2004: a great year for going phishing

Posted on by

2004: a great year for going phishing

Here’s what the year looked like to the folks at MessageLabs:

“London, 6 December 2004.  Phishing attacks or online identity theft has established itself as the principal threat of 2004, and may signal the beginning of a wave of email security attacks targeted specifically at individual or small groups of companies. This puts business firmly on the front line in the fight against online attacks, according to the annual MessageLabs Intelligence Email Security Report for 2004 released today.

In September 2003 the company intercepted 279 phishing emails (containing a URL to a fraudulent website), by September 2004 that figure had significantly risen to over two million. During the course of 2004, MessageLabs intercepted over 18 million phishing-related emails.

The perpetrators of phishing attacks have also developed new techniques in order to increase their chances of success. Recently, phishing emails have been designed to capture online banking details automatically when a user opens the email, rather than when the user clicks on the URL link. Phishers have also attempted to dupe unsuspecting users into becoming middlemen for money laundering operations, by offering employment opportunities with legitimate organisations.

Spam and virus ratios have also risen since the end of 2003. In 2004 the virus infection ratio was 1 in 16, in comparison to 2003 when it was 1 in 33. The most widespread outbreak of the year was W32/MyDoom.A, which occurred in January. In addition, the percentage of email identified as spam in 2004 is 73 percent whereas in 2003 it was 40 percent.

As well as the rise in phishing, virus and spam volumes, MessageLabs also witnessed tailored malicious activity ranging from Denial of Service (DoS) attacks targeted at blackmailing online gaming sites through to threats that send out child pornography in the name of a particular reputable organisation.

There is also evidence to suggest that Trojans and other malicious code have been developed during 2004 specifically to compromise particular organisations. MessageLabs expects this trend to continue.”