Phishers branch out to smaller bank scams

The number of people complaining about falling victim to or being targeted by a phishing scam has doubled in Australia over the past few months, according to the Australian Securities and Investments Commission (ASIC). While in the US, internet security firm Websense has warned that phishers are targeting customers of smaller banks in an attempt to evade detection.

ASIC commissioner Professor Berna Collier told ZDNet Australia on Wednesday that she felt the issue was accelerating so fast a general warning to raise awareness was necessary.

"The number of complaints we received in April and May was double the amount we received in February and March this year. Last year the number of complaints was double what we received the year before so unfortunately it is an accelerating trend," said Collier.

Collier said ASIC received complaints from both individuals and companies alike and although the largest and best-known organisations were hardest hit, phishers are not discriminating who they target.

"We receive all types of complaints. You are more likely to surrender your personal details - by way of confirmation - to an organisation that you believe is your bank. But much commerce is done electronically so people expect to be contacted electronically," said Collier.

Internet security firm Websense is warning that phishers in the US have started targeting customers of relatively unknown banks and smaller financial institutions in an attempt to fly under the radar.

Phishing has traditionally targeted financial organisations with household names, such as Barclays, Citibank and PayPal. However, Dan Hubbard, senior director of security and technology research at Websense, said that since the start of the year, customers from more than 30 relatively unknown banks and credit unions in the US have been attacked.

"The targets are becoming much smaller and more localised... By targeting a bank with just a few branches, the number of potential phishing prey is reduced to a much smaller number, sometimes to just a few thousand people. Nonetheless, the fact that we are seeing more and more of the smaller financial outlets being targeted by phishing attacks may indicate that this is a highly profitable scam," said Hubbard.

Hubbard, who calls this kind of activity 'puddle phishing', said that although the targets have changed the method used by phishers is identical, which means the attacks could be linked.

"The attack style and dynamics are very similar on many of these recent puddle phishing attempts, which may mean that there is some tool sharing or a small amount of attackers behind this recent wave," said Hubbard.

Munir Kotadia writes for ZDNet Australia