Phishing Assaults Increase 38% After Cyber-Criminals Find Toolkits’ Competence
In its "State of Spam And Phishing, March 2011" report, Symantec the United States-based security company states that there has been a 38.56% surge in phishing attacks in February 2011, since online-crooks once again found the prowess that were of phishing kits. Infosecurity-magazine.com reported this dated March 18, 2011.
Reveals Symantec.com, March 16, 2011, spam levels on average rose 8.7% daily from January to February 2011, accounting for 80.65% of the total e-mail during February against 79.55% during January.
Unique domains rose 33.73% while phishing sites having Internet Protocol addresses declined 47.22%. Service providers for web-hosting supported 13% of the entire phishing attempts, a rise of 38.97% since January 2011. There was also a considerable rise in the total count of phishing websites (76.51%) that used languages other than English. The non-English websites for phishing that topped the charts during February 2011 included the Spanish, French and Portuguese sites, according to Symantec.com.
Furthermore, Symantec's report as well outlines that there were massive phishing attacks targeting popular credit card companies with the help of bogus SSL (Secure Socket Layer) credentials in February 2011. The company notes that phishing sites based on SSL credentials aren't found often and their numbers generally are extremely low. Meanwhile, for developing a SSL-based phishing website, the phisher must design a bogus SSL certificate alternatively compromise an authentic certificate so that he can get the newly-crafted website encrypted. Says Symantec that in both these instances, it has seen a fewer number of SSL-based phishing websites. During February 2011, there were around 100 phishing sites, which relied on bogus SSL certificates, reported Infosecurity-magazine.com.
However, to remain safe, Symantec suggests e-mail users for opting-out from messages which though legitimate are not desirable, carefully choose the websites that ask to register with e-mail ids as also erase all spam. Moreover, they shouldn't follow dubious web-links within IM messages or e-mails since those could lead onto phishing sites; and never respond to messages which request to provide one's password, financial or other personal information.
Related article: Phishing With A Redirector Code
» SPAMfighter News - 28-03-2011