The number of phishing attacks being launched each month has increased ten fold this year, security company MessageLabs reported on Monday.
The company, which has intercepted almost 20 million phishing emails throughout 2004, said in its annual report that the number of phishing attacks has soared from 337,050 in January to 4.5 million in November. Interestingly, the rate rose most sharply between June and July -- from 264,254 to 2.5 million -- which could be due to the widespread use of zombie networks. In September 2003 the company intercepted only 279 phishing emails.
"Email security attacks remain unabated in their persistence and ferocity," said Mark Sunner, chief technology officer at MessageLabs. "The major development of the year has undoubtedly been the emergence of phishing -- in just twelve months it has firmly established itself as a threat to any organisation or individual conducting business online."
"We believe that the singling out of certain companies to be the victim of phishing attacks could signal the beginning of a wider trend," added Sunner. "Already particular businesses are threatened and blackmailed, indicating a shift from the random, scattergun approach, to customised attacks designed to take advantage of the perceived weaknesses of some businesses."
Fraudsters behind phishing attacks, dubbed phishers, have also refined their techniques to increase their catch. Recent scams have captured online banking details automatically without users clicking on any links. MessageLabs said that phishers have also tried to recruit unsuspecting users into becoming money launderers, by offering employment opportunities with legitimate organisations.
The company found the amount of spam and email viruses sent over the Internet has also risen since last year. This year, it found that one in 16 emails was infected with a virus, which is double the rate of 2003 when it was one in 33. It added that 73 percent of email was identified as spam in 2004.
MessageLabs said it also saw a rise in tailored malicious attacks on companies, such as denial-of-service attacks on Web gambling companies.