WHAT DOES THE
PHISHING PHENOMENON
MEAN TO YOU?
BY
hishing attacks are nothing new. Virtually everyone with an email address has received
some kind of bogus email or text message masquerading as a legitimate communication.
But the global phishing phenomenon is growing, evolving, and becoming more
sophisticated and dangerous every day. Here are some essential facts that will help you
understand today’s expanding phishing landscape, how it can affect you and your business, and
what you can do to fight back.
Phish•ing (ˈfɪʃɪŋ) -n: The practice
of using fraudulent electronic
communications and copies of
legitimate websites to extract
financial data from computer users
for purposes of identity theft
LAY OF THE LAND
TODAY, PHISHING ATTACKS ARE:
GROWING
Unique phishing attacks per year
93,462
83,083
2011 2012
EVOLVING
Attacks on
virtual servers
“Blended” attacks that
combine phishing
and malware
!
!
@
• 1 shared virtual web server
• Lots of hosted domains
• One attack infects all the
domains on the server
Smartphone and
texting attacks
(SMiShing)
Your bank account has
been compromised.
We have deactivated
your debit card as a
precaution.
Call 800.555.1234 to
reactivate.
!
• Phishing email with link to a
bogus e-card
• “Software update required to
view card”
• Malware or keylogger
downloaded
• Bogus text message
• Victim surrenders account
number and PIN
• SMiShing attacks grew by
400% in the first half of 2012
BECOMING MORE EFFECTIVE
EVERY DAY....
156 MILLION
16 MILLION
8 MILLION
800,000
phishing emails
are sent
pass successfully
through email filters
are opened by
recipients
people click
malicious links
WHAT TO WATCH OUT FOR
!
Today, the majority of
phishing attacks appear to
originate in
CHINA.
THE CHINA
SYNDROME
70%
In the first half
of 2011, Chinese
phishers were
responsible for
of all malicious
domain name
registrations.
THE CHINA-BASED “APT1” PHISHING GROUP IS:
• Probably sponsored and orchestrated by the Chinese People’s Liberation Army
• Responsible for stealing hundreds of terabytes of data from 141 organizations
• Capable of stealing from dozens of organizations simultaneously
• Supported and run by hundreds of experts using more than 1,000 servers
(UN)HAPPY HOLIDAYS
Phishing attacks increase significantly before major holidays and events.
Bogus holiday
shopping “deals”
PLAYING
THE
FEAR
CARD
K
A
AN
B
Y
M
Fraudulent “packages” for
major sporting events
(Olympics, world-cup
soccer, Superbowl, etc.)
Fake summer
travel scams
Another favorite phishing tactic
involves playing on victims’
economic fears.
• Fake “warning” emails from
financial institutions
• Acquisition announcements from
mortgage holders
• Emails claiming to be from the IRS
A
Phishing attacks can damage your brand—
even when they target other businesses.
TRUST
BRAND BUSTERS
$
REVENUE
$
V
Financial
Institutions
N
L
U
Auction
Sites
A
R
E
E
L
B
V
Social
Networking
Sites
Retailers
N
L
U
A
R
E
Manufacturers
E
L
B
Cell
Phone
Providers
Payment
Services
HOW TO FIGHT BACK!
IF YOU’RE A BUSINESS
IF YOU’RE A CONSUMER
Always implement the best possible
encryption and authentication
Watch out for:
• Misspellings
• Generic greetings
• Threats regarding your account status
• Requests for personal information
• Fake domain names
• Links in emails
https://your website.com
Extended Validation
(EV) SSL certificates
OR THE GREEN BAR
• SSL to protect “data in motion”
• Extended Validation (EV) SSL certificates
to prove you’re legitimate
• Educate your customers
• Stay up to speed on the latest phishing
tactics and scams
• Stay diligent and be ready for anything
Make sure you:
• Look for the green address bar in your
browser
• Always check for secure “HTTPS” web
addresses
• Click the padlock to match the security
certificate to the site you are visiting
LEARN MORE AND STAY SAFE
Secure your site with EV SSL:
go.symantec.com/getev
Explore website security solutions:
go.symantec.com/ssl
Learn More!
staysecureonline.com