Phishing is a criminal mechanism employing both social engineering and technical subterfuge to steal consumers’ personal identity data and financial account credentials carried out by email spooling or instant messaging threats. The way it works is that you enter details at fake websites, that look and feel almost identical to the legitimate one, then they capture your logins and passwords that will permit the thiefs access your bank accounts. A technical subterfuge is to plant a “crimeware” (malicious program) directly into your computer, corrupting the navigational infrastructure allowing the online interception of data, the most common are called “troyans”.
These frauds exploit the poor usability of web security technologies and phishing-prevention technologies (browsers and email blocking). According to APWG Phishing Activity Report of the 2nd Half of 2010, the most targeted industry was the Financial Services (55 percent) fallowed by Payment Services with the 25 percent, that´s more than 80 percent related to the buy and pay online businesses. Looking principal companies, Paypal was targeted nine times more frequently than the next one, Facebook (Open DNS 2010 Report).
During 2010, the United Stated represented more than 84 percent of all the malicious hosting code in the form of phishing key loggers or Trojan downloaders (APWG).
If we look at the phishing by hosting location (where the attacks come from), in the Q2 of 2011 phishing attacks tend to be hosted in North America (58 percent) and Western Europe (17 percent), being the United States the first one with 52 percent of all the countries.
By the other hand, North America was the most phishing by target brand location (where the attacks occur) with the 61 percent, followed by Western Europe with the 22 percent; again the United States is in the first place with 58%.
When we look at this numbers, the most important activity of phishing occurs in the develop countries, that wouldn´t be surprising, they concentrate the biggest amount of online money transactions. But it supposed that these countries are the most evolved ones, more technological, with big companies and strong governments, but still have these fraud problems?
The question is what is going to happen with the developing countries when they reach more incomes?
I think that besides the improvement of technology, one of the most important strategies to prevent is educating the customers. What do you think?
APWG, Phishing Activity Trends Report, 2nd Half 2010. Retrieved September 13, 2011 from http://www.antiphishing.org
Open DNS, Web Content Filtering and Phishing, 2010 Report. Retrieved September 13, 2011 from http://www.opendns.com
Mark Monitor Inc., Fraud Intelligence Report, 2nd Quarter 2011. Retrieved September 13, 2011 from https://www.markmonitor.com
Trend Micro. Crimeware Definition. Retrieved September 13, 2011 from http://apac.trendmicro.com