RSA finds phishing led to $658m in worldwide loses

Powered by SC Magazine
 

Tried-and-true phishing scams continue to win a psychological game with victims.

Security firm RSA released phishing attack numbers for the first half of the year that show a 19 percent increase in global incidents over the last half of 2011.

Through the end of June, the monthly average for attacks was 32,581, amounting to more than $US687 million ($A658 million) in worldwide losses.

In a blog post, RSA researchers said phishing remained one of the top threats on the internet because of the persuasive tactics that attackers employ.

“At the core of this seemingly simple threat lies a powerful force – human emotion,” the post said. “Although phishing is a 21st century crime, manipulation, deceit and persuasion are not.”

While the top five countries attacked monthly were the suspected players – the United States, Britain, Canada, Brazil and South Africa – what stood out was the 400 percent increase in phishing attacks in Canada during the first half of this year.

While RSA ascribed the sharp increase to attackers finding the Canadian market more lucrative – the country's exchange rate gap is slowly closing in on the U.S. dollar – Daniel Cohen, head of business development for online threats managed services at RSA, explored other factors.

“I think the issue with Canada is that it generally has been less cyber threat aware, both at the consumer level, as well as at the business level,” he said Thursday in an email to SCMagazine.com. “With the global increase in phishing attacks, Canada became both a target, as well as a host for phishing attacks.”

Canada also hasn't been as proactive as the United States in making cyber crime-related arrests, Cohen said.

As well, the prevalence of social media-related phishing scams is picking up, Dave Jevans, founder and chief technology officer of internet security firm IronKey and chairman of the Anti-Phishing Working Group, told SC on Thursday.

“Credit card or bank information is important,” Jevans said of scammers, “but getting their Facebook or Gmail information is the key to the kingdom.”

If an email account is hosted by Gmail, and someone can phish those credentials, they can probably reset passwords for other accounts, he said, comparing tech reporter Matt Honan's recent hacking incident as emblematic of what's been happening to victims of phishing in recent years.

Roel Schouwenberg, senior researcher at Kaspersky Lab, told SC that social media-related attacks lead to the occurrence of more financially threatening ones.

“There is the issue of people using the same login credentials for many different sites," he said. "We definitely see that when hackers get the credentials from a [social] networking site, they will often try to hit all types of financial sites as well."

The Anti-Phishing Working Group recently lowered the industry's attack-duration median – the number of hours a phishing attack is online before it is taken down – to 11.72 hours per incident, down from 15.3 hours. The decline shows that organisations have become better at detecting and stopping brand abuse.

Had that median rate not fallen, worldwide phishing losses for the last half of 2011 could have reached nearly $900 million, ($A862 million) according to RSA.

Joseph Steinberg, CEO of Green Armor Solutions, which helps enterprise customers identify phony websites, said that until the security industry begins looking into the psychological aspect of phishing, attackers will continue to take advantage of the simple, yet effective practice.

“We have argued for years that the reason that phishing is a problem is because it is a psychological problem,” Steinberg said. “You need something that the average person with no technological sophistication can identify, which alerts them that something has gone wrong."

According to an analysis performed by Kaspersky Lab, some phishing tactics may include embedding malicious scripts on pages found on legitimate websites, like Amazon or Wikipedia, as a way of hawking spammers' goods.

Users can protect themselves from email threats by contacting companies directly if they doubt the authenticity of an email or website, Kaspersky Lab advised.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


RSA finds phishing led to $658m in worldwide loses
Tags
 
 
 
Top Stories
Frugality as a service: the Amazon story
Behind the scenes, Amazon Web Services is one lean machine.
 
Negotiating with the cloud email megavendors
[Blog post] Lessons from Woolworths’ mammoth migration.
 
Qld govt to move up to 149k staff onto Office 365
Australia's largest deployment, outside of the universities.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...

Latest VideosSee all videos »

The great data centre opportunity on Australia's doorstep
The great data centre opportunity on Australia's doorstep
Scott Noteboom, CEO of LitBit speaking at The Australian Data Centre Strategy Summit 2014 in the Gold Coast, Queensland, Australia. http://bit.ly/1qpxVfV Scott Noteboom is a data centre engineer who led builds for Apple and Yahoo in the earliest days of the cloud, and who now eyes Asia as the next big opportunity. Read more: http://www.itnews.com.au/News/372482,how-do-we-serve-three-billion-new-internet-users.aspx#ixzz2yNLmMG5C
Interview: Karl Maftoum, CIO, ACMA
Interview: Karl Maftoum, CIO, ACMA
To COTS or not to COTS? iTnews asks Karl Maftoum, CIO of the ACMA, at the CIO Strategy Summit.
Susan Sly: What is the Role of the CIO?
Susan Sly: What is the Role of the CIO?
AEMO chief information officer Susan Sly calls for more collaboration among Australia's technology leaders at the CIO Strategy Summit.
Meet the 2014 Finance CIO of the Year
Meet the 2014 Finance CIO of the Year
Credit Union Australia's David Gee awarded Finance CIO of the Year at the iTnews Benchmark Awards.
Meet the 2014 Retail CIO of the Year
Meet the 2014 Retail CIO of the Year
Damon Rees named Retail CIO of the Year at the iTnews Benchmark Awards for his work at Woolworths.
Robyn Elliott named the 2014 Utilities CIO of the Year
Robyn Elliott named the 2014 Utilities CIO of the Year
Acting Foxtel CIO David Marks accepts an iTnews Benchmark Award on behalf of Robyn Elliott.
Meet the 2014 Industrial CIO of the Year
Meet the 2014 Industrial CIO of the Year
Sanjay Mehta named Industrial CIO of the Year at the iTnews Benchmark Awards for his work at ConocoPhillips.
Meet the 2014 Healthcare CIO of the Year
Meet the 2014 Healthcare CIO of the Year
Greg Wells named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at NSW Health.
Meet the 2014 Education CIO of the Year
Meet the 2014 Education CIO of the Year
William Confalonieri named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at Deakin University.
Meet the 2014 Government CIO of the Year
Meet the 2014 Government CIO of the Year
David Johnson named Government CIO of the Year at the iTnews Benchmark Awards for his work at the Queensland Police Service.
Q and A: Coalition Broadband Policy
Q and A: Coalition Broadband Policy
Malcolm Turnbull and Tony Abbott discuss the Coalition's broadband policy with the press.
AFP scalps hacker 'leader' inside Australia's IT ranks.
AFP scalps hacker 'leader' inside Australia's IT ranks.
The Australian Federal Police have arrested a Sydney-based IT security professional for hacking a government website.
NBN Petition Delivered To Turnbull's Office
NBN Petition Delivered To Turnbull's Office
UTS CIO: IT teams of the future
UTS CIO: IT teams of the future
UTS CIO Chrissy Burns talks data.
New UTS Building: the IT within
New UTS Building: the IT within
The IT behind tomorrow's universities.
iTnews' NBN Panel
iTnews' NBN Panel
Is your enterprise NBN-ready?
Introducing iTnews Labs
Introducing iTnews Labs
See a timelapse of the iTnews labs being unboxed, set up and switched on! iTnews will produce independent testing of the latest enterprise software to hit the market after installing a purpose-built test lab in Sydney. Watch the installation of two DL380p servers, two HP StoreVirtual 4330 storage arrays and two HP ProCurve 2920 switches.
The True Cost of BYOD
The True Cost of BYOD
iTnews' Brett Winterford gives attendees of the first 'Touch Tomorrow' event in Brisbane a brief look at his research into enterprise mobility. What are the use cases and how can they be quantified? What price should you expect to pay for securing mobile access to corporate applications? What's coming around the corner?
Ghost clouds
Ghost clouds
ACMA chair Chris Chapman says there is uncertainty over whether certain classes of cloud service providers are caught by regulations.
Was the Snowden leak inevitable?
Was the Snowden leak inevitable?
Privacy experts David Vaile (UNSW Cyberspace Law and Policy Centre) and Craig Scroggie (CEO, NextDC) claim they were not surprised by the Snowden leaks about the NSA's PRISM program.
Latest Comments
Polls
Which bank is most likely to suffer an RBS-style meltdown?





   |   View results
ANZ
  20%
 
Bankwest
  9%
 
CommBank
  11%
 
National Australia Bank
  17%
 
Suncorp
  24%
 
Westpac
  19%
TOTAL VOTES: 1498

Vote