Phishing attacks decrease, but respite may be short-lived

Peter Dinham
Sunday, 11 October 2009 04:39

Business IT - Security

Phishing attacks around the globe dropped by five percent over recent weeks and there was a significant decrease in attacks using phishing toolkits, but the respite from the dreaded phishers may be short-lived.

In its October report on phishing activity, Symantec found that although 25 percent of phishing URLs were generated using phishing toolkits, this was still a decrease of 21 percent since August this year.

According to Symantec, while the decrease in toolkit attacks was observed across all sectors, it says that this “possibly could be a short term variation in the strategies of the fraudsters”, before we see a resurgence in the forthcoming holiday season.

Symantec also said it had observed that the cutback in toolkit attacks has, in recent months, resulted in a slight increase in attacks employing other tactics such as Typo squatting.

In other findings in its latest survey covering September, Symantec says non-English phishing sites decreased by 33 percent compared to August, more than 110 Web hosting services were used, which accounted for 11 percent of all phishing attacks, and although the proportion remained the same as in August, there was a 3 % decrease in total Web host URLs in September.

Symantec also observed that there was a continuous fluctuation in toolkit attacks throughout September, but that there was a sharp increase observed in the toolkit attack (primarily targeting a payment processing company) in the first week of the month.

Worryingly, Symantec identified an increase in a phishing tactic used in an attack targeting US taxpayers in September. According to Symantec, the phishing attack was facilitated by spam email messages targeting the Internal Revenue Service tax settlement program for the US taxpayers. It says the phishing scam requested the intended victims to review their tax statement online by clicking on the link provided.

CONTINUED page 2