Phishing Stats

Printable View

November 11th, 2005, 03:09 PM
HTRegz

Phishing Stats

Hey Hey,

I haven't seen this on here yet, so here we go.

http://www.ciphertrust.com/resources/statistics/

CipherTrust has posted the most common phishing scams on the net and the countries of origins, the data is from companies that use their IronMail Device.

Quote:

Company % of Attacks
CitiBank 54.16%
Smith Barney 13.48%
SunTrust 10.02%
Paypal 7.57%
Wells Fargo 5.42%
HSBC 5.07%
eBay 4.15%
USBank 0.11%
CitizensBank 0.014%

Here are some of the top phishing scams this month as well.. courtesy o fthe SANS Ouch Newsletter.

Quote:

1. Phishing Scams
Subject: Halifax Online Banking Update
Bait: Fake email asking you to confirm your account data by clicking on
the embedded link.
Goal: To have you visit the Phishing site and reveal your logon
information.
Sample: http://www.millersmiles.co.uk/report/1446

Subject: Armed Forces Bank Notice
Bait: Fake email asking you to confirm/update/verify your account data
by clicking on the embedded link.
Goal: Capture your Social Security number, your customer ID, and
password.
Sample: http://www.millersmiles.co.uk/report/1428

Subject: PayPal Special Department Notice (Anti-Fraud Alert 98760)
Bait: Fake email asking you to confirm/update/verify your account data by
clicking on the embedded link.
Goal: To have you visit the Phishing site and reveal your logon
information.
Sample: http://www.millersmiles.co.uk/report/1420

Subject: Bank of Oklahoma - Notice: Unauthorized Charge to Your Bank
Account
Bait: Fake email asking you to confirm or update or verify your account
data by clicking on the embedded link.
Goal: To have you visit the Phishing site and reveal your logon
information.
Sample: http://www.millersmiles.co.uk/report/1450

Subject: First Credit Union - Renew Your Account Information
Bait: Fake email asking you to confirm or update or verify your account
data by clicking on the embedded link.
Goal: Capture as much personal information as possible.
Sample: http://www.millersmiles.co.uk/report/1495

Peace,
HT
November 11th, 2005, 03:23 PM
Deeboe

Hi, in that same SANS OUCH Newsletter, they had the following stats as well:

"...a list of the ten sites that were most often used for phishing."
(www.ciphertrust.com)

EBay
PayPal
Bank First
Amazon.com
Chase Bank
Wells Fargo
Bank of Oklahoma
Barclays Bank
Bank of America
People's Bank

-Deeboe
November 11th, 2005, 03:29 PM
moxnix

I have received one from 'Wells Fargo' and one from Pay Pal. The one from Pay Pal was poorly done but the one from Frontier was very well done.......except I have never had a Wells Fargo Bank account.
November 11th, 2005, 04:00 PM
HTRegz

Quote:

Originally posted here by Deeboe
Hi, in that same SANS OUCH Newsletter, they had the following stats as well:

"...a list of the ten sites that were most often used for phishing."
(www.ciphertrust.com)

EBay
PayPal
Bank First
Amazon.com
Chase Bank
Wells Fargo
Bank of Oklahoma
Barclays Bank
Bank of America
People's Bank

-Deeboe

Which was the first half of my post :P.... that's where that came from as well.. I just went to ciphertrust and got the real numbers and order instead of their rearranged order.

Peace,
HT
November 11th, 2005, 04:58 PM
Deeboe

That is true, however our lists were different.

You didn't have EBay, Bank First, Amazon.com, Chase Bank, Bank of Oklahoma, Barclays Bank, Bank of America, or the People's Bank on your list.

Just thought I would add to your already impressive list.

Thanks,
-Deeboe
December 20th, 2005, 06:20 PM
AnimeRules23

Scam regarding Online banking

just received another one supposed 2 be from a german bank called "Volksbanken Raiffeisenbanken" (one of the bigger and well respected banks in germany btw)
funny thing is - appearently the phishing link in there leads 2 a static ip-adress + port ...
pardon me - past form would be more fitting ;)
December 21st, 2005, 09:37 AM
bAgZ

These stats are scary i currently live and work in Africa and you would not belive the amount of people around the office that got cheated out of some of their cache. It seems like a wide spread problem. Surly banks should take a fall for this or at least for part of the problem? I mean they would put in more resources to fight back. I know that Standard Bank here has started to warn customers and shutdown phishing sites that target them. I seem to recall a good article by Bruce Schneier Founder and CTO Counterpane Internet Security, Inc. on this subject. You could probably find it in one of the back issues of CRYPTO-GRAM.
December 21st, 2005, 03:16 PM
HTRegz

Hey Hey,

AnimeRules: General if the dates are flashing in a thread, you don't post in them.. it usually means they are older threads.... Also your information would be better placed in the Phishing Examples thread... It's a long compilation of all the phishing/cyber scams that we see... You may want to add your message and the headers (sanitize them first) to that thread if you think it's an interesting message.

Peace,
HT
December 22nd, 2005, 12:56 AM
Tiger Shark

HT:

When you see a poster that registered in 2003 and has 1 post to their name you should probably explain the word "sanitize"...... ;)

Just a thought.....
December 22nd, 2005, 02:52 AM
HTRegz

Quote:

Originally posted here by Tiger Shark
HT:

When you see a poster that registered in 2003 and has 1 post to their name you should probably explain the word "sanitize"...... ;)

Just a thought.....

good point :) heh