The decrease is fueled by a decline in the number of traditional banks. Researchers speculate  that this trend could be fueled by the financial crisis, or perhaps improved security measures when users login to “real” banks online is playing a role. Make no mistake however, hackers aren’t slowing down. They seem instead to be targeting Online Payment institutions instead as reflected in the rise of attacks over the last 18 months.

To further reinforce the movement toward Online Payment institutions, PayPal is mentioned in two of the top five subject lines from this year. (PayPal is included four times if you extend the list to the top ten slots.)

• Attention! Votre compte PayPal a ete limite!, 24%
• Important Information Regarding Your Limited Account, 7%
• PayPal® Account Review Department, 2%
• Account Security Measures, 1%
• Citibank Alert: Additional Security Requirements, 1%

Along with the change in volume, phishing attack origins have shifted dramatically this year. Russia takes the top spot, and they weren’t present on the list last year; Turkey, Ukraine, and India are new as well. Spain and Italy sat in the top slots last year, but Spain has completely disappeared along with Israel, France, and Germany who were smaller yet valid players in ’08.

The top 10 for 2009 include:

The net of these changes lay the groundwork to support foundational changes to the cyber community ecosystem are coming. Researchers are concerned that the decline in phishing attempts simply means that hackers are redirecting resources to other methods that obtain the same (or better gains) that phishing once achieved.

Security experts believe social networks like Twitter and Facebook are targeted because of the sheer number of users. Defacement is the most common motivation for ego-driven hackers, and these high traffic, high involvement communities are a great way to disrupt many victims at once.

A study by Webroot sheds light on a few other reasons why social networks make a ripe targets for hackers.

• 36% of social networkers admit they don’t hide personal information
• 33% admit to using the same password for all of their online accounts
• 28% accept “friend requests” from strangers

With such a high percent of social networking users being unaware of the dangers, “hackers lure users into taking actions they shouldn’t by making it appear as if a friend within their social netowrk has sent them a message – only the message is from a hacker who has hijacked the friend’s account,” warns Mike Kronenberg CTO of Webroot’s Consumer Business division.

The technique described by Mr. Kronenberg is known as phishing, and it’s one of the most preventable ways hackers obtain access to confidential information. SQL injections, Cross-site Scripting (XSS), and Cross-site Forgery Requests (CSFR) are more covert, technical methods that hackers use to get the infomation they need.

“As a web service or SaaS provider, you can help protect your users from these attacks by hosting your applications in a secure environment. Users need to be savvy, and when they can’t stay up to speed on all the risks, community users should be weary and overly cautious at all times,” suggests Chris Drake, CEO of FireHost.

There are four million British identities for sale according to a weekend story from the UK’s Times Online. The compromised data contains highly sensitive, personal financial information like credit card details, bank account numbers, and PIN’s, and it’s all available to the highest bidder.

You may be wondering how such a large bounty of confidential information was collected, and what organization is responsible for the massive data breach. The startling answer is that no one is directly responsible for the leak; it appears everyday email users like you divulged their digits to these hackers.

“Most of the personal data has been gathered as a result of phishing. Unsuspecting victims hand over the information by e-mail to people posing as reputable sources such as banks or online stores. Other data has been stolen after criminals infect a person’s personal computer with viruses and then raid it for information,” the story states.

The truth is, you are the key component in protecting yourself from phishing attempts. Being smart, web savvy, and even leery about requests for personal information that show up in your inbox can help keep you protected.

In addition, there are sophisticated, spam-protection applications and appliances that can eliminate the bulk of the work for you by “sniffing out” phishy emails and preventing them from reaching your inbox.

The benefits of spam protection are two fold. Flagging and quarantining potentially dangerous email will make checking your email a more pleasant experience, and removing spam from your inbox can reduce the potential for having your identity ruined.

To learn more about FireHost’s unrivaled spam protection and other online security services, visit our secure web hosting add-ons page.

While the national economy suffers, the one run by identity thieves in the dark corners of the Internet isn’t hurting. In fact, demand and prices for stolen credit cards, Social Security numbers and other private information remain stable. The supply of confidential data is steady too, thanks to the way the recession has inspired new scams targeting people who are worried about work and their finances.

Alfred Huger, vice president of Symantec Security Response affirms, “There’s no pricing pressure at all — it’s not dropping, they’re not negotiating down, and that tells us that there are still the same number of buyers. The underground economy has not been affected by the recession.”

If the strength of the information theft economy doesn’t upset you, the meager price for which your personal information is exchanged should:

• Stolen credit card number, $0.06 – $30
• Access to a hijacked email account, $0.10 – $100
• Bank account credentials, $10 -$1,000 and scammers can reportedly cash out your bank account for 8%-50% of the amount they’re stealing!

The pipeline for stolen data is being replenished by phony “phishing” e-mails that are becoming more common as the economy worsens. In fact, Symantec has seen a startling 66 percent increase in the number of phishing Web sites in the last year.

Even if your identity hasn’t been compromised, you are probably feeling the affect of of these phisihing attempts on your inbox. Securing your email accounts with enterprise, level spam-stopping email protection can help protect your identity.

Click here to learn more about FireHost’s enterprise, level email solutions and spam protection.

While the software world has fought diligently to reduce the number of affective attack on the personal computer at home through anti-virus programs, hackers have turned their attentions to that which is most vital, but often not very well protected – the hosted website. A variety of tactics are being used by hackers against websites without regard to the size or industry of the business or organization. An American-based Internet security agency recently reported that Internet threats rose by two-thirds in April of 2009.

Many of these attacks are related to phishing -  the attempt to illegally acquire sensitive information from site visitors and internet goers. With login credentials and other information, hackers can mount attacks against an organization’s intranet, their website or their data with valid, stolen information. In some cases information can be solicited from the web hosting company itself, with a hacker posing as an employee of the company.

Also on the rise is a form of attack known as Denial or Service (DOS) or Distributed Denial of Service (DDoS) attacks. With a DDoS attack, unknowingly, users’ computers across the world can be under the control of a hacker. A hacker can cause hundreds to thousands of computers to hit servers that are hosting websites. This mass attack can cause servers to stop, crash or restart resulting in one to hundreds of websites going down. Most recently, there were 4 major attacks against web hosts. This strategy affected thousands of web hosting companies’ clients, taking thousands of websites and web applications offline. The affect of having your lead- or revenue-generating website offline for an extended period of time can be devastating.

Protection from human manipulation, DDoS attacks and other common Internet attacks can and should be handled at the hosting level by a secure hosting company. Human manipulation can be mitigated through change management protocol. Change management protocol requires a level of interaction to help prevent unauthorized access to hosting information from falling into the wrong hands. A secure, redundant network infrastructure, top-tier equipment and superior data centers will mitigate Denial of Service attacks from effectively bringing servers down.

Industry-leading, web host security means much more than just a firewall, more than just a system monitor that tells you when something goes wrong after the fact. Contact a FireHost agent now to see how FireHost‘s managed, proactive, secure hosting can protect you against a new rise in Internet attacks.