Tumbleweed Communications Corp. and the Anti-Phishing Working Group last week released the Phishing Attack Trends Report for June 2004, an analysis of phishing scam attacks submitted to http://www.antiphishing.org, the Internet's most comprehensive archive of email fraud and phishing attacks.
Analysis of over 1,400 attacks reported in June shows that 92% of all attacks use forged from addresses. This trend continues to underscore the utility of e-mail sender authentication technologies as a critical step toward reducing the effectiveness of phishing campaigns by preventing fraudulent emails from reaching inboxes.
Phishing attacks use spoofed e-mails and fraudulent websites to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, social security numbers, etc. By hijacking the trusted brands of well-known banks, online retailers, ISPs and credit card companies, phishers are able to convince up to 5% of recipients to respond to them. The result of these scams is that consumers suffer credit card fraud, identity theft, and financial loss.
In June, there were 1422 new, unique phishing attacks reported to the Anti-Phishing Working Group. This was a 19% increase over the number of attacks reported in May (1197). The average number of phishing attacks per day in June was 47.4 (up significantly from the 38.6 per day for May). Analyzing this information on a weekly basis shows every week in June averaged over 300 attacks, with the last 4 days of June on track to continue this trend. Highlights of the Anti-Phishing Working Group's June report include:
- Number of unique phishing attacks reported in June: 1422
- Average monthly growth rate in phishing attacks through June: 52%
- Organization most targeted by phishing attacks in June: Citibank (492)
- Percentage of phishing attacks using spoofed email addresses: 92%
- Country hosting the most phishing Web sites in June: USA (27%)
- Average lifespan of a phishing site in June: 2.25 days
- Percentage of phishing Web sites hosted on hacked web servers: 25%
- Percentage of phishing Web sites configured to allow criminals to remotely download captured personal data: 94%
With phishing attacks increasing in volume and complexity and serving as a conduit for illegal activity, the FTC recently endorsed email authentication as a vital part of Internet communication by reporting to Congress that this technology was the best way for enterprises to address spam, phishing and virus defense. As a leader in authentication and a major government supplier of authentication technology, Tumbleweed is uniquely positioned to address this trend.
As email spoofing, spam and phishing attacks continue to increase at a rate of more than 50% and threaten businesses, partners and customers alike, enterprises must turn to authentication-based technologies to address this problem, said Jeff Smith, Chairman and CEO of Tumbleweed Communications Corp. Email sender authentication technologies enable businesses to send secure trusted outbound email to customers and verify inbound email from business partners -- preventing fraudulent emails from reaching inboxes and providing enterprises with a reduction in email fraud and phishing attacks on their brands.