Text message phishing attacks drop significantly

Text-to-phone phishing attacks (often called “smishing”) dropped dramatically in the first quarter of 2010, according to a report by Internet Identity (IID).

Smishing attacks were down 62 percent from January to March, 2010, compared to the previous quarter.

Despite the drop, the number of credit unions being impersonated in text-to-phone cases stayed the same, meaning these organizations were the most targeted by industry. In these attacks, cyber criminals impersonated companies by text message to try and lure victims to call a fake interactive voice response (IVR) system designed to steal vital personal data like logon information, account credentials, social security numbers and more.

Other findings of IID’s fourth quarterly phishing report:

• Cyber criminals increasingly posed as relief organizations to launch phishing attacks, claiming to help victims of recent disasters, like the earthquakes in Haiti and Chile
• More and more, phishing was used to carry out Internet Domain Name System hijackings, specifically with China’s biggest search engine Baidu.com (similar to the December 2009 hijacking of Twitter)
• There was a significant reduction in the number of phishing attacks carried out by Avalanche, one of the most prolific cyber criminal gangs (responsible for two-thirds of the world’s phishing attacks in the second half of 2009)
• Non-Avalanche phishing attacks rose 14 percent from the previous quarter
• The major share of phishing volume moved to targeting money transfer sites.