Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Financial institutions battered by phishing attacks

Although only 0.47%t of each bank’s customers fall victim to phishing attacks on an annual basis, the high number of such phishing scams and the fact that 45% of targets divulge their personal credentials when redirected to a phishing site mean that such activity is still a worthwhile venture for perpetrators.

These are the findings of browser-based security software vendor Trusteer’s report called Measuring the Effectiveness of In-the-Wild Phishing Attacks, the statistics of which were gleaned from its Rapport anti-phishing browser plug-in.

The study found that each bank was subject to about 832 phishing attacks each year, but only one out of every 2.7 phishing URLs reached their intended targets. The rest were blocked using email-based phishing filters or anti-spam systems or the websites were taken down before they could cause any damage.

This meant that an average of 12.5 out of every million customers from any given bank visited a phishing website on receiving a phishing email every year and 4700 handed over their login information.

Trusteer analyzed phishing incidents from 10 large banks in the US and Europe over a three-month period and normalized its data per one million users.

In other news, Gary Warner, the director of research for computer forensics at the University of Alabama, has discovered a massive phishing campaign targeted at website administrators.

Customers using 90 of the most popular webhosts such as GoDaddy, Hostgator and Yahoo! are sent emails purporting to be from their hosting service and asking them to confirm their FTP details due to systems maintenance.

Those who agree to do so are redirected to a website formatted to look like a page from the website administration application, cPanel. Once a website address and FTP credentials have been entered, users are then redirected back to the web host’s login page.