Recent Phishing Attacks
Recently, customers of well-known companies (see examples below) have been victimized by fraudulent e-mails sent to look like they came from the trusted company. Yet, any response to the e-mail, does not go to the company, but to a scammer waiting to use or sell customer information.
In April, the Anti-Phishing Working Group reported 1125 phishing attacks, up from 402 in March. Each separate attack likely targeted thousands of consumers of legitimate companies through e-mail, illegally seeking personal information for personal gain.
A recent phishing e-mail read, threatening account deletion:
Dear Bank One valued member,
Due to concerns, for the safety and integrity of the online banking community we have issued this warning message.
It has come to our attention that your account information needs to be updated due to frauds and spoof reports.
If you could please take 1-5 minutes out of your online experience and renew your records and you will not run into any future problems with the online service. However, failure to update your records will result in account deletion.
This notification expires on June 20, 2004.
Once you have updated your account records your internet banking service will not be interrupted and will continue as normal.
Please follow the link below and renew your account information.”
(Link to what looks like a legitimate site. If clicked, the link seeks the user’s credit card number, expiration date and ATM pin, and redirects the information to another website).
More information about this phishing e-mail and others can be found at www.antiphishing.org
Examples of June 2004 phishing e-mails:
|BankOne||“Online banking issue”|
|Fleet Bank||"FleetBank warning message"|
|PayPal||"Notification of PayPal Limited Account Access"|
|Citibank||"Update your credit/debit card"|
|eBay||"Final notice - update your account to avoid service cancellation"|
|Citibank||"official Notice for all Citibank users!"|
|Citibank||"Urgent Info From Citi"|
|Fleet Bank||"FleetBank warning message"|
|Citibank||"Critical Changes to Citibank Online Account Access"|
|eBay||"eBay Safeharbour Department Notice"|
|eBay||"TKO Notice: Urgent Fraud Investigation"|
|eBay||"eBay Account Verification"|
|eBay||"eBay Account Confirmation"|
|U.S. Bank||"USBANK.COM URGENT NOTIFICATIOen"|
|eBay||"eBay Reminder : Email regarding pre-indefinitely suspended from eBay #1"|
|Barclays Bank||"officiaI Notice for aII Barclays IBank users!"|
|eBay||"ebay account error"|
|Citibank||"Citibank Account Protection"|
|Citibank||"Activate Bill Pay"|
|U.S. Bank||"Please confirm your U.S. Bank Online Banking identity"|
|Yahoo!||"Verify YAHOO! account"|
|U.S. Bank||"Your US Bank Account"|
|U.S. Bank||"Internet banking issue"|
|AOL||"Checking Account Payment Notification"|
|Citibank||"Checking Account Payment Notification"|
|U.S. Bank||"U.S. Bank Fraud Verification Process"|
|MSN & Hotmail||"***URGENT*** Update Billing Informations"|
|Earthlink||"Important Information Regarding Your Account"|
|PayPal||"PayPal security measures"|
|U.S.Bank||"Your U.S. Bank Account has been Suspended"|
|Citibank||"! Citibank regular verification"|
|AOL||"AOL Credit Card Verification Team"|
This website lists phishing e-mails and other pictorial examples to illustrate how it is getting more difficult to tell if a web page is genuine. Other recent phishing attacks of interest include FDIC, IRS and regulations.gov:
On January 23, 2004, the Office of the Comptroller of the Currency (OCC) and the Federal Deposit Insurance Corporation (FDIC) began receiving complaints from consumers who received an e-mail that has the appearance of being sent from the FDIC and OCC. The e-mail falsely states that the Director of the Department of Homeland Security has advised the FDIC to suspend all deposit insurance on the e-mail recipient’s bank account due to suspected violations of the USA PATRIOT Act. The e-mail further falsely states that deposit insurance will be suspended until personal identity, including bank account information, can be verified. This e-mail was not sent by the FDIC or the OCC and is a fraudulent attempt to obtain personal information from consumers.
On April 30, 2004, the U.S. Department of the Treasury and the Internal Revenue Service warned taxpayers of an e-mail-based scheme that attempts to trick taxpayers into revealing personal information such as social security numbers, driver’s license information and bank and credit card numbers.
In this ploy, unsuspecting consumers receive an e-mail, claiming they are under investigation for tax fraud and are subject to prosecution. The e-mail informs recipients they can “help” the investigation by providing “real” information and directs them to an official-looking Web site, where detailed personal information must be provided to dispute the charge.
The IRS does not use e-mail to contact taxpayers about issues related to their accounts. Official taxpayer contact usually includes a letter on IRS stationery in an IRS envelope. IRS letters also contain a contact phone number.
The emails' subject lines typically read "Official information" or "Urgent information to all credit card holders!" The message's text claims, "Due to recent changes in Rules and Regulations, it is required by Law for all Internet users to identify themselves in compliance with CFR (Code of Federal Regulations) to create a secure and safer Internet community." The email includes a link to a Web site that mimics regulations.gov and asks readers to provide their personal and financial information.
In fact, there is no law requiring all Internet users to register with the government. And regulations.gov does NOT collect financial information or charge consumers a fee for submitting comments.
Who is Being Targeted by Phishing Attacks?
In April, Citibank was barraged by an average of almost 16 phishing attacks per day. The 475 attacks targeted at Citibank, representing a 385% increase from March, exceeded the total attacks reported against all organizations for the prior month (402).
ebay and Paypal were the second and third most targeted companies respectively, with the volume of attacks against each of these organizations doubling from the prior month.
It is noteworthy that 15 of the top 20 targeted organizations are financial services organizations, with 3 ISPs and 2 'others' rounding out the mix.