A surge of phishing attacks during last year’s holiday shopping season made retail the second-most attacked industry in the second half of 2011, with financial services still receiving the most attacks, the industry trade organization Anti-Phishing Working Group reports.
“As expected, during the second half of 2011, phishing attack campaigns continued to increase as we approached the holiday season,” says APWG analyst Ihab Shrain, who is also vice president, anti-fraud operations and engineering, at Internet security firm MarkMonitor Inc.
The 144,114 phishing attacks in last year’s second half were up 1.9% from 141,470 in the second half of 2010, but the pace quickened sharply in 2011’s fourth quarter, rising 15.7% to 78,270 attacks from 67,656 attacks in the year-earlier period. In December, the number of attacks surged 56.9%, to 32,979, up from 21,020 in December of 2010. Phishing attacks are e-mail campaigns that often use spoofed brand names in an effort to trick consumers to click to a fraudulent web site and insert confidential information such as payment card account numbers and passwords.
Not surprisingly, the Q4 surge in phishing attacks last year helped to push the retail industry into the position as the second-most targeted industry for the second half of 2011, the APWG says. The retail industry was targeted in 20.5% of attacks in the second half, putting it ahead of payment services, at 17.8%, but leaving it behind financial services, 42.4%.
The other industry sectors listed by the APWG with their share of attacks in the second half of 2011 are Auctions, 4.1%; Online Gaming, 3.7%; Social Networking, 3.3%; ISPs, 2.1%; Government, 1.2%; Classifieds, 1.1%; and Other, 3.8%.
The report also notes that the number of unique phishing web sites detected by APWG was at 32,979 in December 2011, up 26.2% from 26,124 a year earlier. It also notes that the number of legitimate brands used in phishing attacks in December 2011 was 362, up 29.7% from 279 in December 2010.