OnlyMyEmail Catches the Phishers

Share Article

For the new year, the shift in Spam is convincingly and dramatically toward more online identity theft schemes, commonly referred to as Phishing frauds. Such frauds are attempts to trick email recipients into divulging personal and financial information through spoofed web sites that are convincing replicas of legitimate online services. http://www.OnlyMyEmail.com is currently tracking Phishing frauds at an astounding 1.28 percent of all email crossing our anti-spam networks.

For the new year, the shift in Spam is convincingly and dramatically toward more online identity theft schemes, commonly referred to as Phishing frauds. Such frauds are attempts to trick email recipients into divulging personal and financial information through spoofed web sites that are convincing replicas of legitimate online services.

http://www.OnlyMyEmail.com is currently tracking Phishing frauds at an astounding 1.28 percent of all email crossing our anti-spam networks.

The vast majority of Phishing frauds claim to be from just a few well-known companies. In fact, according to Steven P. Burkett, Vice President of Development at OnlyMyEmail, 94.8% of current frauds are spoofing just four domains."

OnlyMyEmail's network traffic lists these top domains and their percentage of all Phishing fraud:

49.7% Citizensbank.com

26.4% TCFexpress.com

14.7% Wamu.com

4%    Paypal.com

"Among the remaining 5% of Phishing campaigns, we see many of the names that were high volume spoofs from previous weeks and months" say's Burkett.

The trend in fraud appears to be a constant rotation of these Phishing campaigns as soon as enough publicity makes consumers wary of current risks. Burkett suggests that: "This explains why names such as Paypal, Southtrust, Suntrust, Wellsfargo, E-bay and others now barely register on our network in comparison to the top four."

As a consequence, OnlyMyEmail expects this rotation to continue. Just as the same spammers change the products they are pitching on a regular basis, it appears that those involved in Phishing frauds will continually rotate the sites they spoof.

What remains consistent among most Phishing campaigns are the subject matter and tone of the emails. These frauds commonly include fraud prevention claims in their subject lines (with countless variations) such as:

  • "Important Fraud Alert"
  • "ATM PIN Checking"
  • "Verification of the Internet Banking Accounts"
  • "Security alert!"
  • "Debit Card Update required, fraud protection"

Breaking from this trend, the occasional Phishing fraud will offer an "online bonus" or service such as "automatic bill payment" enrollment, but these are clearly in the minority.

The content of Phishing emails are almost uniformly consistent in that they all attempt to entice the user to "log in" to the faked version of the vendor's site. Common warnings designed to entice compliance include:

"The new updated technologies will ensure the security of your payments through our bank. This security update will be effective immediately."

"Your account has been randomly flagged in our system as a part of our routine security measures."

"We recently have determined that different computers have logged onto your Online Banking account, and multiple passwords failures were present before the logins."

In order to protect existing anti-spam clients, OnlyMyEmail's response has been to add a separate layer of filtering specifically to address Phishing fraud emails. Burkett explains that: "Spam filtering techniques will sometimes miss these types of fraudulent emails because their content appears legitimate and many of the links in these spoofed emails would actually link to the legitimate vendor sites."

OnlyMyEmail's Phishing protection process is now positioned very early in their filtering layers at http://www.OnlyMyEmail.com and clearly marks such emails as "Fraud" so that OnlyMyEmail's clients understand why such messages were blocked.

Burkett continues: "We had to run the fraud detection early and change the way we report because when we blocked these campaigns as spam, clients would often report them as "false positives" thinking that our system had accidentally blocked a legitimate notice from their bank. That's how convincing some of these campaigns are today."

# # #

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Stephen Canale
Visit website