Phishing Drops in August but Chinese Threat Remains

Phishing attacks fell by nearly a quarter from July to August with the US still by far the most targeted country worldwide, according to the latest stats from EMC security divisions RSA.

The RSA Monthly Fraud Report for September 2014 revealed 33,145 phishing attacks in August, which equates to estimated losses of $282 million.

The United States retained its top spot as most targeted country in the world, accounting for 61% of phishing attacks. Next came the Netherlands (6%), China (6%) and the UK (4%).

However, in terms of attacked brands it was the US (26%) and UK (11%) which were the two biggest hit countries.

Despite the drop in attacks overall, phishing campaigns against US banks increased from 59% to 72% while phishing against credit unions rose from 5 to 12%, RSA said.

The US was not only the biggest target of phishing attacks but also remained the top hoster of these campaigns, accounting for 35% of attacks. Interestingly given its size, Hong Kong came in second with 13%, while Italy doubled its tally from 3 to 6%.

The findings don’t chime completely with an Anti Phishing Working Group (APWG) report from last week which claimed that attacks rose overall from 72,758 in 1H 2013, to 123,741 in the first six months of this year.

This is the most seen since the second half of 2009, according to the APWG.

The number of phishing domain names also increased over the period from 53,685 to 87,901. Smaller increases were recorded from the second half of 2013.

That 87,901 figure was driven by malicious domain registrations by Chinese phishers, targeting services and sites in their own country, the report added.

Despite constant warnings about the dangers of phishing attacks, awareness remains worryingly low.

A McAfee report released earlier this month claimed that of 18,000 global business users tested on their ability to detect online scams, just 7% could identify the real thing.

In the UK, 79% of the 1,755 participants failed to spot at least one of the phishing emails they were tested on.

What’s Hot on Infosecurity Magazine?