Cyber fraudsters are increasingly conducting targeted phishing attacks against high-level executives in order to glean confidential information that can be used to gain illegal access to company bank accounts.
A new report released by the Anti-Phishing Working Group (APWG) shows that the number of corporate brands hijacked by phishing fraudsters hit record levels in November 2007, with financial services continuing to be by far the most targeted industry sector.
A massive 93.8% of all phishing spam attacks were aimed at banks in the month of November. The APWG also noted increases in the number of financial institutions being targeted in Europe and the Middle East.
However the stats show that the number of phishing campaigns fell during the month to 28,074, down from 31,650 recorded October. APWG says this fall was due in part to fraudsters increasing focus on targeted attacks against key corporate personnel "to secure credentials for theft against corporate assets".
Laura Mather, MD, operational policy, APWG, says executives of companies are receiving specially targeted e-mails that attempt to install malware to give the phisher access to the corporations' systems and gain access to the corporations' bank accounts.
Although there was a fall in the number of phishing campaigns in November, the AWPG says the overall number of corporate brands hijacked during the month exceeded all previous records, reaching some 178 financial institutions and government agencies.
The November analysis shows that the number of corporate and government identities being exploited by phishers was up 48% from October and up 2.23% over the previous high in April 2007.
Commenting on the figures, Peter Cassidy, secretary general, APWG, says: "The attack surface is becoming increasingly fragmented as phishing groups identify and exploit technical and social-engineering opportunities to organise scams against financial institutions."
Cassidy says the report "highlights the need to coordinate the collection of data related to electronic crime for forensic applications".
Also in November, China overtook the US as the leading host country for phishing sites. China hosted 24.21% of sites, with the US home to 23.85% and India 9.39%, says APWG.