April 2007 Saw a Two-fold Jump in Phishing Sites

As per a report by the Anti-Phishing Working Group (APWG), an industry association, April 2007 saw a two-fold increase in the volume of unique phishing websites. It rose from 20,871 in March 2007 to over 55,640 in April 2007, as per the reports by April phishing Activity Trends.

Phishing is a method of online identity theft where consumers' personal detail and financial statements are pilfered. By using social-engineering schemes (which uses "spoofed emails"), they lead the customers to fake websites designed to dupe users into disclosing financial data such as account usernames and passwords.

Researchers at Mark Monitor, an Internet fraud prevention firm, said in a statement published by ZD Netco.uk on May 24, 2007 that the rise was owing to the fact that phishers were putting large number of phishing website Uniform Resource Locators (URLs) on same domain, a trick first seen in autumn 2006.

Laura Mather, senior scientist, MarkMonitor, said in a statement reported by ZDNetco.uk on May 24, 2007, that they have seen instances where phishers would put thousands of Uniform Resource Locators on a same domain. Phishers do this as they want to get around website blocking that Fire fox 2 and IE have deployed.

April 2007 also witnessed that more brands attacked belonged to non-financial category, including VOIP, social networking and many big web-based e-mail providers. Consequently, the number of brands being attacked rose to 174, as per APWG. It also states that the financial institutions are still highly popular with cyber criminals with 92.5% of harmful sites against them. APWG noted that US banks are the most-targeted brands. Moreover, two topmost banks have been attacked for atleast two consecutive months.

In April 2007, the list includes many large European banks, which comprises of seven of the most targeted 20 brands of European banks. Also, a Canadian financial institution made its place in the top 20.

On May 23, 2007, APWG announced that it would provide a central database, which will start in July 2007 and will enable the organizations from all over the world to share information on e-mail phishing scams.

Related article: April malware List Has New Detections

» SPAMfighter News - 6/4/2007