Phishing, the social engineering attempt to acquire information (usernames, passwords, credit cards or money) by masquerading as a trustworthy entity, is on the increase. According to RSA, there has been a 19% increase in phishing worldwide for the first half of 2012. Canada saw the most notable increase in phishing attacks, up 400% for the first half of 2012.
RSA estimates the total losses associated with phishing for 2012 is US$687 million, a 32% increase in losses when compared with the same span in 2011. The data indicates that the duration of an attack has gone down, though the number of attacks has gone up. Had the attack duration median stayed the same, the losses would have been even higher.
RSA shares why phishing continues to be so successful:
"When it comes to phishing, cybercriminals rely on persuasion in getting a victim to act on emotions such as anxiety or excitement.
Every phishing attack is built with emotional triggers. Intended readers have to be convinced that they need to visit the URL for a reason valid and credible enough to cause them to impart their credentials and personal information."
There are many common tactics outlined by RSA, though the most common tactics all rely on an element of trust. Attacks are on the increase because cybercriminals continue to pick up speed and improve their tactics; as an enterprise, be sure to include training on how to spot phishing attacks in your security training.