Internet Security Systems - AlertCon(TM)

Yes, Phishing is Back

Posted by Ralf Iffert and Holly Stewart on October 09, 2009 at 7:57 AM EDT.

Yes, phishers are back in full force.  Contrary to what we witnessed in the first half of this year, phishers came back with a vengeance in the third quarter.  In the last month of the midyear (June), we saw a tiny uptick in volume.  By August, however, the volume of phishing reached the volume seen in the most active months of 2008, and the volume seen in September completely surpassed the volume seen during any one month of 2008.  We weren't the only ones who noticed—several other research organizations have been talking about the change.  Now that the quarter is behind us, we can provide you with the following chart that shows the huge contrast in volume between the first half of this year and the third quarter:

The decline in financial phishing was the main factor behind the overall phishing decline in the first half of this year, so, does this increase mean it's back?  Well, yes, but there's more changes in the phishing target mix that deserve some attention.

The percentage of phishing emails that target financial institutions has remained fairly constant (about 63% in Q3 in comparison to 66% in H1).  Of course, since the overall volume of phishing has dramatically increased the absolute number of phishing emails we saw in Q3 significantly increased, about 13x in comparison to the first half of this year and nearly double what we saw on average in 2008.

Now, on to the more salient changes.  Online payment targets were the second most targeted category in the first half of this year, but in Q3, that is no longer the case.  Although the volume of online payment phishing emails doubled in comparison to the first half of this year, two other categories surpassed it and have taken second and third place: phishing emails targeting government institutions (predominantly a US tax-related website) and emails targeting online auctions:

Going back to financial phishing, if you break down geographical location of the targets of these emails, you'll see even more variations.  In the first quarter of this year, financial phishing targeting European banks spiked sharply, giving North American targets a brief breather.  Breathe easy no more, North Americans.  The phishers love you once again (those fickle amours)!  In Q3, nearly all of the financial phishing targets were in North America:

What logical conclusions can we draw from this data?  We can only guess that phishing has become profitable, again.  The strongest trend is that phishers are predominantly focusing on banking customers in the United States (US) and people with taxable US income. Could the phishers be taking advantage of the perceived recovery of the US from its financial crisis?  Perhaps.  Based on their activity, it certainly appears as if they consider the financial recovery in the US to be stronger than in the rest of the world.

Comments or opinions expressed on this Weblog are the opinions of the authors alone. They are not necessarily reviewed in advance by anyone but the individual authors, and neither IBM Internet Security Systems nor any other party necessarily agrees with them. The views expressed by outside contributors and links to outside websites do not represent the views of IBM Internet Security Systems, its management or employees. All content on this Weblog has been made available on an “as-is” basis, and IBM Internet Security Systems shall not be liable for any direct or indirect damages arising out of use of this Weblog.