Tricking consumers into giving up identifying credentials with phishing e-mails continues to be a popular practice for fraudsters, who are using increasingly sophisticated and easy-to-use kits to produce new attacks, according to a new report.
Just more than 16,000 individual attacks were recorded worldwide in November 2010, according to RSA, the Security Division EMC, a 5% increase over the month before.
But there's a new twist. "One of the latest types of phishing attacks to emerge is one that simultaneously targets the brands of multiple organizations through a single attack," the company said in its December report issued early this month.
The social engineering touch includes distributing the attacks under the guise of important notices from tax collection agencies of different countries, using e-mails that also include a list of bank logos that invite the recipient to click and claim a tax refund.
Another scam that appears to be growing in popularity is phishing e-mails that appear to be customer satisfaction surveys from major consumer brands. They promise a monetary award to participants but ask for online banking credentials so the award can be credited.
"The threat of phishing seems almost insignificant these days with all the talk of malware and Trojans. However, just because it is an old scam that consumers are able to spot more easily (thus, making it less effective in some cases), it does not mean that it is still not a top tool of choice among cybercriminals," RSA said.
American credit unions were the focus of 10% of attacks on financial institutions in both October and November, RSA said.
Nationwide banks account for about 70% of the attacks, regional banks the rest. And while international agents get the blame for many attacks on U.S. financial institutions, RSA noted that about 64% were hosted in the United States.