A second wave of attacks began midday Friday after much of the eastern United States was affected in the morning. Sites affected included Etsy, ...
A report finds that the number of brands attacked rose in the second quarter.
Criminals are deploying more targeted ways of using legitimate brands on the Internet to trick consumers into revealing their confidential payment account information, such as account numbers and passwords, the Anti-Phishing Working Group, or APWG, says in its latest Phishing Activity Trends Report, which covers the second half of 2010.
Phishing attacks are efforts by criminals to make an e-mail or web site look like that of legitimate brands to typically try to convince unwitting consumers to click to a phishing site to update their payment account information. Criminals then usually either sell that information to other criminals or use it to conduct fraudulent purchases.
The APWG report notes that the number of phishing attacks actually declined by 6% in the second half of 2010 compared to the first half, but that there were increases in both the number of brands attacked and the number of brand-domain pairs, which indicates the number of unique URLs that occur per domain. For example, if several URLs target a brand but are actually hosted on the same domain that brand-domain pair counts as one instead of several. That means that two phishing sites like myhackedserver.com/bankOfAmerica and myhackedserver.com/BankOfAmericaSecurityUpdate would count as a single brand-domain pair while two other sites, say myhackedserver.com/bankOfAmerica and someotherwebsite.com/bankOfAmerica would count as two. That's because once a hacker compromises a domain, he often hosts multiple unique URLs to attack a single company's customers and hosting multiple URLs on a single domain can help defeat anti-phishing filters. By compiling data on the number of brand-domain pairs, the APWG shows whether criminals are trying to attack brands with more or fewer fraudulent web site domains.
In this case, the data show an increase thatindicates phishers are attempting to attack brands more effectively, the APWG says. “This data suggests that phishers are utilizing more targeted tactics in order to achieve a better return on investment on their phishing campaigns,” says Ihab Shraim, chief security officer and vice president, network and systems engineering, for online security technology provider MarkMonitor and a contributing analyst to the APWG Trends Report.
As of last July, the report notes there were more than 30,000 detected phishing web sites, and nearly 11,000 unique brand-domain pairs, worldwide.
The report also notes that as of July Sweden accounted for the largest share of hosted phishing sites in the world, at 53.64%, followed by the U.S. at 30.71%. The report lists eight other countries—Italy, Germany, the United Kingdom, Canada, France, Republic of Korea, China and Brazil—as phishing site hosts. But the report says that none of these eight countries accounts for more than 2.32% of phishing sites.