C-Level Executive Phishing Attacks On The Rise

Meantime, the number of phishing campaigns overall fell for the second consecutive month, according to the Anti-Phishing Working Group.

Thomas Claburn, Editor at Large, Enterprise Mobility

February 4, 2008

2 Min Read
InformationWeek logo in a gray background | InformationWeek

Businesses and government agencies face a rising number of phishing attacks targeting high-level executives.

The Anti-Phishing Working Group on Monday said that in November the identities of 178 financial institutions and government agencies, a new record, were co-opted by phishers in an effort to dupe victims into revealing information. This represents a 2.23% increase from the previous high in April and a 48% increase from October.

At the same time, the number of phishing campaigns overall fell for the second consecutive month, dropping to 28,074 in November from 31,650 in October. The APWG attributes this decline in part to "eCrime gangs' increasing focus on targeted phishing attacks against key corporate personnel to secure credentials for theft against corporate assets."

"The attack surface is becoming increasingly fragmented as phishing groups identify and exploit technical and social-engineering opportunities to organize scams against financial institutions," said APWG secretary general Peter Cassidy in a statement.

The APWG is comprised of law enforcement organizations and industry. Many of the companies involved in the group profit from the sale of security products.

Last week, MessageLabs, a messaging security company unaffiliated with the APWG, issued a similar report. Mark Sunner, the company's chief security analyst, said there had been a rapid rise in the number of targeted phishing attacks. Many of these, he said, were being directed at C-level executives.

In 2005, MessageLabs detected two attacks per week involving targeted Trojans out of 1.5 billion messages. In 2006, it found one such attack per day out of 180 million messages. In May 2007, it saw 10 targeted attacks per day out of 250 million messages. In November, it was seeing 924 targeted attacks every five hours.

Laura Mather, senior scientist at MarkMonitor and managing director of operational policy for APWG, said in a statement that executives at companies are receiving specially targeted e-mail messages that attempt to install malware in order to gain access to corporate systems and bank accounts.

Also in November, China overtook the United States as the top phishing site host. The APWG said that 24.21% of phishing sites detected were hosted in China, compared to 23.85% in the United States.

This trend may further fuel worries about Chinese espionage, which the U.S.-China Economic and Security Review Commission called "the single greatest risk to the security of American technologies" in its November report to Congress. It's worth noting, however, that those behind phishing attacks are not necessarily located in the countries where their phishing servers can be found.

About the Author

Thomas Claburn

Editor at Large, Enterprise Mobility

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful master's degree in film production. He wrote the original treatment for 3DO's Killing Time, a short story that appeared in On Spec, and the screenplay for an independent film called The Hanged Man, which he would later direct. He's the author of a science fiction novel, Reflecting Fires, and a sadly neglected blog, Lot 49. His iPhone game, Blocfall, is available through the iTunes App Store. His wife is a talented jazz singer; he does not sing, which is for the best.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights