By Thomas Claburn
February 4, 2008
Businesses and government agencies face a rising number of phishing
attacks targeting high-level executives.
The Anti-Phishing Working Group on Monday said that in November the
identities of 178 financial institutions and government agencies, a new
record, were co-opted by phishers in an effort to dupe victims into
revealing information. This represents a 2.23% increase from the
previous high in April and a 48% increase from October.
At the same time, the number of phishing campaigns overall fell for the
second consecutive month, dropping to 28,074 in November from 31,650 in
October. The APWG attributes this decline in part to "eCrime gangs'
increasing focus on targeted phishing attacks against key corporate
personnel to secure credentials for theft against corporate assets."
"The attack surface is becoming increasingly fragmented as phishing
groups identify and exploit technical and social-engineering
opportunities to organize scams against financial institutions," said
APWG secretary general Peter Cassidy in a statement.
The APWG is comprised of law enforcement organizations and industry.
Many of the companies involved in the group profit from the sale of
Last week, MessageLabs, a messaging security company unaffiliated with
the APWG, issued a similar report. Mark Sunner, the company's chief
security analyst, said there had been a rapid rise in the number of
targeted phishing attacks. Many of these, he said, were being directed
at C-level executives.
In 2005, MessageLabs detected two attacks per week involving targeted
Trojans out of 1.5 billion messages. In 2006, it found one such attack
per day out of 180 million messages. In May 2007, it saw 10 targeted
attacks per day out of 250 million messages. In November, it was seeing
924 targeted attacks every five hours.
Laura Mather, senior scientist at MarkMonitor and managing director of
operational policy for APWG, said in a statement that executives at
companies are receiving specially targeted e-mail messages that attempt
to install malware in order to gain access to corporate systems and bank
Also in November, China overtook the United States as the top phishing
site host. The APWG said that 24.21% of phishing sites detected were
hosted in China, compared to 23.85% in the United States.
This trend may further fuel worries about Chinese espionage, which the
U.S.-China Economic and Security Review Commission called "the single
greatest risk to the security of American technologies" in its November
report to Congress. It's worth noting, however, that those behind
phishing attacks are not necessarily located in the countries where
their phishing servers can be found.
Subscribe to InfoSec News