Symantec Global internet Security threat report
this section will address the following metrics:
phishing activity by sector
Countries hosting phishing UrLs and top targeted sectors
Automated phishing toolkits
Underground economy servers—goods and services available for sale
Spam by category
Countries of spam origin
Spam delivered by botnets
phishing, underground economy servers, and spam—protection and mitigation
Phishing activity by sector
this section will explore phishing activity in two ways. First, it will analyze the unique brands being spoofed in phishing attacks according to the sector to which they belong. Second, it will explore the sectors whose brands were most frequently spoofed by phishing UrLs. these considerations are important for an enterprise because the use of its brand(s) in phishing activity can significantly undermine consumer confidence in its reputation.
phishing UrLs are usually delivered by spam email (in which case it is known as phishing email) and multiple UrLs can lead to the same phishing website. A phishing website is a site that is designed to mimic the legitimate website of the organization whose brand is being spoofed. in many cases, it is set up by the attacker to capture authentication information or other personal identification information from victims; any information gathered is then typically used in identity theft or other fraudulent activity.
the motive behind most—if not all—phishing is for financial gain. phishers typically exploit brands associated with the financial sector because data garnered from phished financial websites is likely to yield online banking account and login details. One element that greatly facilitates the success of phishing attempts is the increased use of the internet for financial transactions. For instance, in the United Kingdom and France, more than 50 percent of internet users perform online banking, while in Canada the number rises to 60 percent. in the United States, eight out of 10 online households now bank online. it is not surprising then that, given its gainful capability, the majority of phishing activity targets brands in the financial sector. the prosperous nature of these phished credentials is borne out by the fact that credit card details and banking credentials remained the most frequently advertised items on underground economy servers observed by Symantec in 2009.
the majority of brands used in phishing attacks in 2009 were from the financial services sector, accounting for 74 percent of the total (table 19). this was a decrease of 5 percentage points from the 79 percent reported in 2008, but is still 65 percentage points above the second-ranked sector during this reporting period. the number of uniquely phished brands also decreased by 13 percent in 2009. this may be a reflection of the turbulence in the global banking sector in 2009 that saw a number of changes in the ownership and solvency of a number of significant institutions.179 the decline in the number of banks resulted in there being fewer appealing brands to phish. Another possibility could be that phishers are refocusing their efforts more on larger, more profitable banks, which is indicated by the most phished brands (discussed in “Countries hosting phishing websites and top targeted sectors”).