Results 1 to 10 of 10

Thread: Phishing Stats

  1. #1
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,915

    Phishing Stats

    Hey Hey,

    I haven't seen this on here yet, so here we go.

    http://www.ciphertrust.com/resources/statistics/

    CipherTrust has posted the most common phishing scams on the net and the countries of origins, the data is from companies that use their IronMail Device.
    Company % of Attacks
    CitiBank 54.16%
    Smith Barney 13.48%
    SunTrust 10.02%
    Paypal 7.57%
    Wells Fargo 5.42%
    HSBC 5.07%
    eBay 4.15%
    USBank 0.11%
    CitizensBank 0.014%
    Here are some of the top phishing scams this month as well.. courtesy o fthe SANS Ouch Newsletter.

    1. Phishing Scams
    Subject: Halifax Online Banking Update
    Bait: Fake email asking you to confirm your account data by clicking on
    the embedded link.
    Goal: To have you visit the Phishing site and reveal your logon
    information.
    Sample: http://www.millersmiles.co.uk/report/1446

    Subject: Armed Forces Bank Notice
    Bait: Fake email asking you to confirm/update/verify your account data
    by clicking on the embedded link.
    Goal: Capture your Social Security number, your customer ID, and
    password.
    Sample: http://www.millersmiles.co.uk/report/1428

    Subject: PayPal Special Department Notice (Anti-Fraud Alert 98760)
    Bait: Fake email asking you to confirm/update/verify your account data by
    clicking on the embedded link.
    Goal: To have you visit the Phishing site and reveal your logon
    information.
    Sample: http://www.millersmiles.co.uk/report/1420

    Subject: Bank of Oklahoma - Notice: Unauthorized Charge to Your Bank
    Account
    Bait: Fake email asking you to confirm or update or verify your account
    data by clicking on the embedded link.
    Goal: To have you visit the Phishing site and reveal your logon
    information.
    Sample: http://www.millersmiles.co.uk/report/1450

    Subject: First Credit Union - Renew Your Account Information
    Bait: Fake email asking you to confirm or update or verify your account
    data by clicking on the embedded link.
    Goal: Capture as much personal information as possible.
    Sample: http://www.millersmiles.co.uk/report/1495
    Peace,
    HT

  2. #2
    Senior Member Deeboe's Avatar
    Join Date
    Nov 2005
    Posts
    185
    Hi, in that same SANS OUCH Newsletter, they had the following stats as well:

    "...a list of the ten sites that were most often used for phishing."
    (www.ciphertrust.com)

    EBay
    PayPal
    Bank First
    Amazon.com
    Chase Bank
    Wells Fargo
    Bank of Oklahoma
    Barclays Bank
    Bank of America
    People's Bank

    -Deeboe
    If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.
    - Sun Tzu, The Art of War

    http://tazforum.**********.com/

  3. #3
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752
    I have received one from 'Wells Fargo' and one from Pay Pal. The one from Pay Pal was poorly done but the one from Frontier was very well done.......except I have never had a Wells Fargo Bank account.
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  4. #4
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,915
    Originally posted here by Deeboe
    Hi, in that same SANS OUCH Newsletter, they had the following stats as well:

    "...a list of the ten sites that were most often used for phishing."
    (www.ciphertrust.com)

    EBay
    PayPal
    Bank First
    Amazon.com
    Chase Bank
    Wells Fargo
    Bank of Oklahoma
    Barclays Bank
    Bank of America
    People's Bank

    -Deeboe
    Which was the first half of my post :P.... that's where that came from as well.. I just went to ciphertrust and got the real numbers and order instead of their rearranged order.

    Peace,
    HT

  5. #5
    Senior Member Deeboe's Avatar
    Join Date
    Nov 2005
    Posts
    185
    That is true, however our lists were different.

    You didn't have EBay, Bank First, Amazon.com, Chase Bank, Bank of Oklahoma, Barclays Bank, Bank of America, or the People's Bank on your list.

    Just thought I would add to your already impressive list.

    Thanks,
    -Deeboe
    If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.
    - Sun Tzu, The Art of War

    http://tazforum.**********.com/

  6. #6
    Junior Member
    Join Date
    May 2003
    Posts
    1

    Scam regarding Online banking

    just received another one supposed 2 be from a german bank called "Volksbanken Raiffeisenbanken" (one of the bigger and well respected banks in germany btw)
    funny thing is - appearently the phishing link in there leads 2 a static ip-adress + port ...
    pardon me - past form would be more fitting

  7. #7
    Senior Member bAgZ's Avatar
    Join Date
    Jul 2001
    Posts
    206
    These stats are scary i currently live and work in Africa and you would not belive the amount of people around the office that got cheated out of some of their cache. It seems like a wide spread problem. Surly banks should take a fall for this or at least for part of the problem? I mean they would put in more resources to fight back. I know that Standard Bank here has started to warn customers and shutdown phishing sites that target them. I seem to recall a good article by Bruce Schneier Founder and CTO Counterpane Internet Security, Inc. on this subject. You could probably find it in one of the back issues of CRYPTO-GRAM.

  8. #8
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,915
    Hey Hey,

    AnimeRules: General if the dates are flashing in a thread, you don't post in them.. it usually means they are older threads.... Also your information would be better placed in the Phishing Examples thread... It's a long compilation of all the phishing/cyber scams that we see... You may want to add your message and the headers (sanitize them first) to that thread if you think it's an interesting message.

    Peace,
    HT

  9. #9
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    HT:

    When you see a poster that registered in 2003 and has 1 post to their name you should probably explain the word "sanitize"......

    Just a thought.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  10. #10
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,915
    Originally posted here by Tiger Shark
    HT:

    When you see a poster that registered in 2003 and has 1 post to their name you should probably explain the word "sanitize"......

    Just a thought.....
    good point heh

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •