Symantec Global internet Security threat report
Table 19. Unique brands phished, by sector Source: Symantec
Analysis of the data for phishing websites in 2009 indicates that the financial services sector also accounted for 78 percent of that total, which was slightly higher than 2008, when the volume of phishing websites for financial services was 76 percent (figure 13). Although this may not seem to be a significant percentage change, the number of phishing UrLs targeting the financial services sector in 2009 increased by 35 percent. As previously mentioned, the number of brands targeted by phishing attacks in 2009 decreased by 13 percent when compared to 2008. An increase in the number of phishing UrLs targeting fewer brands may indicate that phishers narrowed the focus of their phishing attacks during 2009. this becomes evident when the top phished brands in 2009 are compared with the same brands phished in 2008. in 2009, the top two brands phished belonged to the largest U.S.-based multinational banks. in 2008, these brands ranked 17th and seventh in 2008, respectively. there was nearly a sevenfold increase in phishing UrLs that targeted the top-phished brand in 2009 over the previous reporting period, while the second-ranked brand had almost a threefold increase. this indicates that phishers are narrowing their focus. rather than targeting a wider range of smaller financial institutions, they are specifically targeting the largest banks that are more likely to have a higher number of customers banking online.
One development that Symantec has observed from the increased sophistication of targeting phishing attacks is an increase in spear-phishing campaigns. Spear phishing is a targeted form of phishing in which the apparent source of the email is likely to be an individual within the recipients’ company and generally someone in a position of authority. Victims are much more likely to fall for a spearphishing attempt because of the level of familiarity with the sender and the contents of the message, given that the contents would have been specifically crafted for the recipients. Spear phishing is a growing concern as attackers turn their attention toward targeted attacks aimed at stealing an organization’s intellectual property. these attacks are likely to target senior officials of organizations who have access to significant amounts of their organization’s intellectual property because successful attacks are likely to garner greater financial yield for attackers. Symantec anticipates that this trend will increase through 2010.180
h t t p : / / w w w . s y m a n t e c . c o m / b u s i n e s s / r e s o u r c e s / a r t i c l e s / a r t i c l e . j s p ? a i d = 2 0 0 9 1 1 1 0 _ m u l t i _ c h a n n e l _ s e c u r i t y