Fishing through the email traps, RSA’s Anti-Fraud Command Center in Israel has generated some interesting metrics
The UK attracts more phishers than anywhere else in the world, according to RSA, and it’s the leader by quite some way, largely because of how strong the pound is.
Speaking at the RSA Anti-Fraud Command Center (AFCC) in Tel Aviv, Israel, EMC’s security arm RSA estimated that in 2012 phishing attacks on the UK acquired $615,243,744 (£390m) for the attackers. That’s well over twice as much as in the US, where they made $245,476,572 (£155m).
RSA got these numbers by using what it claimed are accepted industry figures which suggest every hour a phishing attack is live, the affected bank loses $300 (£190). The industry reckons the median life span for a phishing attack is 11 hours 45 minutes, so every phish equals a loss of approximately $3,500 (£2,216). To get to its $615m (£389) figure for the UK, RSA just took the number of attempts it saw during 2012 and did the maths.
Phishing crooks cashing in
How has such a small island become the phishing capital of the world, one where phishing victims lose almost three times as much as the US which has over three times the population? According to Linor Kessem, technical lead for knowledge delivery at the AFCC, it’s largely because of how comparatively strong the UK currency is.
“It’s just worth it,” she told TechWeekEurope. “All these other currencies are just not as good. “Most fraudsters are from countries where the currency is way, way lower.”
There are other reasons for the phishing fun that goes on in the UK, of course. High internet usage is another factor. What about British gullibility though? Do we simply simply fall for scams easier than others?
No, it’s simply that crooks want to get at British banks so badly, they’ve honed their phishing attacks accordingly, says Daniel Cohen, head of knowledge delivery at the centre. “It’s very easy to be gullible today… they create spitting images of legitimate websites.”
Perhaps what is most concerning, for British law enforcement at least, is these phishers have connections. While many of them operate outside of the UK border, RSA knows they are working with crooks inside Britain to pilfer money from banks. They aren’t just lowly money mules for foreign crooks, they’re doing the attacks themselves, Kessem says.
“It’s really interesting. Although there are a lot of criminals from the outside always going after banks, consumers and money in general, in the UK they need insiders, who really do the bulk of the work there,” she adds.
This story first appeared on TechWeekEurope. Read the full story here.