I have recieved a half-dozen or so emails from colleagues, over the last two days, reporting phishing attempts. Some of these folks say they haven’t received many of these types of emails in the past, but now they are. So I have to ask what gives when I read that phishing attempts are on the decline.
The last thing anyone needs are reports that say phishing is on a downward trend. People become less suspicious of the email, and disaster is the only result.
This post over at Slashdot says Netcraft has reported more than 5,600 phishing sites since December. So here is another question: If there are so many phishing sites being identified, what the heck are phishers doing with them? If you put the two reports together, it would suggest that phishers are launching sites just for the fun of it – less lures are being deployed (according to the Postini report). I don’t think so.
Either the numbers being thrown around are just plain wrong, or phishing attempts are becoming ever more sophisticated (even to the most watchful eye). A few months back we heard folks crying out that spam was slowing, while others said it was picking up, and it is highly unlikely that scammers are going to revert to less technologically (or verbally) proficient email to mount their attacks.
I say that if past performance is any indication, it is both – the numbers are bunk, and everyone should be even more careful with each message hitting the inbox.
Techdirt noted that these varying reports are all in how you spin it as well. The best bet is for everyone to err on the side of caution.
Also note that Netcraft is now providing their phishing site data as a feed. Check here for more details.