Crime syndicates are expanding their efforts well beyond big banks and online merchants as they phish for cyber victims, according to a major antifraud collaboration.
"Once, only the largest banks were targeted. Now, every kind of enterprise from banks and credit unions of all sizes to charities to, in a recent case, a hardware manufacturer, are now seeing their brands exploited in all manner of fraud schemes," said Peter Cassidy, secretary general of the Anti-Phishing Working Group.
In its fourth-quarter 2009 report just released, the APWG said the number of hijacked brands reached a record 356 in October, compared with 341 in the previous record month of August 2009.
The APWG also said that while the number of unique phishing reports dropped nearly 30% in the fourth quarter of 2009, high-value targets such as personnel with treasury authority are attracting substantial attention from e-criminals.
"Phishers and malware attackers are sending emails to individuals in a highly targeted fashion, attempting to gain access to corporate online banking systems, corporate VPN networks, and other online resources," said APWG Chairman Dave Jevans.
"These attacks do not contribute significantly to the overall number of unique phishing emails that are sent, as they are not using broad-based spam. Rather, the attackers customize their email messages to target individual users," Jevans said.
The trade group's quarterly report also said that the total number of infected computers reported was 10.3 million worldwide in the fourth quarter, representing more than 47.8% of the total sample of scanned computers.