SOURCE: MessageLabs, Inc.

October 21, 2008 06:00 ET

MessageLabs Offers Online Security Tips for Surviving the Credit Crisis

MessageLabs Intelligence Shows Spike in Financial Phishing Scams Targeting Bank of America and American Express

NEW YORK, NY and LONDON--(Marketwire - October 21, 2008) - MessageLabs, the leading provider of messaging and web security services to businesses worldwide, today announced that as the credit crisis worsens, there has been an increase in phishing attacks largely spoofing banks in September and October. Between August and September, phishing attacks rose by 16 percent and by 103 percent between September and October. The subject of the phishing attacks are national banks and global banks, smaller state banks and credit unions and online retail sites. As change prevails in the global banking system, scammers are taking advantage of the frenzy surrounding the mergers and bailouts by targeting Bank of America, Wachovia, Chase Manhattan and Washington Mutual and large UK banks like Lloyds, TSB and RBS.

On October 16, MessageLabs intercepted 7,000 phishing attacks exploiting Bank of America, 1.2 percent of phishing for that day, in a large, short-lived spike spanning 2 hours. On October 17, the same phishing emails more than doubled to 15,000 and continued through the weekend reaching 125,000 total emails, 16 percent of all phishing for the weekend until giving way to a large American Express phish run starting at 5 a.m. on October 20 and reaching 35 thousand emails for the day, 17 percent of phishing attacks detected on Monday. MessageLabs analysis of IP data determined that the Cutwail botnet, currently the largest botnet controlling more than one million active bots, is responsible for both scams.

"During a trying time like this when banks are making global headlines, we would expect spammers to latch on to the credit crisis to take advantage of vulnerable investors and anxious consumers who have been sorely affected by the events of the past few months and are looking for relief or a boost in confidence," said Mark Sunner, Chief Security Analyst, MessageLabs. "It's crucial that everyone is aware of potential threats and is educated on how to avoid falling victim to them."

Spammers are also raising their game by increasing the volume of spam offering mortgages, debt consolidation, credit counseling and other financial advice. To coincide with October's National Cyber Security Awareness Month, MessageLabs offers the following security tips to keep consumers and business users protected from financial scams:

1. Know that financial institutions will never require customers to share account information or other personal information like social security numbers online or via email. If you receive an email requesting this information, ignore it or report the incident to the appropriate authority, such as www.us-cert.gov/nav/report_phishing.html.

2. Avoid clicking on links in emails and Instant Messages, even if the messages come from someone you know. Instead, use browser bookmarks to place mark a commonly used site, or manually type the address into the browser.

3. Before entering credit card information online, make sure that the padlock and https is displayed in the browser. This ensures the security of the site. Reviewing the sites privacy and security policies is also recommended.

4. Be discriminating about information shared in the public domain such as on social networking sites. Keep personal information private and be careful about accepting connections. They may not really be who they say they are.

5. Protect passwords by not storing them on a browser and using different passwords for different sites so the bad guys won't be able to use the same password to access more than one account if the information does fall into the wrong hands. If you suspect you have been phished, change all passwords as soon as possible.

About MessageLabs

MessageLabs is a leading provider of integrated messaging and web security services, with over 19,000 clients ranging from small business to the Fortune 500 located in more than 86 countries. MessageLabs provides a range of managed security services to protect, control, encrypt and archive communications across Email, Web and Instant Messaging.

These services are delivered by MessageLabs globally distributed infrastructure and supported 24/7 by security experts. This provides a convenient and cost-effective solution for managing and reducing risk and providing certainty in the exchange of business information. For more information, please visit www.messagelabs.com.