C-Level Executive Phishing Attacks On The Rise

C-Level Executive Phishing Attacks On The Rise
C-Level Executive Phishing Attacks On The Rise 6103681 

By Thomas Claburn
February 4, 2008

Businesses and government agencies face a rising number of phishing 
attacks targeting high-level executives.

The Anti-Phishing Working Group on Monday said that in November the 
identities of 178 financial institutions and government agencies, a new 
record, were co-opted by phishers in an effort to dupe victims into 
revealing information. This represents a 2.23% increase from the 
previous high in April and a 48% increase from October.

At the same time, the number of phishing campaigns overall fell for the 
second consecutive month, dropping to 28,074 in November from 31,650 in 
October. The APWG attributes this decline in part to "eCrime gangs' 
increasing focus on targeted phishing attacks against key corporate 
personnel to secure credentials for theft against corporate assets."

"The attack surface is becoming increasingly fragmented as phishing 
groups identify and exploit technical and social-engineering 
opportunities to organize scams against financial institutions," said 
APWG secretary general Peter Cassidy in a statement.

The APWG is comprised of law enforcement organizations and industry. 
Many of the companies involved in the group profit from the sale of 
security products.

Last week, MessageLabs, a messaging security company unaffiliated with 
the APWG, issued a similar report. Mark Sunner, the company's chief 
security analyst, said there had been a rapid rise in the number of 
targeted phishing attacks. Many of these, he said, were being directed 
at C-level executives.

In 2005, MessageLabs detected two attacks per week involving targeted 
Trojans out of 1.5 billion messages. In 2006, it found one such attack 
per day out of 180 million messages. In May 2007, it saw 10 targeted 
attacks per day out of 250 million messages. In November, it was seeing 
924 targeted attacks every five hours.

Laura Mather, senior scientist at MarkMonitor and managing director of 
operational policy for APWG, said in a statement that executives at 
companies are receiving specially targeted e-mail messages that attempt 
to install malware in order to gain access to corporate systems and bank 

Also in November, China overtook the United States as the top phishing 
site host. The APWG said that 24.21% of phishing sites detected were 
hosted in China, compared to 23.85% in the United States.

This trend may further fuel worries about Chinese espionage, which the 
U.S.-China Economic and Security Review Commission called "the single 
greatest risk to the security of American technologies" in its November 
report to Congress. It's worth noting, however, that those behind 
phishing attacks are not necessarily located in the countries where 
their phishing servers can be found.

Subscribe to InfoSec News 

Site design & layout copyright © 1986-2015 CodeGods