Digital Transactions Authoritative, insightful and timely information for payments professionals
The phishing trend, which took an ominous turn upward in the closing days of 2005, has grown even more menacing, with both the number of phishing-related e-mails and the number of Web sites hosting phishing attacks increasing by double-digit percentages in January, according to the latest report from the Anti-Phishing Working Group. The number of unique phishing e-mail blasts sent during the month hit 17,877, the most the group has recorded since it began tracking the Internet crime more than two years ago (a single e-mail campaign can involve tens of thousands of e-mail messages). That's up fully 17% from 15,244 in December and represents an increase of nearly 1,000 from the previous high of 16,882, set in November. Meanwhile, the population of sites set up by fraudsters as part of a phishing scheme continues to explode, reaching 9,715 in January, up 35% from December's 7,197, which was itself a huge increase from the previous high of 5,259 set last August. By contrast, the number of such sites a year earlier was 2,560. The number of reported e-mail campaigns was 12,845. Although the number of Web sites hosting so-called phishing-based trojans, or pieces of code used by fraudsters to steal passwords, PINs, and other confidential consumer information, declined to 1,100, the number of unique applications recorded by the APWG reached 184, another record, according to the group. The APWG is a consortium made up of payments networks, software companies, and law-enforcement agencies that tracks trends in phishing. The dramatic increase in phishing sites and unique phishing e-mail campaigns comes on the heels of news that phishing fraudsters have begun to rely on new methods of redirecting unwary Internet users from one bogus site to another in an effort to thwart efforts by authorities to shut down sites identified as hosting phishing attacks (Digital Transactions News, March 9). In phishing attacks, fraudsters send out large blasts of e-mails purporting to come from banks, merchants, or other trusted brands. The e-mails exhort recipients to visit fake sites dressed up to look like the real thing, where the visitors are asked to enter PINs, passwords, or other sensitive data. Some recent phishing campaigns have tried to exploit news that broke earlier this month of a huge breach of one or more databases containing debit card numbers and PINs. The breach has affected an estimated 600,000 cardholders and has forced more than 20 banks to re-issue cards. The phishing campaign purports to come from bank issuers in an effort to gull recipients into entering information to “secure” their accounts.
