The Internet scam known as phishing continued to grow in June, jumping 19% from May to 1,422 unique attacks, according to The Anti-Phishing Working Group, which tracks the fraud. Attacks have increased at an average monthly rate of 52% since the group began keeping statistics last fall. For the third straight month, the company whose brand was most often hijacked by phishers was Citibank, with 492 attacks in its name, up 33% from May. Online auctioneer eBay was second, with 285 attacks, while U.S. Bank came in third with 251, up 50%. U.S. Bank is one of the fastest-growing targets for phishers. Another is Fleet Bank, whose brand was used in 55 attacks, up 67%. The APWG defines a unique attack as a single e-mail blast transmitted at one time, swiping the brand of one company or organization, and featuring one unique subject line. Since fraudsters have begun to use multiple subject lines in a single attack to get their messages through corporate spam filters, the trade group says its figures for unique attacks may be “slightly overestimated for some companies, particularly the top targets.” The APWG's statistics for June were published in a report released today. More phishing sites are hosted in the U.S. than anywhere else, at 27%, but many are now found in the Asia/Pacific region. The APWG speculates this may have come about because the differences in time zones coupled with language barriers make it harder for financial-services companies and other targets to shut the sites down. The group estimates that about one-quarter of phishing sites are hosted on hacked servers, without the knowledge of their owners. The average life span of a phishing site?defined as the period of time it continues to respond with content?was 2.25 days in June, with the longest-lived site reported at 15 days. The APWG suggests law-enforcement agencies may be able to make progress against the scam by tracing the flow of data. It reports that most information captured in phishing scams?some 94%–is stored on the same server that hosts the bogus site rather than sent to another server or e-mail address. The criminals then periodically retrieve the data from the site. “The next step in following the money trail,” the group's June report says, “is to trace from what location phishers are logging into phishing site servers to transfer the data.” In a phishing scam, criminals gull consumers into entering confidential account data by sending them e-mails that fool them into thinking the messages are from legitimate companies, most often financial institutions and retailers. The messages usually direct the recipient to a bogus Web site, where the passwords, personal identification numbers, and other data are collected. The APWG was formed last year and includes companies and law-enforcement organizations among its members, which include eight of the 10 largest U.S. banks and four of the five biggest Internet Service Providers.
Check Also
Eye on Point of Sale: PushX Hospitality Debuts; SurgePays Completes PAX Integration
Hospitality platform provider PushX Inc. will launch its new mobile-payments and offers platform with a …