Tumbleweed Communications Corp. and the Anti-Phishing Working Group released the “Phishing Attack Trends Report” for March 2004, an analysis of phishing scam attacks submitted to www.antiphishing.org, the Internet’s most comprehensive archive of email fraud and phishing attacks. This analysis identifies that email fraud and phishing attacks grew by more than 43% in March, with an average of 13 new, unique attacks sent out to millions of consumers each day.
Phishing attacks use ‘spoofed’ emails and fraudulent websites to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, social security numbers, etc. By hijacking the trusted brands of well-known banks, online retailers, ISPs and credit card companies, phishers are able to convince up to 5% of recipients to respond to them. The result of these scams is that consumers suffer credit card fraud, identity theft, and financial loss.
In March, there were 402 unique phishing attacks reported to the Anti-Phishing Working Group. This was a 43% increase over the number of attacks reported in February 2004, and represents a monthly growth rate of over 50% per month since December. While the average number of phishing attacks per day in March was 13, analyzing this information on a weekly basis shows an increasing trend with a peak of 14.9 attacks per day in the third week of March. Further, this marks the first time that we’ve seen more than 100 unique attacks in a week — occurring twice in March.
— The company most-targeted by phishing attacks in March was, once again, eBay with 110 unique attacks.
— The most-targeted industry sector was Financial Services with 256 unique attacks
— The Financial Services sector averaged 8.3 phishing attacks per company in March.
— In March, an alarming new phishing technique was identified that replaces a browser’s Web Address bar with a fake, disguising the fact that the user is on a fraudulent website
For more information and analysis, please download a copy of the “Phishing Attack Trends Report” for March 2004 free of charge at http://www.antiphishing.org/APWG_Phishing_Attack_Report-Mar2004.pdf.
“The growing number of phishing attacks and their increased sophistication has serious security implications for both consumers and companies doing business online,” said Dave Jevans, Chairman of the Anti-Phishing Working Group and a Senior Vice President at Tumbleweed Communications. “Consumers need to apply the same level of privacy and security about giving out their personal financial information on the Internet as they would in the real world. And banks, e-commerce companies, and ISPs need to help their customers identify valid communications more effectively, and avoid fraudulent offers. New anti-fraud toolbars being introduced by eBay and Earthlink are excellent first steps in this process, but much more needs to be done to raise the bar and make it harder for phishers to make money at these scams.”
About the Anti-Phishing Working Group
The Anti-Phishing Working Group (APWG) is focused on eliminating the problem of phishing and email spoofing attacks, by developing and sharing information about the problem, and promoting the visibility and adoption of industry solutions. Membership in the group is open to qualified financial institutions, corporations, law enforcement agencies, public policy groups and solution vendors.
The Web site of the Anti-Phishing Working Group is www.antiphishing.org. It serves as a public and industry resource for information about the problem of phishing and email fraud, including identification and promotion of pragmatic technical solutions that can provide immediate protection and benefits against phishing attacks. The analysis, forensics, and archival of phishing attacks to the Web site are currently powered by Tumbleweed Communications’ Message Protection Lab(TM).
About Tumbleweed Communications Corp.
Tumbleweed is a leading provider of secure Internet messaging software and appliances for enterprises and government agencies. By making Internet communications secure, reliable and automated, Tumbleweed’s anti-spam email firewall, secure file transfer, secure email, and identity validation solutions help customers significantly reduce the cost of doing business. Tumbleweed products are used to communicate with millions of end-users and tens of thousands of corporations. Tumbleweed has more than 600 enterprise customers, including ABN Amro, Bank of America Securities, Catholic Healthcare West, JP Morgan Chase & Co., The Regence Group (Blue Cross/Blue Shield), St. Luke’s Episcopal Healthcare System, the US Food and Drug Administration, and the US Navy and Marine Corps. Tumbleweed Communications was founded in 1993 and is headquartered in Redwood City, California. For additional information about Tumbleweed go to [www.tumbleweed.com] or call 650-216-2000.