Phishing scams are spam emails sent by cyber-criminals that can lead to identity theft at home and data breaches at work. Phishing attacks pretend to be from a legitimate person or organization to trick you into revealing personal information. A phishing attack begins when a cyber-criminal sends an email that looks like it originates from your bank.
The email might hint at a problem with your account asking you to “confirm” account information by clicking on a link that takes you to a fake website. The fake website asks you to type in your bank account user name and password. The goal is to convince the target that the web page is legitimate so that they will enter their credentials. Once entered, attackers can access an individual’s finances.
Phishing attacks
RSA reports 2013 was a record year for phishing attacks. They report that nearly 450,000 phishing attacks were launched in 2013 with losses estimated to be nearly $6 Billion. The security firm believes that these attacks will continue for the foreseeable future. They point out that it only costs an attacker $65.00 to spam 500,000 email addresses.
Symantec reports (PDF) that 1 in every 392 emails a user receives is a phishing attempt. 71% of the phishing attacks were related to spoofed financial organizations and login credentials for accounts seem to be the main information phishers are looking for. Dell SecureWorks delved into the depths of the online underground economy and found the value of personally identifiable information (PII).
value of personally identifiable information
- Visa and Master Card account numbers are worth up to $15
- American Express account numbers are worth up to $18
- Date of Birth (DOB) is worth up to $25
On his excellent website, Brian Krebs revealed the black market value of hacked credentials.
- Active accounts at Facebook and Twitter retail for just $2.50 apiece,
- $4 buys hacked credentials at wireless providers ATT.com, Sprint.com, Verizonwireless.com, and Tmobile.com,
- Groupon.com accounts fetch $5,
- Fedex.com, Continental.com, and United.com accounts for go for $6.
- iTunes accounts go for $8 on the cyber underground economy.
medical records
In a new phishing twist, attackers are going after medical records to exploit the broken healthcare industry. Stolen health credentials can go for $10 each, about 10 or 20 times the value of a U.S. credit card number, according to Don Jackson, director of threat intelligence at PhishLabs, a cybercrime protection company.
With these threats in mind, PhishMe developed an infographic, click on the image below to see the complete image.
PhishMe infographic
rb-
Since many cyberattacks originate with phishing emails, the best way for organizations and individuals to protect themselves online is to recognize and avoid phishing emails.
Related articles
- Phishing attacks target Google accounts, warns Bitdefender (computerweekly.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.