Securing the Digital World

New Research Reveals: Phishers Launch a New Attack Every 30 Seconds

Oct 12, 2016 | by Heidi Bleau |

As long as users can be fooled, phishing will continue to proliferate. In fact, many major breaches start as a targeted phishing email. According to the latest statistics from RSA FraudAction researchers, more than one million unique attacks have been identified in the last 12 months, or, more simply put, a new phishing attack is launched every 30 seconds.

Out with the old, and in with the old. RSA has witnessed a huge uptick in phishing in recent months. In Q2 alone, RSA identified more than 515,000 phishing attacks in the global market - a 115% rise over Q1 2016 and a remarkable 308% increase over the same time period last year. The U.S. continued to be the most attacked country, with 48% of global phishing volume, as well as the top hosting country, hosting 60% of all global phishing attacks. The total cost to global organizations from phishing: $9.1 billion.

RSA's latest quarterly fraud intelligence report also highlights the emergence of a new fraud tutorial in an underground forum. Dubbed "Jungle Money," it describes a technically detailed scheme for creating a network of private e-Wallet accounts that are converted through online store merchant services and funneled into a business class e-Wallet account while protecting fraudsters from discovery by making sure it is very difficult to tie the different accounts to one another. The scheme includes creating a number of shell accounts via Virtual Credit Cards (VCC), as well as multiple shell e-Wallet accounts, and using them to "juggle" funds between the accounts by charging one account against another for a purchase or service. They then quickly request a chargeback from one of the accounts, thereby receiving a full refund and quickly cashing out the funds.

In addition, the report also offers insight on how the use of URL shorteners in phishing attacks can bypass spam filters and not appear in blacklists of threat detection tools; how the aforementioned "Jungle Money" fraudsters use free trial services associated with cloud storage services to make their transactions harder to trace; as well as statistical data around:

  • Global distribution of Trojan Families
  • Top Trojan Hosting ISPs
  • Top ISPs Hosting Phishing
  • Top Registrars Hosting Phishing

You can access the full report.