Symantec: Phishing activity up in July

Phishing levels rose 52 percent while spam as a percentage of all e-mail stayed about the same compared with the previous month, according to reports out from Symantec.

Lance Whitney
Lance Whitney Contributing Writer
Lance Whitney is a freelance technology writer and trainer and a former IT professional. He's written for Time, CNET, PCMag, and several other publications. He's the author of two tech books--one on Windows and another on LinkedIn.
3 min read

Phishing attacks rose 52 percent in July while spam as a percentage of all e-mail stayed about the same compared with the previous month, according to the latest reports from Symantec that tracked spam and phishing activity for the month.

The State of Spam (PDF) and State of Phishing (PDF) reports were released Thursday.

With some fluctuations, spam averaged around 89 percent of all e-mail in July, noted Symantec. That compares with about 90 percent for the month of June. There are distinct trends in certain types of junk mail. Image spam, which sneaks past filters by embedding spam in an image, accounted for 17 percent of all spam at one point in July. Health-related spam declined 17 percent, while 419 spam (often better known as Nigerian hoax spam) rose 3 percent.

Spam as a percentage of all e-mail
Spam as a percentage of all email Symantec

Spammers continued to tap into people and events in the news to spread their junk, noted Symantec. Popular subject lines for spam in July included references to Michael Jackson's death ("Who killed Michael Jackson" and "Jackson is still alive: Proof") and to President Obama and health care ("Obama isn't helping; Let us give you cheap pills.")

With the release of the latest Harry Potter flick, Potter-related subject lines were hot among spammers. Symantec pointed to one health-related spam that talked about a Harry Potter e-book but included a URL to an online pharmacy.

Desperate to get past junk mail filters, spammers are often using seemingly innocuous subject lines typically found in a legitimate message, such as "Hi," or "Aloha," or "You have a new message."

Popular subject lines for spammers
Popular subject lines for spammers Symantec

Nigerian hoax, or 419, spam is as popular as ever, found Symantec. Symantec found that these spammers are now using Voice over Internet Protocol (VoIP) to create phony accounts on sites that offer VoIP services. They then send "friend" invitations to their victims hoping to lure them in with the promise of vast riches.

Among countries where spam originates, the U.S. is still top dog, accounting for 25 percent of global spam. Brazil, South Korea, and Turkey were also popular regions for spam production.

Countries where spam originates
Countries where spam originates Symantec

A spam report from McAfee released on July 29 found similar results to the Symantec report.

For July, around 63 percent of phishing URLs were created using phishing toolkits, a jump of 150 percent over June, said Symantec. These software toolkits automate the process of setting up a fake Web site so that even a novice criminal can pull off effective phishing attacks.

How are phishing sites created?
How are phony phishing sites created? Symantec

More phishers are also abusing legitimate SSL (Secure Sockets Layer) certificates on their phony sites, noted Symantec. Since the site displays the familiar SSL padlock icon, it provides the user with a false sense of security.

Free Web hosts have been an easy base of operations for phishers since they cost nothing and require little in technical skills to build a site. A total of 130 different Web-hosting companies served 2,402 phishing sites in July, reported Symantec. However, that level is down 14 percent month to month, due to more preventive measures on the part of Web hosts and the rise in the popularity of toolkits.

Among countries hosting phishing sites, again the U.S. took the lead with 29 percent of all phishing sites worldwide. China came in No. 2 with 9 percent.