E-mail "phishing" fraud attacks – e-mail spam that spoof the e-mail addresses and brands of legitimate businesses in efforts to steal credit card account numbers and passwords – rose to 60 million attacks during the three weeks leading up to Christmas, up from about 12 million in the prior three-week period, says a study conducted by the Anti-Phishing Working Group and Tumbleweed Communications Corp.
"Consumer phishing attacks are dangerous, and are quickly increasing both in number and in sophistication," said Dave Jevans, chairman of the Anti-Phishing Working Group and a senior vice president at Tumbleweed. "To most Internet users, the e-mails and web sites are indistinguishable from legitimate business communications. The spam epidemic has rapidly evolved from a nuisance to a real security threat with the shift from dubious advertising to financial crime and identity theft."
The businesses hit hardest by phishing spam include the PayPal online payment system and Visa, says a spokesman for study’s sponsors. Among consumers, the most highly targeted by phishing spam were customers of eBay, which owns PayPal and provides it as a common payment system for eBay buyers, the spokesman says.
An average of 5% of consumers respond to phishing e-mail, resulting in identify theft and subsequent fraudulent payment transactions, the spokesman adds. One new attack exploits a vulnerability in web browsers that lets spammers disguise a fraudulent web address to make it appear like a known brand, the Anti-Phishing Working Group says.