Phishing Update: 'No Brand is Safe' -- Expert Advice on How Organizations Can Manage Phishing Risks

By Tom Field, July 23, 2012.

The number of phishing sites is at an all-time high. And so are the targeted brands. The message, says Peter Cassidy of the Anti-Phishing Working Group: "No brand is safe."

"It appears the bad guys have continued their campaign against a diversified set of brands," says Cassidy, secretary general of the APWG, which has just released its report on Q2 2012 globalphishing activity.

It used to be banking institutions were the primary targets of phishers. But that is no longer the case, Cassidy says. In Feb. and March this year, according to the new phishing report, 392 brands were targeted by phishers - an 8 percent increase over Dec. 2011.

RELATED CONTENT

• Case Study: Joining Fraud Detection and AML
• Settlement Reached in ACH Fraud Case
• BITS Ramps Up Work With Regulators
• Anti-Fraud Investments Go Beyond FFIEC
• Imagine This: NSA Supervising Bank IT

RELATED WHITEPAPERS

• Cyber Security Essentials for Banks and Financial Institutions
• Security Solutions Guide
• Staying Ahead of Cyberthreats: Recommendations for Financial Institutions
• Achieving Compliance in Digital Investigations
• Big Data and the Future of Security

"Now there seems to be no kind of company or enterprise that's safe from the scourge of phishing," he says. "The phishers are creative and looking for any kind of a relationship between a consumer and an enterprise, and they are trying to get between those parties, pretend to be the enterprise, and find a way to convince the customer that he needs to trust them - and then hand over some information that would be useful for their criminal enterprise."

Also, according to the report, the number of unique phishing sites detected in a single month hit an all-time high of 56,859 in February. And over the first three months of 2012, more than six million unique malware samples were identified.

A bit of good news: The average number of infected PCs globally stands at 35.51 percent, more than three percentage points lower than in 2011. Cassidy attributes this drop to awareness campaigns - "People are getting it," he says.

But awareness of phishing is not anywhere near stopping these crimes, Cassidy cautions.

"It's something that can't be done by awareness alone," he says. "It's like: I'm aware that bombs are falling around me, but that doesn't mean I can stop the war."

In an exclusive interview about the latest phishing trends, Cassidy discusses:

• Highlights of the APWG's new report;
• Where organizations are gaining/losing ground;
• How to improve employee/customer resistance to phishing.

Cassidy is the secretary general of the Anti-Phishing Working Group (APWG). He has cultivated the organization since 2004 into an internationally-recognized authority on electronic crime, with more than 3,200 members from more than 1,850 information technology companies, law enforcement agencies, government ministries, universities and research institutions worldwide.

He is a product development consultant, software designer, industrial analyst and widely- published writer, speaker and commentator on information security, white collar crime and electronic crime. Cassidy has been investigating the intersection of security technologies, electronic commerce, public policy and financial crime for decades in his many capacities.

http://www.bankinfosecurity.com/interviews/phishing-update-no-brand-safe-i-1609