UK Phishing Attacks Tripled In 2012

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

The UK is one of the hottest targets for phishing in the world, even though it is tiny compared to other nations

The UK remains one of the most attractive targets for phishing, as in 2012 it saw a threefold jump in attacks on people and businesses based in the country.

Approximately 3,000 individuals were targeted by a phishing attack every day in 2012, compared to 1,000 the year before, according to Kaspersky analysis on 50 million of its users.

The global level of phishing has risen too, with 102,100 people targeted worldwide each day in 2012, twice as many as in 2011, according to  Kaspersky’s report, The evolution of phishing attacks 2011-2013 . Last year saw 37.3 million users affected by phishing attacks, up 87 percent.

UK gone phishing

PhishingThe UK is a hotbed of phishing activity; it is one of the most targeted nations and hosts much illegal activity too. Russia remains the most attacked nation, where 19,000 users were hit by phishing every day, whilst the US is the number one hoster of phishing operations.

Yet the UK is the world’s second biggest hoster, with a 6.69 percent share of the global illicit market. There was a 192 percent growth in the UK in terms of numbers of identifiable attack sources.

Phishers in the UK are most interested in acquiring Facebook details of their targets, followed by Yahoo, Google and Amazon account details.

In February, security firm RSA told TechWeekEurope the UK was losing more money to phishers than any other country – an estimated $615,243,744 in 2012.

David Emm, senior security researcher at Kaspersky Lab, told TechWeekEurope the conditions in the UK made for a perfect storm for phishers, who have a good pool of Internet users to attack and an attractive currency.

Emm pointed to the reliability of English hosting services too, providing decent systems on which to base attack infrastructure, often from abroad.

“One of the problems is that you have a global economy which means someone in Brazil or Russia can target potential victims here in the UK.,” he added.

“There are some zones where regulation isn’t as tight, making it easier for attackersto set up and use semi-legitimate or not legitimate hosters.”

Yet the UK police are getting good at locating and apprehending phishers. In April, jail sentences were handed out to three individuals who stole a woman’s £1 million life savings.

Earlier this month, three men were imprisoned for carrying out a phishing scam that could have netted them well over £59 million. It was believed to have been the biggest ever phishing operation encountered by UK police.

Emm believes cracking down on phishing can be helped by letting ISPs and police gain more understanding of what is happening across Internet infrastructure. But a balance had to be fonud between invading privacy and boosting security, Emm said, and that’s tricky.

“ISPs do scan stuff but there are limits…. the law isn’t that clear cut,” he added.

What do you know about Internet security? Find out with our quiz!