Phishing E-mail Landscape Unchanged during H2-2009

BitDefender, an Internet security company, in its newly published report outlines that there has been hardly any change in the number of phishing e-mails during July-December 2009 when compared with figures reported in January-June 2009.

The security company also states that phishing fraudsters shifted their attention towards those institutions, which could yield them the maximum profits in the least possible time-period.

These institutions were PayPal, Visa and eBay, with HSBC, American Express and Abbey Bank following them serially. Other institutions such as Ally Bank and the Bank of America ranked at the end as they got targeted by around 1% of all fraudulent phishing e-mails.

These scam e-mails mainly aimed at computer-users who used English and the facilities of a minimum of one institution among those just mentioned.

To cite an example, customers of eBay encountered a phishing scam, which told them that they should confirm their information by entering it into a form obtainable from a given web-link. However, the form had no connection with eBay rather it gathered financial and other sensitive information which could be utilized by the phishers to commit identity theft and credit card fraud.

Another significant e-mail scam, which targeted taxpayers in the USA, occurred during mid-September 2009, reports BitDefender. The related spam mail, supposedly from the Internal Revenue Service, used the subject line, "Notice of Underreported Income." It stated that the recipient should examine his tax-statement through a web-link apparently pointing to the IRS site. But the link actually led the user to a fake IRS form.

Hitting the link resulted in the download of Trojan ZBot on the user's computer, according to BitDefender.

Vlad Valceanu, Head of anti-spam Research Lab at BitDefender, stated that if an online scammer managed to get hold of an individual's username, he could retrieve that individual's password as well and use it to gain admission to the user's account. With such access, the scammer could then distribute spam through that account, make illegal transactions, or even hold the accountholder for ransom in return of freeing his compromised account, the chief explained, as reported by Infosecurity on December 31, 2009.

Related article: Phishing With A Redirector Code

» SPAMfighter News - 1/13/2010