Special to CNET News.com
The number of phishing attacks launched each month has increased nearly 10-fold this year, tech security company MessageLabs said Monday.
The company, which has intercepted almost 20 million phishing e-mails throughout 2004, said in its annual report that the number of phishing attacks has soared from 337,050 in January to 4.5 million in November. The rate rose most sharply between June and July—from 264,254 to 2.5 million—which could be due to the widespread use of zombie networks.
In September 2003, the U.K.-based company intercepted just 279 phishing emails.
"E-mail security attacks remain unabated in their persistence and ferocity," said Mark Sunner, chief technology officer at MessageLabs. "The major development of the year has undoubtedly been the emergence of phishing. In just 12 months, it has firmly established itself as a threat to any organization or individual conducting business online."
"We believe that the singling out of certain companies to be the victim of phishing attacks could signal the beginning of a wider trend," added Sunner. "Already particular businesses are threatened and blackmailed, indicating a shift from the random, scattergun approach, to customized attacks designed to take advantage of the perceived weaknesses of some businesses."
Criminals behind phishing attacks, dubbed phishers, have also refined their techniques to increase their catch. Recent scams have captured online banking details automatically without people clicking on any links. MessageLabs said that phishers have also tried to recruit unsuspecting users into becoming money launderers, by offering employment opportunities with legitimate organizations.
The company found the amount of spam and e-mail viruses sent over the Internet has also risen since last year. This year, it found that one in 16 emails was infected with a virus, which is double the rate of 2003 when it was one in 33. It added that 73 percent of e-mail was identified as spam in 2004.
MessageLabs said it also saw a rise in tailored malicious attacks on companies, such as denial-of-service attacks on Web-based gambling companies.
Dan Ilett of ZDNet UK reported from London.