14 DAY TRIAL // Security experts analyzing mail traffic are reporting a significant decline in phishing-related e-mails during the first half of 2009. The drop suggests that this type of activity has become less profitable for cybercrooks, who now prefer other approaches, such as information stealing trojans.
According to spam analysts from Kaspersky Lab, phishing e-mails only accounted for 0.6 percent of all email traffic during the first half of this year. The security vendor reports that the decline occurred gradually from month to month, dropping from 0.78% in the first quarter to 0.49% in the second.
Around 60 percent of phishing emails have targeted PayPal and eBay users this year, which is not new compared to previous years. However, both organizations have been hard at work to raise awareness about such scams amongst their respective customers. "As a result, users of such systems have become more cautious, and the phishing attacks targeting them have become less effective," the security company concludes.
Another reason why phishing is not a lucrative business anymore is because email and web filters have actively targeted this threat and have evolved enough to make it unattractive for cybercriminals, who are looking to score big profits quickly.
IBM's 2009 X-Force Mid-year Trend and Risk report reveals similar finds when it comes to phishing. According to the company, this type of spam accounted for 0.1% of all junk mail during the first six months of 2009. In comparison, during the same period of last year, such e-mails represented between 0.2 and 0.8 percent of spam traffic.
Based on their findings, IBM's researchers have launched another hypothesis as to why phishing activity is declining. Cybercriminals "are likely getting better results with Trojans. It’s a return on investment issue for them," Dan Holden, product manager at IBM ISS, explained for Network World.
The data gathered by the company reveals that computer trojans accounted for as much as 55% of all new malware distributed during the first half of 2009. Compared to last year, this represents a significant 9% increase. Additionally, a whooping 508% increase has also been registered for the prevalence of malicious URLs on the Web, many of them originating on legit compromised domains.