Stats Show Ominous Increase in Spam and Phishing Attacks

Recent industry statistics paint a grim picture of how pervasive spam, and with it e-mail fraud, is becoming in the U.S. transaction economy. Brightmail Inc., a San Francisco-based provider of anti-spam software, reports that the volume of spam hit 64% of some 96 billion e-mail messages its systems filtered in April. Spam volume hit 60% for the first time in January, Brightmail's statistics show, and rose to half of all e-mail volume only last August. A year ago, the spam percentage was 48%. Of the e-mail the service identified as spam last month, phishing attacks accounted for 5%, or some 3.1 million messages. Phishing refers to attempts by criminals to coax sensitive personal information, such as passwords and account numbers, out of unwary consumers by sending them e-mails using language and logos that mimic those of well-known and trusted organizations. Product pitches of various kinds accounted for the largest proportion (23%), followed by solicitations for financial services such as investments, loans, real estate, and credit reports (18%). Scams, or pitches for products or services known to be fraudulent, such as pyramid schemes or chain letters, came to 7% of the spam in April. Separately, the Anti-Phishing Working Group reports that online auction powerhouse eBay is by far the organization most favored by phishers, followed by Citibank, the banking company that is part of Citigroup, and PayPal, the person-to-person transaction processor owned by eBay. Whereas eBay had been the subject of only six unique phishing attacks as recently as November, the APWG reports, by March that number had ballooned to 110. More ominously, the group has detected a new wrinkle in which fraudsters have applied a custom Javascript to replicate the exact look and feel of a browser's Web address bar, complete with a real-looking rendition of the target organization's URL, furthering the illusion that victims have visited a legitimate site. The APWG is an organization whose members, including financial-services companies, law-enforcement agencies, and software vendors, seek to measure phishing's impact and identify proven methods to combat it. Technology consulting company Gartner Group last week reported results of a survey that showed the phishing problem has grown much worse in recent months, and estimated identity theft made possible by the fraud cost banks and credit card companies $1.2 billion last year (Digital Transactions News, May 6). The survey revealed the increasing sophistication and effectiveness of phishing, as 19% of respondents said they had clicked on links embedded in phished e-mails, and 3% had entered information at the sites the links had directed them to. As a result of the alarming rise of phishing, some transaction-industry officials fear an erosion of the consumer trust undergirding efforts by financial and retailing organizations to move payment transactions to e-commerce and m-commerce channels.