The phish continued to spawn and bite in May, with the Anti-Phishing Working Group reporting 1,197 unique attacks of phishing – spoofed e-mails and Websites made to resemble actual business or other commercial sites, which aim to get you to give up personal financial information to credit card and identity thieves, among others – during that month.
The "Phishing Attack Trends Report" covering May also said there were about 321 unique phish attacks per week during the month, with Citibank the most frequent target for the month, with 370 such attacks aimed at their customers alone, according to the report. But that also proved a reduction from April, when Citibank phish accounted for 475 unique attacks, a whopping 377 more than hit the company's customers in March.
The total May phish were up by a "minor" 6 percent over April's report, the APWG said, with average daily unique phish at 38.6 a day in May compared to 37.5 a day in April – with a slight dip reported for the week of May 29, most likely due to the Memorial Day holiday in the United States.
Trailing Citibank for target frequency in May were eBay (293), U.S. Bank (167), PayPal (149), Fleet Bank (33), Visa (21), America Online (17), Lloyds (17), Barclays (15), Westpac (12), Nationwide (10), and Halifax (9). The APWG believes the phishers are coming more and more to focus on Citibank, eBay, and PayPal, while overall the financial services industry is the number one phish target with e-tail very close behind.
EBay, PayPal, and America Online were the most-often targeted Internet companies in May, with Earthlink, e-gold, MSN, and Yahoo the target of six or less phish attacks in the month. For AOL, their May phish attacks were almost double what they incurred in April, and follows February and March reported phish attacks of ten each for the ISP.
The fake Website technique, for now, is taking a far back seat to the spoofed e-mail technique, the APWG report said. Spoofed e-mail accounted for 95 percent of May's phish, compared to 3 percent using "social engineering" (authentic Internet e-mail domains resembling the e-mail addresses of the companies they spoof) and 2 percent using non-disguised Web mail addresses.
