Symantec Report: Phishing
Fraud is not something that can only be committed by expert hackers. Thanks to phishing bundles and kits, anyone can join in. Below is some information that has been gathered about phishing over the last few years.
Holidays and Global Events
In the months leading up to Christmas, not only is there an increase in shopping, but there is also an increase in phishing emails. These emails seem to come from legitimate business offering deals on products. However, these deals were actually just ploys to gain credit card information. The same applies to Valentine's Day and other popular holidays. Another reason for an increase in phishing emails during these times is that security teams are often understaffed because workers take vacation, which means a greater likelihood that the phishing attempt will be successful.
Phishing email also seem to pop up more during global events such as the 2011 Japanese earthquake, the "Arab spring" movement, and more. Scammers will try to convince people that they are a reputable charity trying to help victims in these global events.
A popular technique used by scammers is to pretend to be a financial institution such as a bank or credit card company, especially if a person has recently opened something with the company or a company has recently merged. A person often pays close attention to financial correspondences and is less likely to put the letter or email in the trash. Consumers can also become overwhelmed in the amount of normal communication that goes on with financial institutions and is less likely to look at emails closer for anything that might be suspicious. The scammers will send a phishing email that states something along the lines of, "You need to complete one more step to finish setting up your account," or, "your account has been frozen until you re-validate your account information."
Malware Often Comes with Phishing Attempts
Scammers will often combine malware with phishing attempts to increase success rates. For example, if a person sends a phishing email that insists a person needs to re-validate their account by filling in their account information, there will often be a link in the email that will take the user to an infected website which will download a keylogger (Learn more about keyloggers and other malware). Another common technique to get users to download malware is to insist that a user must update a particular software before being able to view the full information.
Targeting Human Emotions and Behaviors
Scammers target a person's compassion, trust, curiosity, fear, and willingness to help others. The "I Love You" virus has been one of the biggest virus outbreaks since 2000, when it first started popping up. The email seemed to come from a secret admirer and preyed on people's desire to be loved by others. Other emails create a sense of urgency in two different ways. Sometimes the urgency suggests that something bad will happen to somebody else if you don't do something. This preys on a person's willingness to help others. The other sense of urgency suggests that something bad will happen to you if you don't do something, which preys on a person's fear. All of this helps phishing emails be more successful, but diligence and awareness can help combat these techniques.