CybersecurityPrecipitous -- and inexplicable -- drop in phishing e-mails

Published 27 August 2009

A new report from IBM shows a big drop in the volume of “phishing” e-mails, in which fraud artists send what looks like a legitimate message from a bank or some other company

The number of phishing e-mails has precipitously dropped since this time last year, reports AP.

A report being released Wednesday by IBM Corp. shows a big drop in the volume of “phishing” e-mails, in which fraud artists send what looks like a legitimate message from a bank or some other company. If the recipients click on a link in a phishing e-mail, they land on a rogue Web site that captures their passwords, account numbers or any other information they might enter.

IBM’s midyear security report found that phishing accounted for just 0.1 percent of all spam in the first six months of this year. In the same period in 2008, phishing made up 0.2 percent to 0.8 percent of all spam.

What is interesting about the drop is how inexplicable it is. Kris Lamb, director of the X-Force research team in IBM’s Internet Security Systems division, theorized to the AP that the dramatic drop maybe due to better security technologies or simply that cybercriminals have moved on to new tactics, such as malicious software.

Regardless, he said the phishing threat has not been vanquished, while Dean Turner, director of Symantec Corp.’s global intelligence network, says to be careful: phishing attacks tend to spike as the holiday season approaches.

According to IBM’s report, the types of business e-mails that phishing attacks mimic have changed. Last year, 90 percent of all phishing e-mails mimicked banks. This year, banks made up 66 percent of the fraudulent e-mails while security experts are seeing more e-mails dressed up to look like online payment services, like PayPal.

Ninety-nine percent of all phishing e-mails target North Americans and Europeans. North Americans, however, seem to be the primary target of two-thirds of all phishing emails, a fact that the report suggests phishers believe “that North America is rebounding from the financial crisis faster than Europe, and so they are refocusing their sights on North American banks.”

Over half of all phishing e-mails are sent from Russia.

The advice to protect yourself against phishing e-mails remains the same: log on to your sensitive sites, such as banking, directly. Never follow e-mail links.