Avira has published a top list of brands that experienced the most phishing attacks in 2009. The top 3 brands according to Avira's chart are PayPal with 32205 threats followed by Chase Bank with 25901 threats and eBay with 18738 threats. Each threat in this case refers to a unique Internet address that was being used to phish data from users.
The most common form of phishing tries to lure users to a site that looks like the original but is not. Users who enter login information will submit the data to the attackers, and not the original service.
One interesting aspect of the chart is that Chase Bank and eBay battled it out for most of the year and that PayPal began its rise in December which Avira attributes to the Christmas season and the increased usage of PayPal in that season.
Several other brands experienced a lot of phishing attacks as well. Here is the top 10 list according to Avira:
- PayPal 32205 threats
- Chase Bank 25901 threats
- eBay 18738
- American Express 5202 threats
- Bank of America 4540 threats
- Abbey Bank 3978 threats
- IRS 3712 threats
- HSBC Bank 2762 threats
- Citibank 2265
- Facebook 2217
All of the brands in the top 10 with the exception of Facebook are brands related to the finance sector or shopping. It certainly is an interesting trend that the attackers were able to produce that many phishing websites in December alone to make PayPal rise to the top of the statistics. This highlights the importance of the Christmas / Holiday season in regards to phishing.
The statistics collected by other companies will probably differ marginally but it is likely that the top brands listed in the Avira list are also the top brands in their listings. PayPal users should be very cautious at the moment.
Update: If you are new to computers or just want a sure-safe way to identify phishing emails, try the phishing flow chart which can help you with that. It basically walks you through the process of identifying whether an email is legit or not. It covers all major aspects, including whether the email contains attachments or links, or if you know the sender of the email.