Deprecated: Function create_function() is deprecated in /home/hidefide/public_html/blog/wp-content/plugins/wr-pagebuilder/core/core.php on line 127
{"id":424,"date":"2012-08-26T15:13:46","date_gmt":"2012-08-26T15:13:46","guid":{"rendered":"https:\/\/icaruspressblog.wordpress.com\/?p=424"},"modified":"2019-04-17T11:46:39","modified_gmt":"2019-04-17T11:46:39","slug":"rsa-phishing-cost-687-million-in-1st-half-of-2012","status":"publish","type":"post","link":"https:\/\/hidefideas.com\/blog\/2012\/08\/26\/rsa-phishing-cost-687-million-in-1st-half-of-2012\/","title":{"rendered":"RSA: Phishing Cost $687 Million in 1st Half of 2012"},"content":{"rendered":"

$\"download\"$ If you\u2019re trying to convince your boss to open up the purse strings for your anti-spam footprint, you\u2019re going to need numbers. Let\u2019s face it: you\u2019re not going to convince the boss with vague claims like \u201cspam costs a lot<\/strong> of money!\u201d Whether you plan on upgrading your software solution or improve your training process, bosses need to justify the budgetary spend. Fortunately, if there\u2019s one thing the security industry is good at doing, it\u2019s coming up with numbers.<\/p>\n

Unfortunately, the numbers don\u2019t always agree with each other<\/a>, but when drilling down into the research methods used, you can usually find a common theme and a ring of truth. That\u2019s especially true for reports from firms that specialize in security. For example, the security firm RSA presented the results of its study on the first half of 2012 this week, and interestingly enough, the article posted on RSA\u2019s blog points the finger squarely at phishing.<\/p>\n

The article, entitled Phishing in Season: A Look at Online Fraud in 2012<\/a>, doesn\u2019t waste any time getting to the point: \u201cCompared with H2 2011, end of June numbers show a 19% increase as phishers heavily target the UK, U.S. and Canada \u2013 and their associated brands \u2013 with the same old online trickery that continues to plague the world.\u201d Now, 19% may not sound significant all on its own, but when combined with a dollar figure, it becomes the stuff that opens a boss\u2019 wallet. According to RSA, the estimated losses due to phishing attacks in the first half of 2012 is $687 million US.<\/p>\n

RSA notes that the \u201cnumber was calculated using a lower attack uptime median and yet, it marks a 32% increase in losses when compared with last year\u2019s equivalent (1H2011), and a slight decrease when compared with 2H2011.\u201d RSA also pointed out findings from the Anti-Phishing Working Group<\/a>, which found that the uptime of attacks were down from 15.3 hours per attack to 11.72 hours per attack, suggesting that each instance of a successful phishing scheme yielded less money for the cyber crooks. However, overall attacks were up, and that means everyone needs to be a little more mindful of the dangers of wily phishermen.<\/p>\n

RSA also notes that the same short list of target countries remains unchanged, with the UK, US, Canada, Brazil, and South Africa topping the list of countries attacked by phishing schemes. RSA also points out that some countries revealed dramatic increases in phishing attacks during the first half of 2012. In Canada, phishing schemes were up a whopping 400%, an increase which is probably due to Canada\u2019s economic stability and the near one-to-one ratio between the Canadian and US dollars. As RSA points out in the article, the fraudsters do love to follow the money.<\/p>\n

Perhaps it\u2019s just the accounting side of the war on spam, but researchers just love to apply numbers<\/a> to the pesky stuff. But RSA takes it one step further, getting philosophical about the state of phishing in the world today. Phishing has been around for 16 years now \u2013 it seems like forever \u2013 and it still represents one of the top threats circulating the Internet today.<\/p>\n

Why? asks RSA. \u201cAt the core of this seemingly simple threat,\u201d they answer, \u201clies a powerful force\u2013 human emotion. Although phishing is a 21st century crime, manipulation, deceit and persuasion are not. \u201c The social engineering component of phishing continues to be a successful method for getting users to give up their personal information. When people act by feeling rather than acting rationally, they\u2019re more likely to make the mistakes that become a part of that $687 million nugget that keeps phishers coming back for more.<\/p>\n

Emotional triggers continue to be a source of success for the cybercrooks, says RSA. \u201cIntended readers have to be convinced that they need to visit the URL for a reason valid and credible enough to cause them to impart their credentials and personal information.\u201d We can\u2019t ignore the key emotional triggers that enable successful phishing \u2013 the promise of rewards, plain old human greed, emotional response to false accusations, curiosity, the need to right a perceived wrong, and misplaced trust, are all emotional responses identified by RSA as triggers that line phishers\u2019 pockets.<\/p>\n

It\u2019s somewhat odd to regard phishing as a success story that continues to thrive. One might assume that after 16 years and a glut of tombstone data about a scam that, in many ways, is as old as crime, people would know better. But you can\u2019t ignore $687 million in six months.<\/p>\n

Time to review that footprint…<\/p>\n","protected":false},"excerpt":{"rendered":"