Criminals maliciously registered more domain names in the second half of 2013 than at any time since 2007, a new report says. And Chinese criminals seeking to steal payment account information from Chinese consumers accounted for about 85% of those registrations.
Criminals using the web to steal consumers’ payment account information increasingly have Chinese online shoppers in their crosshairs, according to a new report.
Those criminals utilize a technique called a phishing attack in which send e-mails made to look legitimate and try to get unwitting consumers to click to a phishing site to update their payment account information. Criminals then usually either sell that information to other criminals or use it to make fraudulent purchases.
Globally, criminals attempted phishing attacks from 82,163 different domains in the second half of last year, according to the report from the Anti-Phishing Working Group, a nonprofit organization that provides information on Internet fraud. The group says it believes criminals maliciously registered 22,831 of those domain names, with the remainder being sites that were hacked or compromised.
The number of maliciously registered domain names is 291% more than the 5,835 maliciously registered domain names in the second half of 2012, and is the most since the group began its semiannual surveys in 2007. Roughly 85% of those maliciously registered domain names stemmed from Chinese criminals targeting Chinese consumers, the group says.
Overall, the number of phishing sites that attempted to steal consumers’ payment account data jumped 58.9% in the second half of last year, compared to the previous six months, according to report. But compared to the second half of 2012, the number of sites fell 5.4%.
The report notes that there were at least 115,565 unique phishing attacks worldwide in the second half of 2013, down 6.4% from 123,486 during the same period a year earlier. The group defines an attack as a phishing site that targets a specific brand or entity.
The report also found that of the 681 targets that criminals phished in the second half of the year, 324 of those were not similarly attacked in the first half of 2013. That’s an unusual amount of turnover, the report says, which shows criminals are trying out new targets at an “alarmingly accelerated new tempo.”
“Phishers appear to be looking for companies that are newly popular, have vulnerable user bases, and/or are not ready to defend themselves against phishing,” says report author Greg Aaron.