Phishers Now Taking a Multilingual Approach

Media Alert

Phishers Now Taking a Multilingual Approach

RSA Security’s Anti-Fraud Command Center (AFCC) has tracked significant growth in phishing attacks targeting financial institutions in non-English speaking countries over the past six months. While the overall number of phishing attacks has only slightly increased over that time, attacks on non-English speaking targets now account for almost 40 percent of the total.

The AFCC has shut down over 10,000 phishing attacks hosted in 70 different countries, giving an excellent indication of developing trends. Its fraud specialists have noticed an increase in the number of attacks against European countries – including Spain, Germany and Italy, as well as the Netherlands, Scandinavia and France.

Emails are even sent in local dialects, such as Catalan in Northern Spain, with the fraudulent websites designed to effortlessly bypass local protection mechanisms such as back-of-ATM-card matrix of random numbers, scratch cards with random access codes, or lists of one time transaction access numbers held by the bank’s customers.

A combination of the increase in the number of online banking users in Europe and Asia Pacific, banks offering increased functionality as part of online services, and the sophistication and resources available to fraudsters are all believed to be contributing to this trend. Also, as larger institutions implement stronger defenses, fraud continues to migrate – phishers have already moved downstream to smaller financial institutions in the U.S., and are now moving across borders and expanding their global reach.

RSA Security’s fraud analysts have also detected postings in online fraudster communities suggesting that local crime rings that are familiar with the way local banks work in the various countries are requesting phishing attacks on European targets. In other words, there is a surge in demand for European banks’ phished credentials.

Researchers at the AFCC have also conducted analysis into the source of phishing attacks in some of the most frequently targeted countries. Their research shows that the origin of phishing attacks often varies considerably, and includes a wide range of host countries. For example in the UK, less than half of phishing attacks originate in the US, with 20 percent coming from Korea, 7 percent from Germany, 4 percent from the UK and 3 percent from Thailand, India, Morocco, Sweden, France, Israel and China.

In Spain, 37 percent of phishing attacks are instigated in the U.S., 20 percent in Germany, 7 percent in Korea, 5 percent in Japan, 4 percent in Australia and 3 percent in France and China. Other European countries hosting attacks targeting Spain make up 15 percent and other Asia Pacific countries constitute 6 percent. This demonstrates the international, networked nature of the online fraud industry, and indicates the breadth of the expertise available to fraudsters.

The primary phishing targets worldwide continue to be English-speaking countries such as the U.S. and the UK, followed by Australia, South Africa and Canada. The US, for example, sees over 50 percent of worldwide attacks.

ENDS

EDITORS

Want to keep up with global trends in phishing and online fraud? Click through to RSA Security’s Phishing Intelligence Report for the latest information: http://www.rsasecurity.com/phishing_reports.asp

© Scoop Media