Digital Transactions Authoritative, insightful and timely information for payments professionals
The number of unique e-mail campaigns sent as part of phishing frauds fell in August to 13,776, almost 400 fewer than in July and the lowest number since March, according to statistics released today by the Anti-Phishing Working Group, a consortium of payments processors, software vendors, and law-enforcement agencies that tracks the online fraud. But tempering the good news was a rise in August in the number of unique Web sites hosting phishing attacks, to 5,259, up 15% from 4,564 in July. This increase continues a steady trend in the proliferation of such sites, which numbered just 1,142 a year ago. “This may reflect an increasing tendency for phishers to target a diverse group of smaller brands, and also an increased use of multiple sites to host a single attack, in order to increase their resiliency to takedown efforts.” says the APWG in its latest report. Indeed, the number of brands mimicked by fraudsters in August hit 84, reflecting a willingness among phishers to attack a broad range of organizations. “APWG is seeing a wide diversity of brands being spoofed, very small financial institutions all over North America and Western Europe are steadily appearing,” says the report. In a phishing attack, criminals send e-mails tricked up with logos and slogans to look as if they come from legitimate organizations. The e-mails usually report some sort of “problem” with recipients' accounts, and urge them to visit a Web site to enter PINs, passwords, card numbers, and other sensitive data. The bogus site, hosted by the phishers, captures these data and uses them to loot accounts or commit identity theft. Another disturbing statistic is the number of sites hosting so-called keyloggers, malicious code that swipes passwords from unwary consumers. The population of such sites grew to 958 in August, from 918 in July. Only six months ago they numbered 260. Somewhat more encouraging was that the number of unique keylogger applications in circulation fell slightly to 168, from 174 in July. The average uptime for a phishing site in August was 5.5 days, with the longest reported duration at 31 days. The APWG, which has been tracking the phishing trend since November 2003, says a unique e-mail campaign is one in which all e-mails contain the same subject line.
