APWG Cybercrime Report: More Brands Menaced by Phishing

Some Targets Savaged by Phishing Attacks Several Times a Week in the First Half of 2013

Business Wire

SAN FRANCISCO--(BUSINESS WIRE)--

The APWG is reporting in its latest Global Phishing Survey: Trends and Domain Name Use study that an increasing number of brands and their users have been targeted by phishers. The number surged nearly 20 percent between the second half of 2012 and the first half of 2013.

The study, released at the APWG’s annual conference in San Francisco, found that criminals targeted 720 brands, an increase of almost 18 percent from the second half of 2012. Many brands were attacked several times a week on average, with eighty brands attacked 100 or more times each during the 26-week period. Half of the targets were attacked one to three times during the period.

“This increase shows that phishers are looking for new opportunities, and new victims," said Rod Rasmussen, President & CTO of IID, and a co-author of the study.

APWG analysts found that PayPal was again the world’s most-targeted institution for phishing attacks, with some 18 percent (13,498 attacks) of all campaigns directed against the company and its users in 1H2013. Taobao.com, the Chinese shopping site, was second-most-attacked in the survey period with 9 percent (6,605) of recorded phishing attacks.

Of the 53,685 phishing domains identified, the authors found 12,173 domain names that they believe were registered maliciously by phishers--double the 5,835 found in 2H2012. This increase is attributable to a sudden increase in domain registrations by Chinese phishers. Of these malicious registrations, at least 8,240 (68%) were registered to phish Chinese targets—services and sites in China that serve a primarily Chinese customer base. The phishing sites used domain names purchased at both Chinese and American registrars, and were hosted in China, the United States, and elsewhere.

“A large portion of phishing attacks used domain registration, hosting, and payment processing companies in different countries,” said Greg Aaron, President of Illumintel Inc., and a co-author of the study. “As a result, everyone ended up losing--except the phishers. It’s a reminder that timely, international cooperation in the private sector is needed in order to combat e-crime.”

The full text of the report is available here:

http://docs.apwg.org/reports/APWG_GlobalPhishingSurvey_1H2013.pdf

Other highlights of the report include:

  • Vulnerable hosting providers are inadvertently contributing to phishing. Mass compromises led to 27 percent of all phishing attacks.
  • Phishers continue to take advantage of inattentive or indifferent domain name registrars, registries, and subdomain resellers. The number of top-level registries is poised to quintuple over the next two years.
  • The average and median uptimes of phishing attacks are climbing.

About the APWG

The APWG, founded in 2003 as the Anti-Phishing Working Group, is the global industry, law enforcement, and government coalition focused on unifying the global response to electronic crime. Membership is open to qualified financial institutions, online retailers, ISPs and Telcos, the law enforcement community, solutions providers, multi-lateral treaty organizations, research centers, trade associations and government agencies. There are more than 2,000 companies, government agencies and NGOs participating in the APWG worldwide. The APWG’s www.apwg.org and education.apwg.org websites offer the public, industry and government agencies practical information about phishing and electronically mediated fraud as well as pointers to pragmatic technical solutions that provide immediate protection. The APWG is co-founder and co-manager of the Stop. Think. Connect. Messaging Convention, the global online safety public awareness collaborative www.stopthinkconnect.org and founder/curator of the eCrime Researchers Summit, the world’s only peer-reviewed conference dedicated specifically to electronic crime studies www.ecrimeresearch.org.

Contact:
APWG
Peter Cassidy, +1 617-669-1123
pcassidy@antiphishing.org
http://www.antiphishing.org
or
IID
Andrew Goss, +1-253-444-5446
pr@internetidentity.com
or
Illumintel Inc.
Greg Aaron, +1-215-858-2257
greg@illumintel.com

Rates

View Comments (0)