Phishing Attacks Number 33 Million Each Week

Phishing is one of the fastest-growing security threats on the Internet, according to the latest Internet Security Threat Report from security vendor Symantec (Nasdaq: SYMC), with the number of phishing incidents rising to 33 million per week.

"Attackers are launching increasingly sophisticated attacks in an effort to compromise the integrity of corporate and personal information," said Arthur Wong, vice president of Symantec Security Response and Managed Security Services.

Indeed, Symantec's report released this week reveals businesses suffered an average of 13.6 attacks per day overall in the second half of last year, up from 10.6 daily attacks in the first six months of the year. During that period there were 1,403 new vulnerabilities discovered, marking a 13 percent increase from the previous six months.

Malicious Phishers

Symantec reports malicious code designed to expose confidential information made up more than half of all code samples it picked up. Trojan horses made up a third of the top 50 malicious code.

But phishing, with a 366 percent increase over the six months ending Dec. 31 compared to the six months preceding, is among the fastest growing threats. Symantec expects that phishing will continue to be a very serious concern over the next year.

Phishing is the act of sending e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.

The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security and bank account numbers.

Serious Concerns

Symantec categorizes phishing as "serious" because attackers can gain access to confidential information without having to compromise individual servers.

Jupiter Research retail analyst Patti Freeman Evans told the E-Commerce Times that phishing is still a relatively small-scale threat today, but if online retailers don't take steps to stop it then it could become a huge problem for e-commerce.

"Offline retailers worked together to reduce fraud over the years and have cut it down to under 1 percent of all retail sales," Evans said. "Now online retailers have to work together to make sure phishing doesn't continue at this rapid growth rate."

Whether it's phishing, Trojan horses or just plain spam, analysts said consumer education is key.

"Fraud awareness is important," Evans said. "Consumers need to be aware of what to look for so they don't get taken advantage of. That will take an educational effort from big brands online and offline."

Emerging Trends

While much of the online world is focused on phishing, Symantec also has an eye on future and emerging trends. One of those trends is an increased use of bots and bot networks for financial gain. The security vendor reports that bots will likely increase, especially as the diverse means of acquiring new bots and developing bot networks become more prevalent.

Meanwhile, malicious code targeting mobile devices is expected to increase in number and severity. With many groups researching vulnerabilities in Bluetooth-enabled devices, the possibility of a worm or some other type of malicious code propagating by exploiting these vulnerabilities increases, according to Symantec.

Symantec also expects that client-side attacks using worms and viruses as propagation methods will become more common, and attacks hidden in embedded content in audio and video images are expected to increase. Symantec said in its report that this is worrisome because image files are ubiquitous, almost universally trusted, and an integral part of modern-day computing.

Finally, Symantec expects security risks associated with adware and spyware will likely increase. The company said impending legislation to curb these risks is not expected to be an effective or sufficient deterrent on its own.