New Delhi: India along with the US and UK
accounted for 70 percent of the brands targeted by phishing
in April, says a global survey.
RSA, the security division of EMC, in its May Fraud
Report said the US accounted for 42.5 percent of brands
targeted by phishing, followed by UK (19 percent) and India
Worldwide as many as 17,376 attacks were launched in
April, a fall of barely 1 per cent as compared to March and
the number of brands attacked also dropped by 12 percent.
However, with nearly identical number of attacks and fall
in number of brands attacked, means that even though fewer
brands were attacked a larger portion of them suffered a
higher number of attacks compared to March.
RSA said in April, 301 brands were targeted by phishing
attacks worldwide, out of which eight endured their first
According to RSA, the most common way fraudsters operate
is to use stolen credit cards to purchase airline tickets, an
industry which has lost nearly USD 1.4 billion in 2010 due to
online payment fraud.
Another way that is generally used is to secure access to
consumers` loyalty and rewards program accounts and cash out
available points in exchange for travel vouchers.
"RSA has witnessed multiple phishing attacks recently
targeting airline customers with the goal of obtaining their
login credentials in order to monetise their reward points,"
the report said.
Vast amount of personal and financial data of airline as
well as hospitality industry customers are now being stored
online and cyber criminals are taking advantage of this to
exploit the industry and its customers, the report added.
The US, UK, Germany and Canada hosted over 80 per cent of
all phishing attacks in April.
"Since March, 2010, the countries that have consistently
hosted the highest portions of phishing attacks have been the
US, UK, Canada, Germany, France, Russia, and South Korea," the
report said, adding that over the past year, the US and UK
have absorbed a combined average of 65 per cent of the
Phishing is a way to acquire sensitive information like
usernames, passwords and credit card details by posing as a
trustworthy entity in an e-communication.