Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


ID Theft Doubles in Two Months

Phishers, malware authors go beyond the usual targets to find victims they've never attacked before

Online identity theft grew at an unprecedented rate during the first two months of 2007, as its two chief components -- malware and phishing -- skyrocketed at rates of 50 to 200 percent.

A study scheduled to be released tomorrow by Internet monitoring firm Cyveillance Inc., found more than 3 million pieces of personal information available on the Web, including approximately 320,000 debit and credit card numbers, 1.4 million Social Security numbers, and 1.3 million account login credentials.

"The odds of you personally being targeted for [online] identity theft are higher now than they have ever been in history," says Todd Bransford, vice president of marketing at Cyveillance. "The volumes of personal information available on the Web are higher than they've ever been before."

The report is a first for Cyveillance, a seven-year-old company that mines Internet content and trends via Web crawlers and proprietary search engines. To create the report, Cyveillance sent its crawlers out looking for likely phishing sites, malware, and personally identifiable information.

"This is a little different than the other reports you may have seen, which are projections based on surveys or Internet crime reports," Bransford observes. "Everything we found is actually out there right now, on the open Internet."

In December, Cyveillance found that the average number of URLs detected with malware was less than 20,000 on a daily basis. Last month, however, that average had grown to about 60,000 sites daily, with a single-day, mid-month spike of close to 140,000.

"What we're finding is that a lot more of the malware is designed for financial gain," as opposed to just vandalizing or damaging systems, Bransford says. "Based on these numbers, I would say that over time, malware is going to become a more common method of identity theft than traditional phishing."

Many attackers also are combining phishing with malware, using compelling emails to entice users to click over to a Web site that promptly installs malware on the user's machine, often without requiring any action on the user's part. Cyveillance estimates that there are hundreds, possibly thousands, of live malware-based phishing scams operating on any given day. One scam Cyveillance discovered contained 12 different pieces of malware and resulted in the theft of at least 60,000 Social Security numbers.

"These 'blended attacks' are different because the attacker doesn't need to convince the user to do anything except click on a link," Bransford says.

Interestingly, while many researchers report that a high percentage of phishing attacks come from overseas, Cyveillance found that almost three-fourths of malware sites are based in the U.S. "Generally, attackers want the malware to come from a site in the same region, which makes it seem more trustworthy," Bransford says.

While malware is the fastest-growing attack vector for identity theft, traditional phishing continues to proliferate as well, Cyveillance found. In fact, the number of sites targeted by phishing attacks grew 50 percent in the first two months of 2007, from 800 to 1,200.

"Where we used to see [phishers] targeting mostly large banks and popular online sites like eBay, now we are seeing smaller regional banks, credit unions, and retail sites that have never been targeted before," Bransford says. Credit unions alone saw an increase of 584 percent in the last 12 months, and associations have suffered an increase of 329 percent, Cyveillance reports.

— Tim Wilson, Site Editor, Dark Reading

  • Cyveillance

    Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    Inside the Ransomware Campaigns Targeting Exchange Servers
    Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
    Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
    Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
    Register for Dark Reading Newsletters
    White Papers
    Current Issue
    2021 Top Enterprise IT Trends
    We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
    Flash Poll
    How Enterprises are Developing Secure Applications
    How Enterprises are Developing Secure Applications
    Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2021-04-14
    An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00.
    PUBLISHED: 2021-04-13
    A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1.2.0 due to the inadequate filter of the intent scheme. This resulted in Cross-site scripting on the cheetah browser in any website.
    PUBLISHED: 2021-04-13
    The Motorola MH702x devices, prior to version, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker.
    PUBLISHED: 2021-04-13
    A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version, that could allow unauthorized access to the driver's device object.
    PUBLISHED: 2021-04-13
    A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version, that could cause systems to experience a blue screen error.