Cloudmark Reports Spikes in European Phishing Attacks, Cautions U.S. Brands Against Complacency

Banks in Germany and U.K. at Center of Current Attacks

Cloudmark, the proven leader in real-time messaging security, announced today that its ongoing monitoring of spam and phishing attacks shows a rise in phishing attempts against European institutions. While there appears to be a slight decline in attacks against regularly phished U.S. brands, Cloudmark warns against complacency.

In a report published on the company's website, Cloudmark notes that the overall increase in European threats has been led by attacks on Sparkasse, causing nearly 90% of increased phishing in Germany and growing attacks on Barclays Bank in the U.K. A recent report from a government-backed internet security campaign in the U.K. shows that the majority of Britons are generally unaware of phishing attacks, even though 5.5 billion phishing emails are now sent each month.

"The new activity in Europe may reflect a general lack of consumer awareness of phishing as a personal threat, and at the same time phishers are becoming more aggressive in their attacks because, as yet, there are fewer phishing-specific solutions deployed in Europe," says Jacinta Tobin, Vice President of Business Development at Cloudmark. "During the next six months we could see phishers become even more aggressive with e-commerce brands, as they've been in the over-phished waters of America, and also increased attacks on mobile users and on enterprises with an eye toward stealing data. On the other hand, we're seeing greater interest from service providers in deploying edge solutions that protect their subscribers."

The slight downturn in regularly phished brands in the U.S. is likely more reflective of the cyclicality of phishing threats than any real abatement of the problem. Vipul Ved Prakash, founder and chief scientist at Cloudmark, cautions against complacency.

"While phishers may move on as awareness of specific attacks leads to diminishing success, they generally return after a cooling off period," noted Ved Prakash. "Our research shows phishers are notoriously efficient business people, cycling quickly through targets to avoid detection and remain effective. Today we believe they're also more organized and better funded than ever so we're cautioning service providers and financial institutions not to assume their problem has been solved because phishers take a break. Our data definitely show that they come back."

Cloudmark data show that phishers moved away from several major U.S. banks last year, but this year returned with a vengeance, targeting banks such as Bank of America aggressively in recent months. Phishers are also beginning to employ new technologies, such as Voice over IP (VoIP) where they spoof bank phone tree systems. Cloudmark was the first messaging security company to spot and announce such threats earlier this year with a small bank in Detroit, Michigan, and has recently stopped a similar threat within its global threat detection network on a small bank in Santa Barbara, California.

"Starting with small banks is another trait of phishers, as they establish methodology for using new technologies before going after bigger institutions," added Ved Prakash. Cloudmark's findings that, overall, phishing attacks during the past month were the highest in recorded history match those published last week in a report by the Anti-Phishing Working Group (APWG).

Cloudmark's Industry-leading Phishing Protection

Millions of discerning users in the Cloudmark Collaborative Security Network (CCSN) provide real-time feedback on spam, phishing, and virus attacks, which enables Cloudmark to block the latest threats within moments of first sighting in the network. Reports from trusted users are corroborated in real time to provide accurate and "unspoofable" data. The data collection, analysis, and update cycle is fully automated to ensure the fastest possible response time, supported by our unique fingerprinting algorithms. Unlike spam attacks, phishing attacks are low in volume and often target specific users with legitimate-looking invitations that appear to be from trusted vendors to a website that appears legitimate. These disguised websites are often online for just a few hours or days. Cloudmark fingerprinting algorithms identify the unique attributes of phishing, enabling quick response to attacks, blocking them before they reach users.

Cloudmark Authority is the only standalone anti-phishing solution available to service providers for deployment on any Messaging Transfer Agent (MTA) in the network infrastructure. Additionally, an anti-phishing URL data service that provides alerts on confirmed phishing URLs is available to provide real-time information about new attacks.

About Cloudmark

Founded in 2001, Cloudmark Inc. delivers the industry's fastest and most accurate spam, phishing and virus detection solutions. The Cloudmark methodology leverages an optimized combination of automation, human intervention and real-time reporting by millions of trusted and rated users in more than 160 countries. Used by service providers, enterprises and desktop users worldwide, Cloudmark's award-winning solutions are marketed direct and through partners worldwide. A privately held, San Francisco-based company, Cloudmark sits on the board of directors of the Messaging Anti-Abuse Working Group, and the steering committee of the Anti-Phishing Working Group. For more information, visit www.cloudmark.com.