Phishing Scams Increase 1,200% in 6 Months

Beware your email.

In the last six months, the number of phishing email scams has increased 1,200 percent,putting end users and major companies at an even greater risk, according to a report fromMessageLabs Inc., a managed email security firm based in New York.

MessageLabs reports that last September its analysts had only seen 279 phishing emails. Butthat number had risen nearly 800-fold to 215,643. Phishing emails peaked in January with337,050.

”It’s a very dangerous trend,” says Paul Wood, chief information analyst at MessageLabs.”It’s preying on people’s vulnerabilities. They’re being conned into downloading virusesor giving away their financial information… Some people are having a lot of moneysiphoned from their bank accounts.”

Phishing is the latest online scam financial scam. It’s a con game based on posing.

Spammers send out millions of emails claiming to be from legitimate organizations, such asmajor U.S. banks or credit card companies. The spammers even fake the senders address so itappears to be from the company they’re posing to be. The message in the email often saysthere is a problem with the recipient’s account and it has been shut down. To reinstate theaccount, or deal with whatever fictional problem the email refers to, the user isinstructed to click on a link that then takes them to a phony Web site.

The users are then led to what is often a perfect replica of the Web site that the spammeris pretending to be. At this point, the victim is asked to ‘update’ his personal securityinformation, passwords, Social Security numbers, addresses and bank account information.The information is then used to siphon money out of the victim’s bank account or to makefinancial transactions with their money.

”In just six months, the number of phishing emails seen by MessageLabs has increasedexponentially — evidence that the number of individual scams has also risendramatically,” says Mark Sunner, chief technology officer at MessageLabs. ”For targetedorganizations, the impact can be high, including lost productivity, customer confusion andcomplaints, damage to the brand and legal implications. For individual users, the financiallosses can be excessive. If allowed to continue unchecked, online phishing scams threatento undermine confidence in e-commerce as a whole.”

According to MessageLabs, in the United States, Citibank, eBay, PayPal, Wachovia, Visa andBank of America are on the list of major banks and online transaction companies that havebeen targeted. In the United Kingdom, the perpetrators have gone after customers ofBarclays, NatWest and Lloyds TSB, among others.

The financial damage caused by online identity theft is not only mounting, it’s explodingat a growth rate of about 300 percent a year, according to a 2003 study by the AberdeenGroup, a Boston-based industry analyst firm.

Financial loss from identity theft is expected to reach $73.8 billion in the United Statesby the end of this year — $221.2 billion worldwide, reports Aberdeen analysts. The currenttrajectory — based on a 300 percent compound annual growth rate — has the figuresreaching $2 trillion by the end of 2005.

The virulent Mimail family of worms is on the scam.

Mimail-I and Mimail-J both carried out a phishing scam. Both try to induce users of PayPal,owned by eBay, to enter their credit card information into a pop-up window. The victim hasto click on an attached program to activate the virus and Mimail-J also asks for a SocialSecurity number and mother’s maiden name, two key pieces of data essential for identitytheft.

Sharon Gaudin
Sharon Gaudin
Sharon Gaudin is an eSecurity Planet contributor.

Top Products

Related articles