Phishing soars as fraud-as-a-service grows

The number of global phishing attacks grew by a whopping 66 per cent last year compared to 2007, equating to 135,426 separate incidents, according to new research from RSA Security.

The firm's annual Anti-Fraud Command Center Phishing Trends Report (PDF) found that the UK led the way with 40 per cent of attacks as a result of several concerted campaigns against a small number of UK financial institutions during 2008. The US came second with 37 per cent.

Andrew Moloney, RSA's European marketing leader, said that the past year had seen a steady rise in the phenomenon of fraud-as-a-business - the illegal buying and selling of services and malware that puts online criminality within the reach of anyone.

Moloney added that the financial crisis is putting firms under increasing pressure to do more with fewer security resources, placing them potentially at greater risk.

"Trying to do what they did before, but with 20 per cent fewer staff, would increase the risk in its own right," he said.

"Firms need to think about automating their security processes where possible, making sure they have the right staff who understand and prioritise [threats] based on risk, and integrating security processes into the mainstream business processes."

Moloney also argued that companies need to install more holistic, intelligent solutions to cut out cross-channel fraud, as instances of phishers mining customer details in one channel, and using them to access accounts in another, continue to rise.

"The reality is that most businesses have historically operated in silos, and information security has grown up with point solutions to specific threats," he said.