Have You Noticed? Phishing Attacks Are Down

It’s just not in fashion anymore; phishing attacks are ‘way down, falling out of favor with cybercriminals who now prefer malicious websites and password-stealing Trojan horse programs.

IBM’s security research and development division, X-Force, recently issued a report that found throughout 2008 , phishing volume was around 0.5 percent of overall spam volume. But in the first half of 2009, the volume of phishing attacks fell to around 0.1 percent of spam volume. Not only did the volume of phishing attacks drop, but the targets also changed: in 2008, 90 percent of all phishing attacks targeted the financial industry; in the first half of 2009, that percentage had dropped to 66 percent.

That’s the good news. The bad news is that, according to the report, the number of malicious Web links is up 508 percent in the first half of 2009 and many of these links appear on otherwise trusted sites such as search engines. X-Force Director Kris Lamb says, “There is no such thing as safe browsing today and it is no longer the case that only the red light district sites are responsible for malware. We’ve reached a tipping point where every Web site should be viewed as suspicious and every user is at risk."

A copy of the IBM report can be downloaded here (PDF).

As always, let the surfer beware.