Banks bearing the brunt of phishing scams

A new Anti-Phishing Working Group report says criminals still mainly target financial services Web sites for their frauds.

Financial services companies remain the most frequent targets of online phishing schemes, according to the latest figures released by an organization working to fight the scams.

The Anti-Phishing Working Group, a consortium of businesses and law enforcement officials, said Thursday that 85 percent of all reported phishing attacks during the month of December directly focused on banks and similar companies.

Phishing schemes typically consist of e-mail messages that appear to come from trusted companies which attempt to lure people to bogus Web sites where they're asked to divulge sensitive personal information. Once armed with that data, criminals will often attempt to use it to commit identity fraud.

Overall, the group said that there were 9,019 new, unique phishing campaigns reported over the course of December, representing a 6 percent increase over November's total. Since July 2004, when there were only 2,625 reported attacks, the volume of new schemes has grown by approximately 38 percent.

APWG said that the number of Web sites supporting the scams has grown at an even faster rate. In December, there were 1,707 phishing-related sites reported--a jump of 10 percent over November, when the group tracked 1,546 such fraudulent URLs. The tally has increased by roughly 24 percent per month since August 2004.

The APWG report also found that the number of individual companies targeted by the schemes is growing. There were 55 brands specifically mentioned in phishing campaigns last month--up from 51 companies in November, and 44 in October 2004.

Executives at APWG said the predominance of financial services phishing scams during the month of December bucked the widely held notion that retail sites would come under intense attack as unsuspecting consumers logged on to do their holiday season shopping.

"The concurrent proliferation of targeted brands and concentration of phishing focus on financial institutions is, of course, disturbing," APWG Chairman David Jevans said in a statement. "No brand is really safe, but it is interesting to note that the concentration on phishing attacks against financial institutions actually increased to a new high during a time when many were concerned that opportunistic phishers would spoof retail sites."

In a recent interview with CNET News.com, Mike Cunningham, senior vice president of fraud management at Chase Card Services, a division of financial services giant JPMorgan Chase, said that despite the proliferation of phishing schemes aimed at companies in his industry, consumers have yet to grow reluctant to conduct their business online.

"I don't believe customers are avoiding the online channel because of (phishing), I think they're becoming more wary and figuring out what sort of things banks will or will not send you via e-mail," Cunningham said. "We haven't seen any decline in use of online channels and, in fact, that business continues to grow."

However, industry watchers following the growth of the phishing phenomenon have predicted that that the explosion of financial services-oriented scams could have a long-term effect on that industry and encourage customers not to communicate with their providers via the Web.

"At one point we thought these attacks were rare, but now they are so common in financial institutions that we see huge amounts of them and have to continually warn people to be wary," said Susan Larson, vice president of global content for SurfControl, a company that markets e-mail filtering software. "There's a growing perception that you have to be careful of anything coming from financial institutions, or companies like PayPal, and that can't be good for business in the long run."

Featured Video