Phishers Compromise a Huge 81% of Legitimate Websites for Phishing

APWG (Anti-Phishing Working Group) through its latest research has discovered, of all domain names that are employed for malicious phishing, as many as 81% are legal that fraudsters have compromised.

In fact, according to APWG, of the total number of 30,454 phishing domains that APWG has been monitoring, phishers registered merely 5,591 domains. Another small number of phishing domains belonged to subsidiary domain resellers like ISPs or other services that rely on Web activities.

States APWG that phishing typically occurs on Web servers that have been compromised. According to it, the phishers host their fraudulent sites on these servers, while the operators of the sites get to know nothing about the happenings.

This technique therefore enables phishers to have free hosting, while efforts to shutdown the hosting account or domain name results in complications as it also adversely affects the site of the legitimate user. Typically, phishing through a site that has been compromised occurs within a subdirectory or on a subsidiary domain, where the operator of the site or visitors cannot easily notice the phishing activity.

Additionally, the reports states that in 13% of phishing assaults, phishers employed domains that they themselves created, while in 11% of incidences, sub-domains were used.

Moreover, during July-December 2008, about 6,340 sub-domains were employed to conduct phishing, a rise from 4,512 during January-June 2008.

Further, phishers keep on capturing specific Top-Level domains (TLDs) as well as specific registrars for domain names, while changing their choices from time to time. Approximately 57,000 phishing assaults globally attacked a particular organization or brand, a rise from about 47,300 during January-June 2008.

Also, the total of Internet numbers and names that phishers use has remained more or less constant during 2007-08. Phishers are as well closely watching for what do and do not trick users into falling for their ruses. Interestingly, fewer phishing attacks based on distinct IP addresses are being waged.

Meanwhile, according to a new advisory from APWG, users should determine the authenticity of the outside party, which warns that a particular site is compromised and that they need to investigate it for the arrest of future compromises.

Related article: Phishers Expand Their Sphere of Attacks

» SPAMfighter News - 6/6/2009

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Press Releases - IT Security News

Go back to previous page
Next
-->

Products

SPAMfighter
SLOW-PCfighter
FULL-DISKfighter
DRIVERfighter
VIRUSfighter
SPYWAREfighter
Anti spam / Anti virus business solutions

About

Company
Contact us
Press room
Support
Blog
Sign up for newsletters

Partnerships

Become a partner
Become a reseller
Find a reseller
Become an affiliate
White Label Software

Social media

Facebook
Twitter
Youtube
LinkedIn
© SPAMfighter 2003-2025    All rights reserved.    Privacy Statement    Sitemap