Study: Phishing surges 240 per cent

The latest messaging statistics show the number of phishing emails sent has shot up month-on-month, with one gang looking to cash in on the credit crunch.

The number of phishing emails detected shot up in November, according to the analysis of one hosted web security provider.

Of the 103 million messages Websense processes a day, three in every 50 were from phishing sites, which amounted to a month-on-month increase of 240 per cent, or 83 per cent of all email.

It also noted that 90.5 per cent of spam included an embedded uniform resource locator (URL), a higher percentage than ever seen previously, supporting security experts that say phishing techniques have become more sophisticated to capitalise on the credit crunch.

The vendor's trends analysis found one key gang was again behind the phising surge, designed to get unwary users to reveal sensitive user account credentials, as most exploits use kits originally created to lure people to fake sites that included a distinctive subdirectory named rock'. But the group abandoned the technique when phishing filters began looking for the word.

"Rock phishers have once again indicated their interest in obtaining user account credentials, using mass phishing campaigns targeting banks (with recent attacks reported on Suntrust, Lloyds, and Bank of America)," it said.

And it pointed to recent SANS Internet Security Centre research that found a well-formatted phishing email could achieve a 10-per-cent clickthrough rate, whereas a targeted one could score upwards of 80 per cent.

The monthly analysis also found phishing authors are continuing to push several sophisticated crimeware packages, including so-called blended threats' using fake image and URL links that can get silently installed on the victim's PC.

And another emerging phishing trend were "phishes that bite back," even if a frustrated user returns a fake website form in with junk information. In August, SecureWorks researcher, Joe Stewart posted details of how an incomplete form returned to Asprox botnet host would subject the user's browser to a number of additional exploits.

Websense said these kinds of attacks could only be identified and countered using professional security expertise and warned those organisations relying on purely in-house IT security that operating costs would "skyrocket" in attempts to keep up with the likes of the Rock phishers.

At the very least, "without a strong messaging security solution, customers will experience bandwidth and storage capacity issues, frustration and a drain in productivity, not to mention exposure to significant security risk," said the report.

Featured Resources

Four cyber security essentials that your board of directors wants to know

The insights to help you deliver what they need

Download now

Data: A resource much too valuable to leave unprotected

Protect your data to protect your company

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

Recommended

DeviceSHIELD combats rising cyber attacks and online fraud amid COVID-19
Security

DeviceSHIELD combats rising cyber attacks and online fraud amid COVID-19

24 Nov 2020
350,000 Spotify users hacked in credential stuffing attack
Security

350,000 Spotify users hacked in credential stuffing attack

24 Nov 2020
WAPDropper malware hooks you up to premium telecoms services
Security

WAPDropper malware hooks you up to premium telecoms services

24 Nov 2020
VMware sounds alarm over zero-day flaws in multiple products
Security

VMware sounds alarm over zero-day flaws in multiple products

24 Nov 2020

Most Popular

macOS Big Sur is bricking some older MacBooks
operating systems

macOS Big Sur is bricking some older MacBooks

16 Nov 2020
46 million Animal Jam accounts leaked after comms software breach
Security

46 million Animal Jam accounts leaked after comms software breach

13 Nov 2020
How computing has revolutionised Formula 1
Sponsored

How computing has revolutionised Formula 1

11 Nov 2020