VeriSign White Paper Sample

Phishing — luring unsuspecting users to provide sensitive information for identity or business theft — is a serious threat for both consumers and businesses. In the last decade since phishing arrived on the scene, this fraud method has been growing rapidly, with one estimate citing approximately 8 million daily phishing attempts worldwide.

The Anti-Phishing Working Group (APWG) reported that unique phishing attacks submitted to APWG rose 13 percent during the second quarter of 2008 to more than 28,000. It also reported that, during the same period, the number of malware-spreading URLs infecting PCs with password-stealing code rose to a new record of more than 9,500 sites — a 258% increase compared with the same quarter in 2007.

Targeted versions of phishing, called spear phishing, have emerged over the past several years. While common phishing is indiscriminate in its targets, spear phishing targets are known customers of a specific bank, mortgage provider, or other type of organization. Consumers aren’t the only targets of spear phishing. Increasingly, corporate employees are being targeted by savvy criminals. In these attacks, the goal is to gain access to corporate banking information, customer databases, and other information to facilitate cyber crime. According to VeriSign iDefense, spear phishing against corporations reached new heights during April and May 2008. Many of these attacks target senior executives and other high-profile individuals. The victim counts from these attacks is staggering — over 15,000 corporate users in 15 months. Victims include Fortune 500 companies, government agencies, financial institutions and legal firms.