A seismic attack on business could be just around the corner, according to the Anti-Phishing Working Group. With active phishing sites more than doubling through October the group indicated that automated production and increased use by organised crime might threaten businesses in the future.
"There's a feeling that this is just a tremor," said Peter Cassidy, secretary general of the Anti-Phishing Working Group. "Organized crime is discovering that phishing is a way to make money and easily contain cost. What we could see in the future are very large and very painful attacks."
The group argued that with increased use in specific brands, successful phishers could eventually take money away from those businesses whose name they annex.
Over 1,000 active phishing sites in October were reported by the group and directly attributed this to the increased availability of automated tools, networks of compromised computers (bot networks) and skilled programmers. "There is a lot of great talent, particularly in Eastern Europe," Cassidy said.
Although the return on phishing varies, the apparent abundance of bot networks means that large scale attacks can hit millions of potential users, so even a low return is profitable. Since July the average monthly growth rate of phishing emails has been some 36 percent.
This month has seen an increased variation and sophistication in the nature of phishing attacks. Whereas some phishers are using fake job adverts as a technique, others are directly targeting those wanting to buy gifts over Christmas.
But Cassidy claimed all is not yet lost, and that greater sophistication doesn't necessarily mean more robust.
"As the sophistication of attack increases, the attacks generally become more brittle. I'm quite hopeful that business will deal with this new threat, as crime gets more sophisticated so does crime fighting," he said.