phishing and the social world - dell emc · phishing and the social world ... one find trust than...
TRANSCRIPT
F R A U D R E P O R T
PHISHING AND THE SOCIAL WORLD
October 2012
Following global trends in online threats, the RSA Anti-Fraud Command Center continues
to see large increases in phishing attacks. Looking back to the first half of 2012 and
comparing it with the second half of 2011, RSA reported a 19% increase in global
phishing attacks. Not only is phishing still rampant, it is resulting in significant losses to
global organizations. RSA estimates that phishing cost organizations an estimated $2.1
billion in losses over the last 18 months. Instead of going away, phishing is stronger in
numbers and resulting in more losses. And although this threat is more familiar than ever
to online users, it still appears to work.
Phishing is, in a sense, nothing more than the old confidence scam, only nowadays the
deception happens online. Preying on human emotion is as primal a tactic as it gets and
mainly what keeps phishing alive. Beyond luring victims with greed (awards and
winnings-themed phishing emails) or anxiety (your-account-will-be-blocked-titled
phishing scams), phishing preys on trust in more ways than one. And where better would
one find trust than among people who know one another – on a social networking site.
PHISHING AND THE SOCIAL WORLD
Just four years ago, slightly more than 20% of U.S. citizens were users of social networks.
That number has since more than doubled and stands at around 50% today. Facebook
membership alone has increased nearly 10 times since 2008 and Twitter shows that
membership has increased by a factor of five over the same period.
With the world turning into a smaller and more ‘social’ village, fraudsters and blackhats
are certain to join the party. Cybercrime follows the money, and as user behavior shifts,
fraudsters have been following their target audience (potential victims) to the virtual
world’s hot spots. According to a research study by Microsoft, phishing via social
networks in early 2010 was only used in 8.3% of all attacks—by the end of 2011 that
number stood at 84.5% of attacks delivered through social media.
page 2
WHAT’S SO GREAT ABOUT PHISHING VIA SOCIAL MEDIA?
Using social networks, people behave more socially and are less discriminating with
messages or comments they receive on their profiles. With new user numbers soaring
every year, phishers get to cast a very wide net. One phishing attack tailored for the look
and feel of a single social network can effectively target a very large amount of people,
resulting in less work for the fraudster to do and a better yield of potential victims.
With social media, a core component of a successful phishing attack is already built-in:
Trust. Users ‘follow’ people they know or trust, they receive messages from people or
services they are familiar with (emails from a site’s team for example, a group, a friend’s
hijacked account, or comments containing poisoned links).
Rogue communications can sometimes be visually spotted, but most times they look
good enough to have the recipient click and go to the phishing site or download a
malicious piece of software. In cases where a social network makes heavy use of URL
shorteners, telling a suspicious hyperlink before browsing to it is very difficult.
IT ONLY GETS BETTER (FOR PHISHERS)
Social networking sites are getting much better at knowing their users and leveraging that
information for more targeted marketing and sales. One of the factors that help enhance
the credibility factor in the ever-evolving social media platform is the emerging Freemium
model.
Perhaps one of the most popular activities on some social networks is playing social
games with other users. The games are free, but only until the user wants to really get
ahead in the game or obtain special powers upgrades. This is where the payment prompt
jumps in, suddenly making it okay to perform financial transactions through a platform
like Facebook.
What does this mean for the user? It legitimizes using their credit card details on the
social networking site.
What does this mean for phishers? More ways to phish, more data to steal (alongside all
the other personal information already shared by users), more attacks and more
successful phishing!
Another factor that has been encouraging phishing to come through social networks is
enterprises going social. For example, banks that wish to market themselves using social
media open user groups people can join, inadvertently providing phishers with a model
to follow (not any different from online banking portals being imitated for phishing).
As with any online-borne threat, keeping a close watch on trends is essential to any
organization serving customers via the Internet. This new and increasingly ‘social’ nature
of delivering phishing attacks is a reflection of user behavior – a factor that will always be
the most significant driver for online crime trends.
Growing use of social networking is going to make phishing via that media more popular
with time, and just further supporting the need for ongoing and timely user-education and
awareness campaigns to help consumers protect their online identities and accounts.
page 3
Phishing Attacks per Month
In September, RSA identified 35,440
phishing attacks launched worldwide,
marking a 28% decrease from August. RSA
data shows that the bulk of this decrease
is a result of fewer phishing campaigns
launched against a series of European
financial institutions, which have
accounted for significant spikes in
attacks through the past few months.
Number of Brands Attacked
In September, 314 brands were targeted by
phishing attacks, marking an 8% increase
from August. Increases in the number of
brands attacked suggests cybercriminals
are casting wider nets at organizations that
may not be as well protected or are less
familiar with the threat.
0
10000
20000
30000
40000
50000
60000
Sou
rce:
RSA
Ant
i-Fra
ud C
omm
and
Cent
er
38970
24019
28365
21119 2103019141
3555837878
51906
59406
49488
35440
29974
Sep 11
Oct 11
Nov 11
Dec 11
Jan 12
Feb 12
Mar 12
Apr 12
May 12
Jun 12
Jul 12
Aug 12
Sep 12
0
50
100
150
200
250
300
350
Sou
rce:
RSA
Ant
i-Fra
ud C
omm
and
Cent
er
300 298313
256
281 281
303288 298
259242
290
314
Sep 11
Oct 11
Nov 11
Dec 11
Jan 12
Feb 12
Mar 12
Apr 12
May 12
Jun 12
Jul 12
Aug 12
Sep 12
page 4
Top Countries by Attack Volume
Despite a 22% decline in attacks, the UK
continues to be the country that endured
the highest attack volume – marking the
seventh consecutive month – with 47% of
attack volume. In turn, Canada absorbed
most of this with 17% of attack volume
in September.
UKGermanyChinaCanadaSouth KoreaAustraliaa
United Kingdom 47%
U.S. 25%
Canada 17%
50 Other Countries 11%
US Bank Types Attacked
In the U.S. banking sector, nationwide
bank brands witnessed a 10% increase in
attacks – accounting for about three out of
every four attacks in September. This is not
surprising as phishers tend to seek a brand
that is well-known and has multiple locations
within a region, such as nationwide banks. In
this case, there is a larger pool of potential
victims and the chance of a spam recipient
being an account holder of the targeted
brand is much higher. 0
20
40
60
80
100
Sou
rce:
RSA
Ant
i-Fra
ud C
omm
and
Cent
er
6% 14% 9% 19%6% 3% 12% 7% 20% 10% 11% 11% 9%
25% 12% 16% 13%
9%
21% 30%
11%
18%
12%
15% 15%
14%
69% 74% 75% 68%86% 76% 58% 82% 62% 78% 74% 74% 77%
Sep 11
Oct 11
Nov 11
Dec 11
Jan 12
Feb 12
Mar 12
Apr 12
May 12
Jun 12
Jul 12
Aug 12
Sep 12
page 5
MalaysiaBrasilIndiaNetherlandsCanadaItalyChinaS AfricaUSa
Top Countries by Attacked Brands
In September, U.S. brands continued to be
the most targeted by phishing – targeted
by 29% of attack volume, followed by the
UK and Australia.
Top Hosting Countries
In September, the U.S. continued to be the
top hosting country for phishing attacks
hosting 77% of attacks. Poland, the UK,
Canada, and France accounted for hosting
just over 10% of attacks in September. U.S. 77%
62 Other Countries 12%
France 2% Canada 2%
Poland 4%
United Kingdom 3%
MalaysiaBrasilIndiaNetherlandsCanadaItalyChinaS AfricaUSa
United Kingdom 10%
43 Other Countries 32%
U.S. 29 %
China 3%France 3%
India 4%
Australia 5%
Italy 3%
Canada 4%
Brazil 4%
Germany 3%
www.emc.com/rsa
CONTACT USTo learn more about how RSA products, services, and solutions help solve your business and IT challenges contact your local representative or authorized reseller – or visit us at www.emc.com/rsa
©2012 EMC Corporation. EMC, RSA, the RSA logo, and FraudAction are trademarks or registered trademarks of EMC
Corporation in the U.S. and/or other countries. All other trademarks mentioned are the property of their respective
holders. OCT RPT 1012