You are currently browsing the category archive for the 'Statistics' category.
A number of presentations from the Authentication and Online Trust Summit are now available online.
Here is the agenda and the links to the available presentations. Day 1, Day 2
Below I listed a couple of the most relevant presentations relating to authentication and anti-phishing:
“E-commerce and Online Banking Fraud Issues, Challenges & Solutions”
Karim Noorali, Sr. Product Manager, eBay
Victor Talamo, VP & Director Risk Management, JPMorganChase
Marcelo Camara, Banco Bradesco, Febraban – Brazilian Banking Organization
“How to Fry A Phish & protect your brand domain & infrastructure – Evolving technologies and countermeasures. “
Laura Mather, Ph.D. Senior Scientist, Mark Monitor
Jens Hinrichsen, Product Marketing Manager, RSA
Rod Rasmussen, Director of Operations, Internet Identity
MarkMonitor did a four-week study on cybersquatting (in which illicit sites usurp popular trademarks – false association with a particular brand). They monitored the online content referring to the top 25 brands, which amounted to about 134 million public Web records. They registered 286,000 examples of cybersquatting directed towards these brands.
In terms of phishing activity, they noted a 104% rise during the month of Mach from the same month in 2006. 229 brand name companies were targeted in those attacks.
Statistics: 41% of all phishing attacks are targeting financial institutions in Q1 2007. “The latest quarter was the first time banks had outpaced online auctions such as eBay Inc. as targets. Auctions suffered 36% of phishing attacks.”
About a year ago some office workers were offered $3 Starbucks cards in exchange for their passwords. 85% of people would rather have more coffee than online security.
A recent attempt to do a similar test in the UK showed that people will happily trade their passwords for chocolate bars. (Full article here). “Researchers asked commuters (in London) if they knew what the most common password was and then asked them to reveal their own. About 40 per cent of commuters revealed their computer password straight away, with a further 22 per cent giving up details with a little further probing from the female researchers.”
What next? There is a great need to find out which foods are most relevant to getting people’s passwords. Don’t we all want to know how many donuts it takes to get the admin’s password? Cokes? Burgers, Fries?
Here is an article that provides some interesting data on the phishing activity based on the days of the week and major events. It’s great to know that phishers take time of during weekends, but they probably don’t like soccer. I wonder f it is possible to make a connection between the days when phishing activity is low and which countries have national holidays on those days. That could be a pretty good indicator where exactly the phishers “live, work and play”.
“During the second half of 2006, spam made up 59 percent of all monitored e-mail traffic. Thirty percent of all spam related to the financial services industry — for example, so-called pump-and-dump scams.
Over the last six months of 2006, Symantec tracked a total of 166,248 unique phishing messages — an average of 904 per day. That figure reflects a 6 percent increase over the first six months of 2006.
For the first time, Symantec tracked the impact a phishing attack had when it was sent on a certain day or around a certain event.
An average of 27 percent fewer unique phishing messages were sent on weekends than on weekdays, when 961 were sent on average. This trend indicates that phishing activity mirrors the business week, with attackers attempting to mimic a legitimate company’s e-mail practices, Symantec said.
Phishing activity increased during major holidays and other high-profile events, Symantec observed, such as the FIFA World Cup, with attackers crafting theme-specific social engineering ruses.”
