Criminals use legitimate infrastructure – servers and software – owned by reputable institutions to conduct successful phishing campaigns against banks, a technique known as infrastructure hijacking, Agari said in a release.
"Using compromised, legitimate servers allows the criminals to bypass a battalion of email security defenses and deliver phish to the inbox. In fact, of the top 300 successful phishing attacks to US banks, all used compromised servers from legitimate companies”, Agari noted.
Surprisingly, the greatest phishing threats to US banks originate from US servers, which were responsible for distributing the majority of top phishing threats to US institutions. Of all phishing threats to US banks, 39.2% originated from the US, nearly four times higher than number two-ranked Germany.
Agari found that system administrators aid phishing attacks by deploying unprotected infrastructure. Systems administrators could have prevented one-quarter of successful phishing attacks against banks by patching known vulnerabilities, the company judged.
In addition, Agari found that botnets no longer pose a significant phishing threat, with only 0.5% of successful bank phishing attacks sent by botnets.
“It is critical to understand why and how phishing succeeds, yet the majority of phishing research analyzes all phish, both successful and unsuccessful phish, which creates tremendous data distortion. Agari’s research is unique in examining only successful phishing attacks”, said Patrick Peterson, Agari’s chief executive officer.