Phishing Attacks Surge in Last Six Months

“We’ve been seeing two major trends: a dramatic increase in volume and an increase in quality,” Bennett said. “Before Phishing, emails were marked by bad grammar and formatting. Now, they’re flawless.”

Cyota has also observed an increased use of phishing tactics, involving sophisticated Trojans that don’t require duping a victim into providing information. The New York-based company has identified two variants: one is Trojan software that records all keystrokes, including passwords, on an infected computer, which it then emails back to the fraudster; the other variant waits until a user logs in to an online banking Web site to access the victim’s financial account.

“Once you’re in,” Bennet said, “they’re in, too. These guys are pretty clever.”

Because some Trojans can be activated by simply opening an email, clicking an attachment, or in some cases, merely browsing a certain Web site, the threat posed by phishers is likely to increase, Bennett added.

With Cyota’s proprietary technology, it can track the country where phishing attacks originate. The leading phishing-originating countries in non-sequential order are: the U.S., China, the U.K., Taiwan, and South Korea, which is roughly approximate to the leading spam-originating countries.

Cyota has even located do-it-yourself online phishing kits. The technology to pull off a phishing attack can be purchased for around $270.

In 2005, Bennett predicts phishing will become even more mainstream as fraudsters shift their focus from the most-attacked major banks to small and mid-sized institutions.