Phishing Attacks Show Sixfold Increase This YearPhishing Attacks Show Sixfold Increase This Year

Since the start of the year, phishing attacks -- fake E-mails designed to lure unsuspecting victims into giving up valuable personal information -- have increased more than sixfold.

Cyota Inc., an anti-fraud and anti-phishing software and services vendor, says its Anti-Fraud Command Center has seen a 633% increase in phishing attacks aimed at small and midsized banks and credit unions since January. Research by Gartner seems to confirm the booming growth in phishing attacks.

Phishing attacks on telecom and Internet service providers are averaging around 200 a day, the same number they used to see in a three-month period around the beginning of the year, says Gartner analyst Avivah Litan. "Too many people think phishing was a fad that petered out by the end of last year," Litan says, but it never stopped, "because it's so easy to do and make money from."

Successful phishing attacks can result in obtaining bank-account and credit-card information, which is sold by phishers to others in the criminal community who use that data to empty bank accounts or charge purchases to credit cards belonging to others. When it comes to battling phishing, credit-card companies are more advanced than most banks because they must monitor activities throughout multiple departments that often have their own processes in place.

There are a number of anti-phishing products available from companies such as Cloudmark, Cyota, PassMark Security, PostX, and others, but none offer a complete answer to the problem, Litan says. "They don't confirm if a Web site is legitimate," she says.

Another problem is that the growth of phishing is hurting the usefulness of E-mail for many business users. You have some users "deleting unopened messages from legitimate sites" while other users "still open all the messages," she says. That trend will force more companies to spend more money over the next few years to authenticate E-mail messages.

The Pennsylvania State Employees Credit Union said on Monday that it's implementing Cyota's FraudAction service to battle phishing and pharming. The Cyota service detects phishing attacks, provides forensic work to help identify the phishers, shuts down fraudulent Web sites, and can be used to flood a fake Web site with false data in an effort to dilute the value of stolen personal information. Cyota also offers a two-factor authentication process for online banking and online fraud management.