Last month, an announcement from the Federal Bureau of Investigation warned against the rising incidences of targeted phishing attempts aimed at compromising intellectual property, personally identifying information, and login credentials for online banking services and social media.
The FBI’s warning indicated that spear-phishing emails are personalized for the recipient using accurate information fraudsters can obtain on social media, blogs, or through details they gained through previous intrusions. Many of these attempts target business people with access to processing systems, password databases, or other critical infrastructure. Phishing emails may come disguised as prompts to update credentials or software. Payments Journal urges readers to use caution.
Information Week has a write-up:
Internet users today are much more likely to encounter a phishing website than even just two years ago. According to Google’s Transparency Report, as of June 9 the search service detected 108,225 phishing sites, up from the 9,264 it detected on May 23, 2010.
Spear-phishing awareness campaigns notwithstanding, the attacks are notoriously difficult for businesses to block. Victims have included security firm RSA, the White House and numerous defense contractors.
As the quantity of attacks has increased, so has the list of targeted data. Historically, many phishing attacks launched for criminal purposes have focused on stealing financial details from consumers and businesses so that gangs could drain money from bank accounts. But today, just 20% of all phishing attacks were disguised to look like they’ve come from a legitimate financial services organization, according to Kaspersky Lab’s recently released report, “The Evolution of Phishing Attacks.”
Click here to read more from Information Week.