Recent Spam Phishing Trends and Targeting Free Online MMORPG Users

by Christopher on June 10, 2011

With the release of the Kaspersky Lab May 2011 internet security report, we’ve seen a slight dip in the use of phishing ploys in spam email messages. While the global spam rate rose 2.1 percentage points from April to May, to 82.9 percent of all email traffic worldwide, phishing attempts dropped to 0.02 percent of all email. This represents a 0.01 percent decline from the previous month.

Although it’s typical to see minor fluctuations in phishing rates from month to month and year to year, a major new trend in phishing scams surfaced in May with the new appearance of RuneScape on the top 10 list of sites most targeted by cybercriminals engaged in phishing.

RuneScape, a free mass-multiplayer online role-playing game (MMORPG), made an impressive debut on the list in the third position. Though the paid subscription-based MMORPG World of Warcraft often appears on the top 10 list (just making it on in the tenth slot in May), this is the first time a free MMORPG found its way on to the list. A staggering 4.67 percent of all spam emails containing phishing ploys targeted RuneScape users, seeking their passwords.

The heavy decline in phishing ploys targeting World of Warcraft players observed recently is primarily attributed to Blizzard’s work behind the scenes to safeguard its customers.

Meanwhile, PayPal remains the undisputed leader in companies targeted by phishers. In May, it sat in its usual spot of first place on the top 10 list. A whopping 62.24 percent of all phishing spam duplicitously sought to obtain PayPal email addresses and associated passwords.

Immediately preceding RuneScape, in second place, eBay was targeted by 6.26 percent of phishing spam email messages. The online banking system Santander came in fourth place in May, targeted by 4.05 percent of phishing spam, and Facebook rounded out the top five with 2.60 percent of phishing spam targeting its users.

As always, approach unsolicited email with extreme caution and skepticism. Never click on links provided in email messages; go directly to a company’s website by typing its URL into your browser’s address bar. Remember that legitimate business correspondence won’t request private information, such as passwords, credit card numbers, account numbers or other sensitive data, via email. If you’re unsure whether a certain email is legitimate, contact the purported sender directly–and obviously not by responding to the email in question–to verify it.

Posted in: Phishing

Previous post:

Next post: