Two of the ones I found somewhat surprising were shortened URLs (since fraudulent URLs look just like legitimate URLs when they’re shortened); and malware coming through sites with tricky URLs that look authentic but aren’t (like International Domain Names).

Scareware and computer hijacking are still on the list and probably always will be. Same song, different verse. It’s a fluid scheme, changing from season to season, but the motivation remains the same.

Another one we’re looking at? It isn’t part of the top 5, but its implications reach far and wide. Healthcare security. With more and more ways to manage health information online, that’s sure to be a target for breach in the near future.

When it comes down to it, hackers are as motivated by the laws of supply and demand as the free market is. Just as legitimate businesses look for new ways to earn income and meet needs, so do hackers. As long as there is money to be made, hackers will continue to find new methods to steal it.

Our job is to beat them at their own game – anticipating their next steps, preventing their success, and defending our clients’ information and assets.

They could approach it the way AT&T did when they realized that 3% of users (iPhone owners) exploit 40% of bandwith – AT&T started looking for ways to discourage iPhone users from accessing the data services they so love. Instead of using the situation to build business and expand services (which is what any strategically driven company would do) AT&T looked for ways to hamstring their customers.

Banks could take the same approach, right? Encourage their customers to use online banking less. Scale back online services. Provide second-rate security. Promote fear in their customers.

Of course, that would mean technological dinosaurs that take the path of least resistance would inevitably lose customers to banks that provide the online services their customers want. Penalizing users for creating business process conundrums does nothing but propel corporations into decline.

So maybe, in an ideal world, banks might think to increase security to keep up with online threats. Novel idea, right? In fact it is, in a way. As online risks have grown, the majority of banks have done little to keep up with the threat level. Sometimes it’s easier from an operations perspective to reimburse money lost through identity fraud than it is to actively protect against it.

Come on, folks. Are we really lazy enough to believe that doing nothing and suffering attack is better than proactively adopting solutions to protect our customers? Check out Tricerion’s SafeLogin. It’s simple. It’s elegant. It’s easy from the bank’s side and seamless to the user.

Don’t make the mistake AT&T did. Move with the market. Take the lead. Get your groove on.