Small Banks Become New Phishing Targets

In the seemingly endless world of security threats, yet another cause for concern has emerged. In June, Websense, a provider of employee Internet-management solutions, released a statement saying that phishing scams are increasingly being directed at smaller, more targeted groups, such as local banks and credit unions, a practice it calls "puddle phishing."

Traditional phishing is when spammers send users official-looking e-mail messages to request such data as social-security numbers or passcodes, and threaten to deactivate, block or restrict users' accounts if they do not update their personal information. Until now, the practice has largely been directed at customers of large, multinational banks. But according to Websense Security Labs, which reports on Internet security threats, the number of small credit unions targeted by puddle-phishing scams have tallied more than 30 since the beginning of the year. At least one of the community banks targeted has only 11 branches, while another puddle-phishing attack targeted a credit union that serves employees and staff of the White House.

Dan Hubbard, senior director of security and technology research at Websense, says that even though smaller banks don't have a high volume of customers, the puddle-phishing attacks are working. "The fact that we are seeing more and more of the smaller financial outlets being targeted by phishing attacks may indicate that this is a highly profitable scam," Hubbard said in a statement.

The similarity of puddle-phishing attacks to large-scale attacks suggests that the phishers might be sharing tools, or that a small number of offenders is behind the puddle-phishing incidents, Hubbard believes.