Phishing first emerged in 1996, but despite being around for so long, these attacks remain a security risk today.
According to Limor Kessem, technical lead of FraudAction Knowledge Delivery for RSA, the security division of EMC, there was a 26% increase in phishing incidents from Q2 to Q3 of this year.
Although it appeared that the phishing trend was declining, this data shows otherwise, noted Kessem, adding that these criminals continue to go after financial institutions and consumer credentials.
Phishing is a relatively easy endeavour for criminals, she said. "It preys on human emotion. It wants to get to people when they are not thinking. It is successful when the criminals catch you off guard," Kessem said. In the second half of 2013, attack uptimes increased, which means it took longer for security professionals to take down these phishing scams, she said.
Kessem attributed this rise to the fact that phishers are getting smarter and are moving to countries where there is no established cyber legislation, which makes removing the threat more complicated. If they were to host their sinister activities in a country like the US, which has comprehensive cyber crime legislation, the attacks would be found and removed fairly quickly, she pointed out.
Further, phishers are increasingly using well-established and popular sites to host their criminal activities, according to Kessem.
In the first half of the year, $483 million in losses were experienced as a result of phishing attacks, she added, with countries like the US, Germany and the UK the most targeted. SA made up only 3% of these phishing losses.
Data shows that organised groups continue to dominate the phishing landscape, with hacktivists and lone actors also cited as perpetrators of phishing attacks, she outlined, adding that banks continue to be the most vulnerable.
Increasingly, phishers are tapping into social media data in their attacks, Kessem pointed out. "They are looking for payment information and personal information. These networks open people up to vulnerability because people give out more personal information on these accounts than they would be willing to do on other platforms."
Share