Phishing Attack Targets Multiply Across Globe in November

Corporate Treasury and Data Assets Targeted

The Anti-Phishing Working Group (APWG) announced today that the number of reported brands attacked by phishers in November exceeded all previous records, reaching some 178 financial institutions and government agencies whose identities were co-opted for phishing campaigns against consumers.

The November analysis reports the number of corporate and government identities being exploited by phishers was up 2.23% over the previous high in April, 2007 and more than 48% from last October. APWG noted increases in Middle East and European financial services companies being targeted in addition to large US banking institutions and credit unions as well as a number of national government tax revenue agencies.

“The attack surface is becoming increasingly fragmented as phishing groups identify and exploit technical and social-engineering opportunities to organize scams against financial institutions,” said APWG Secretary General Peter Cassidy. “This highlights the need to coordinate the collection of data related to electronic crime for forensic applications.”

The number of phishing campaigns fell for the second consecutive month since September to 28074 in November, down from 31650 recorded last October. APWG contributing analysts interpret decreasing numbers of reports of conventional phishing campaigns and phishing websites last fall as, in part, a precipitate of eCrime gangs’ increasing focus on targeted phishing attacks against key corporate personnel to secure credentials for theft against corporate assets.

Laura Mather, Senior Scientist at MarkMonitor and Managing Director of Operational Policy for APWG said, “We are seeing executives of companies receiving specially targeted emails that attempt to do two things: 1) Install malware to give the phisher access to the corporations’ systems and 2) Gain access to the corporations’ bank accounts.”

The complete report is available at the APWG’s website here:

http://www.antiphishing.org/reports/apwg_report_nov_2007.pdf

About the Anti-Phishing Working Group

The Anti-Phishing Working Group (APWG) is an industry, government and law enforcement association focused on eliminating the identity theft and fraud that result from the growing problem of phishing, email spoofing and crimeware. Membership is open to qualified financial institutions, online retailers, ISPs, the law enforcement community and solutions providers. There are more than 1,700 companies and government agencies participating in the APWG and more than 3,000 members. The APWG’s web site (http://www.antiphishing.org) offers the public and industry information about phishing and email fraud, including identification and promotion of pragmatic technical solutions that provide immediate protection.

Contacts

APWG
Peter Cassidy, 617-669-1123
pcassidy {at} antiphishing(.)org
or
Websense, Inc.
Cas Purdy, 858-320-9493
cpurdy {at} websense(.)com
or
MarkMonitor, Inc.
Te Smith, MarkMonitor, 831-818-1267 (mobile)
te.smith {at} markmonitor(.)com