News

Report: Smaller institutions targets of 'puddle phishing'

June 14, 2005

SAN DIEGO - Websense Inc., a provider of employee Internet management solutions, announced June 14 in a news release that phishing scams are increasingly being directed at smaller, more targeted groups, including local banks and credit unions.

The company coined the term "puddle phishing" to describe the phenomenon of targeting customers of small financial institutions.

Websense Security Labs reported that it has seen a growing number of small credit unions targeted by puddle phishing scams - more than 30 since the beginning of the year.

"In the past, phishers focused on mainstream consumer Web sites with millions of users, but now the targets are becoming much smaller and more localized," said Hubbard. "By targeting a bank with just a few branches, the number of potential phishing prey is reduced to a much smaller number, sometimes to just a few thousand people.

"Nonetheless, the fact that we are seeing more and more of the smaller financial outlets being targeted by phishing attacks may indicate that this is a highly profitable scam."

Although the specific size of the financial institution being targeted is a new phenomenon, the phishing method used by the attackers has not changed.

The typical phishing e-mail is still delivered as if it were from a legitimate FI and contains a message that threatens users' accounts are being deactivated, blocked or will be restricted in some way if they do not update their personal account information.

End-users are instructed to visit a Web site where they are prompted to enter confidential information such as ATM PINs, credit card numbers, Social Security Numbers and e-mail addresses.