Phishing impersonating email service providers spikes

Phishing attacks impersonating email service providers increased 333 percent from Q4 2011 to Q1 2012. IID attributes this spike to spammers needing unsullied email addresses since many major spamming botnets have been shut down, and Internet service providers have become more successful at identifying and blocking email from botnets and other known spam sources.

During the first quarter of 2012, spammers increasingly tried to hijack “good” email addresses at large webmail services by impersonating those email service providers and phishing for email account login credentials.

“Control of a legitimate email address is like spam gold for cyber criminals,” said IID President and CTO Rod Rasmussen. “It’s pretty simple why this has become such a valued currency. Filters built to combat botnet spam have a harder time blocking spam coming from legitimate email services and email addresses without a history of abuse.”

Despite the dramatic jump in email service provider phishing, other industries on average witnessed a decrease in phishing attacks. In fact, IID’s report found phishing attacks dropped two percent when comparing statistics from Q1 2011 to Q1 2012.

IID also revealed that 74 of Fortune 500 companies and five of what it considers “major” U.S. federal agencies still had at least one computer or router on their network infected with DNSChanger malware as of the end of March.

The findings come ahead of the July 9th deadline, where the FBI will shut down servers that have allowed users whose computers are infected with DNSChanger malware to navigate the Internet.

DNSChanger changes the infected system’s domain name system resolution settings to use formerly rogue servers that redirect legitimate searches and domains to malicious websites. Not only does DNSChanger redirect Internet connections, it also disables anti-virus software, opening individuals and organizations up for more malicious attacks.