Globally, loss due to phishing attacks was close to $5.9 billion which is significantly higher than $1.5billion loss in 2012. The total number of phishing attacks in 2013 stood at 448,126 as against 445,004 the previous year. The overall trend in attack number showed a significant rise in volume through the year, reaching an all-time high in Q4 2013 (1,41,254).
Top countries targeted by phishing are United States, United Kingdom, Germany, India, South Africa, Canada, Netherlands, Colombia, Australia and Brazil.
Key highlights from the report are:
* Brands in the U.S., UK, India and Canada were targeted by almost 57% of phishing attacks in the first half of 2013.
* USA and Canada remained the most targeted countries by phishing attacks in 2013 with a total of 63% of the phishing attacks directed at them.
* There has been a significant rise in phishing attacks in every Quarter in 2013, with Q4 seeing the most number of attacks.
2014 PHISHING FORECAST
Phishing, the cybercrime equivalent of pickpocketing, is a crime that is easily committed with very little cost to the attacker:
* Cheap (criminal) hosting servicesoffered mostly on top of hijacked websitesare abundantly available. If spamming 500,000 emails addresses only set you back a mere $65, it is no surprise that phishing attack volumes are not dropping.
* Phishing volumes will not drop considerably, though we may see a slight decline. The decline will be mainly due to growing adoption of email authentication, namely DMARC, which together with tighter policy should help in the reduction of phishing emails received by end users. However, wider global adoption (into LATAM and APJ) still plays a major factor in the battle against phishing.
* Big data analytics and broader intelligence collection will lead to faster detection and quicker mitigation, resulting in lower financial losses. With the millions of spam messages traversing the internet on a daily basis, separating the wheat from the chaff has become far more challenging. Advancements in phishing techniques and methods also serve to add a layer of complexity when it comes to detection. Deploying analytics into the detection process provides a way to see though the noise and get to the phish faster. Coupled with broader intelligence collection, attacks may be prevented before they are launched.
* Greater end user awareness will serve to reduce losses. Cyber awareness has become a mainstream conversation topicpeople are becoming more aware of the dangers in the digital world. More awareness translates directly into fewer losses.