Jump in Phishing Attacks in December

"Phishing" attacks surged dramatically in the runup to Christmas, with more than 60 million fraudulent email messages sent out over two weeks in mid December, according to data from an industry group.

The Anti-Phishing Working Group identified more than 90 unique email fraud and phishing attacks in November and December, as scammers sought to capitalize on the increased online shopping activity during the holiday season. Numerous campaigns employed a widely publicised bug in Internet Explorer that allows fraudsters to construct more convincing urls.

Phishing attacks trick account holders into divulging sensitive account information through the use of e-mails which appear to come from trusted financial institutions and retailers. The Anti-Phishing Working group estimates that approximately 5 percent of recipients respond to the e-mails, which typically direct unsuspecting victims to enter account information into a web site operated by the fraudster.

"Bogus e-mails that try to trick customers into giving out personal information are the hottest, and most troubling, new scam on the Internet," said Jana Monroe, Assistant Director of the FBI's Cyber Division.

"The spam epidemic has rapidly evolved from a nuisance to a real security threat with the shift from dubious advertising to financial crime and identity theft," said Dave Jevans, Chairman of the Anti-Phishing Working Group. "Consumer phishing attacks are dangerous, and are quickly increasing both in number and in sophistication."

Recent phishing expeditions have targeted customers of NatWest, Visa, Citibank, PayPal, eBay, Bank of America, Bank One and Westpac.

Netcraft has developed a service to help banks and other financial organizations identify sites which may be trying to construct frauds, identity theft and phishing attacks by pretending to be the bank, or are implying that the site has a relationship with the bank when in fact there is none.