websites.
  • 36.2% of phishing attacks were conducted through the use of phishing toolkits.