Targeted Phishing Attacks Mounting Robustly

The latest data released by Anti-Phishing Working Group (APWG) revealed that phishers are using highly sophisticated tools, concentrating profoundly on targeted phishing campaigns.

Phishing experts at APWG stated that although the number of distinct phishing sites declined in Q2 2008, the number of targeted brands was constantly rising. In June 2008, 21,703 phishing sites were reported to APWG, following a decline of 11% from April 2008. It implies that phishers are increasing their investments in IT infrastructure and sophisticated marketing tools to launch more targeted phishing attacks.

The number of distinct brand-domain pairs decreased from 7,656 to 6,768 during April-June 2008. However, as per the figures, the number of URLs spreading crimeware rose to 9,529, an increase of 258% from the record at the end of Q2 2007. It is noteworthy that the brand-domain pairs count the different occasions on which a domain is used to target a particular brand.

The researchers have held the malicious codes, used in attacks led by SQL injection, to be chiefly responsible for this tremendous increase in crimeware activities. The number of sites spreading crimeware has become triple during the period extending from December 2007 to November 2008.

Dave Jevans, Chairman of APWG, stated that web-based e-mail sites and e-commerce are predominantly vulnerable to phishing assaults, but the companies and businesses related to financial service sector remain to be the prime focus of targeted attacks, as reported by CBR on December 9, 2008.

Dave further added that by exploiting the on-going economic turmoil, phishers are designing new scams to trick users into revealing their passwords and usernames on sites which purport to be popular troubled financial institutions.

China, Turkey and the United States were reported to be the top three countries serving as major sources of phishing sites.

According to Dave Jevans, since 2003, the year APWG commenced observing crimeware and phishing, there is a record continuous rise in the malicious activities of cyber crooks. While the phishing level is not expected to decline, the drastic boost in crimeware and the sites spreading them are adding on to the worries, as reported by MarketWatch on December 8, 2008.

Related article: TRUSTe Certified Websites May Still Contain Malware

» SPAMfighter News - 12/17/2008