Phishing attacks soar as more brands are targeted

Phishing attacks soar as more brands are targeted

Summary: Overall confidence in e-commerce has not been damaged despite the rises, according to one expert

TOPICS: Security

Phishing attacks reached a new high at the end of 2005 after growing steadily all year, according to a report published on Wednesday.

The number of unique email-based fraud attacks detected in November 2005 was 16,882, almost double the 8,975 attacks launched in November 2004, said the report published by the Anti-Phishing Working Group (APWG), an industry consortium that provides information on phishing trends.

Phishing emails pretend to come from legitimate companies, such as banks and e-commerce sites, and are used by criminals to try and trick Web users into revealing personal information and account details.

The number of brands targeted increased by nearly 50 percent over the course of 2005, from 64 to 93 in November.

Despite these statistics, businesses should not worry about the effect on general consumer confidence, according to Internet security company Websense.

"One big attack will temporarily hurt a brand, but the increase in e-commerce is not slowing down," said Mark Murtagh, Websense technical director for Europe, the Middle East and Africa. "Although phishing is increasingly in the news, online banking is increasing in popularity."

Top brands are continuing to be hijacked, with phishers using established names to try and lure people to their sites, Websense said. Most phishing sites spoof global ecommerce and banking institutions.

"eBay is often spoofed, for obvious reasons. Google is increasingly being targeted because of its expansion into different business application models. The big banking names are used too — HSBC, Citigroup, Lloyds — all the major brands".

Phishers use of global brands in understandable, said Murtagh: "There's no point in using local names if the attack is global."

Attacks are becoming increasingly sophisticated, with a quarter of all phishing Web sites hosting keylogging malware. Users can become infected just by visiting the sites, Murtagh warned.

"Before, people had to click on a site to download malicious code. If they went to a Web site and thought it looked 'phishy', they could leave and probably not be harmed. Now with most phishing sites they just have to visit one to become infected.

"Twenty-five percent of those sites now host keylogging code, and if you visit one you will probably open yourself to identity theft or fraud."

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to start the discussion