Following on from an APACS report into a massive increase in the number of phishing attacks in the UK, RSA has released some interesting stats regarding this type of fraud.
This month 11 percent of fake banking websites attempted to spoof UK banking brands, while 75 percent of false banking sites targeted customers of US banks.
The UK hosted 2 percent of these false banking sites, while the US hosted 63 percent of phishing sites globally.
After the US and the UK, in descending order, Spanish, Italian, Mexican, Australian, German, Canadian and Irish online banking customers were targeted.
After the US, the top hosting countries in descending order were Germany, Hong Kong, Australia, Japan, France, South Korea, Belize, China, and the UK.
Can we draw any conclusions from this? Well, just relying on these stats (which is always dangerous), it appears that US hosted phishers are more likely to target US banking customers, while Latinate language banking customers are more likely to be targeted by phishers hosted in Asia.
Obviously, it also appears that most phishers are targeting US and UK banking customers.
We know where the phishing sites are hosted. Where the slippery phishermen are themselves is a different question altogether -- but one that's answerable. They are normally outside of the jurisdiction of the countries whose people they're attacking.
Who these phishers actually are is a question that seems to flummox most security experts and policemen - because of jurisdictional issues. This makes phishing a low risk, high yield crime, which will therefore probably lead to (you guessed it)... more phishing.