Phishing Attacks Level Off in May

After months of rapid growth, the number of phishing attacks leveled off in May, rising just 6 percent with a total of 1,197 unique campaigns, according to new data from the Anti-Phishing Working Group (APWG).

The group, which battles identity theft and fraud tied to phishing and web site spoofing, said the modest increase from April's 1,125 attacks was likely related to the Memorial Day holiday in the U.S., as attacks declined late in the month. Even so, the data marks a significant departure from increases of 180 percent in April and 43 percent for March.

The most frequent target was once again Citibank with 370 attacks, down from 475 in April. Phishing scams targeting eBay (293) and its PayPal subsidiary (149) are still on the rise, while U.S. Bank emerged as a new favored target of fraud artists with 167 attacks.

The APWG reported that 95 percent of phishing scams use fake e-mail addresses purporting to be from the target institution, as opposed to the use of "social engineering" using official-sounding domains registered by scammers. Just 3 percent of May scams used such domains as the return address.

Phishing attacks seek to trick account holders into divulging sensitive account information through the use of e-mails which appear to come from trusted financial institutions and retailers.

Netcraft has developed a service to help banks and other financial organizations identify sites which may be trying to construct frauds, identity theft and phishing attacks by pretending to be the bank, or are implying that the site has a relationship with the bank when in fact there is none.