Sharp rise in phishing emails

Concern for online banks and customers as report shows increase of 81 per cent in just six months

The number of phishing emails increased 81 per cent in the first half of this year, according to the latest Internet Security Threat Report from vendor Symantec.

Some 157,477 phishing messages were detected in the first six months of 2006, compared with 86,906 in the second half of 2005. Phishing involves sending emails pretending to be from online banks, asking users to enter their personal details on a fake web site.

Ollie Whitehouse, technical adviser at Symantec, says this growth in phishing is a concern for banks and customers.

‘The more information that phishers gather from social networking sites and other web facilities, the more targeted their attacks can be,’ he said.

The financial sector is the most heavily targeted, according to the report, accounting for 84 per cent of phishing sites during the six-month period.

‘Phishing attacks against this sector are most likely to produce the greatest monetary gain for attackers,’ says the report.

‘Nine of the top 10 brands phished this period were from that sector.’

The sharp increase could be a result of attackers attempting to bypass filtering technologies by creating multiple randomised messages, says the report.

The variations often consist of minor changes or differences in the URLs included in the email.

Thomas Raschke, senior analyst at Forrester Research, says banks must educate their customers better about phishing.

‘The gap between those who use the internet and those who trust online banking is something the financial community needs to address,’ he said.

The report also found an increased use of Web 2.0 sites such as blogs or online communities to distribute malware, with links to fraudulent web sites, malicious code and other threats.

What do you think? Email us at [email protected]