Phishing more common than viruses and trojans

New data released by MessageLabs shows that January 2007 was the month in which phishing attacks finally overtook virus attack in terms of overall numbers. Levels of spam have also continued to grow and in January 2007 stood at 84.5% according to MessageLabs figures. The number of emails containing some sort of phishing attack has now reached 1.07%, while Trojans and viruses infected some 0.83% of all email traffic.

MessageLabs believes that the emergence of phishing as the Number 1 threat in the Internet comes down to virus attacks becoming more targeted, rather than the generalized outbreaks of old. Additionally, phishing has become an increasingly lucrative crime and one that keeps in step with new security measures. For instance, the rollout of new two-factor authentication systems has lead to the emergence of so-called “man-in-the-middle” attacks. This is where a cybercriminal sets himself up as a relay between the client machine and the online bank, virtually hijacking an ongoing online banking session by using original security data input from the victim.

Research by the APWG also highlights the growing scope of phishing attacks. The latest available figures are for November 2006 and show a continuation of striking growth in the number of new phishing sites that started in October 2006. Whereas previously the number of phishing sites at most reached 20,000, in October and November this figure jumped to over 37,000. A report from IBM ISS on security threats in 2006 also shows that while a lot of phishing emails originate outside the US, the majority of phishing sites are hosted there. The biggest phishing spam sender is South Korea with 16.33% of the total, while Spain was the source of 14.71% of phishing mail. In terms of hosting the US tops the list with 55.78% of sites, and the vast majority (71.37%) of phishing targets are also based in the United States.