14 DAY TRIAL // According to a recent report from Internet Identity (IID), the first quarter of 2010 registered a 62% drop in text-to-phone phishing attacks. Credit unions remain the favorite targets for these scams.
IID is a security company headquartered in Tacoma, Washington, which provides DNS security, as well as anti-phishing and anti-malware solutions for enterprises. The company closely follows phishing trends, including the ones for a type of attack frequently targeting financial institutions called smishing, and releases a quarterly report based on the gathered data.
"In Text-to-Phone phishing attacks, often called "smishing" attacks, the criminals send lures via text message, usually in a random pattern against a set of area codes. The lures are designed to trick the recipients into calling the phone number given, which will usually be answered by a fake interactive voice response (IVR) system design to coax account credentials and other personal information from the victim," the company explains in the report for Q1 2010 (PDF).
IID registered 118 such attacks in the first quarter of 2010, which represents a significant drop from the 310 registered during the last quarter of 2009. The company explains that this is partially due to cybercrooks giving up on non-branded attacks, after they failed to trick a large enough number of people.
The number of credit unions targeted remained the same as in the previous quarter (40), but the number of unique attacks per union decreased from 3.2 to 1.5. The company views this as a possible indication that credit unions and their members might have improved their efficiency in fending off such scams.
As far as attacks against banks and their customers go, the scammers seem to have focused mostly (88%) on just two institutions. The total number of affected banks for the first quarter was eight, compared to 23 in Q4 2009.
IID also observed a trend of using toll-free phone numbers in attacks against credit unions. Half of smishing attacks that targeted such institutions used toll-free numbers, compared to only 25% for banks. The company concludes that credit union members are more suspicious of phone numbers with different area codes than the one their institution is located in.
You can follow the editor on Twitter @lconstantin