Digital Transactions Authoritative, insightful and timely information for payments professionals
Phishing hit an all-time high in March, with the number of reports of the online fraud reaching 18,480, according to the Anti-Phishing Working Group, which follows the trend. That's 603 more than the previous peak in January and more than 1,300 more than in February, the group reports. By way of contrast, the number of phishing reports?each of which concerns a unique online attack that can consist of tens of thousands of e-mail messages?recorded in March 2005 was 12,883, indicating a 43% jump in the monthly incidence of the crime since then. The population of Web sites hosting phishing attacks, meanwhile, has moderated somewhat, according to the APWG, a consortium of software companies, banks, payment networks, online merchants, and law-enforcement agencies. This number was 9,666 last month, up from 9,103 in February but down slightly from the peak of 9,715 in January. The number of such sites exploded in December, to more than 7,000, after running in the high 4000s and low 5,000s since June. The APWG reports the number of brands mimicked by phishing fraudsters dropped to 70 in March from 105 in February, but the group also says an unnamed bank “was the number-one phished company, by a large margin,” the first time in months that a single brand drew this much attention from fraudsters. “This would potentially indicate that the phishers have found a way to easily monetize the phished credentials for this particular financial institution,” the group says in its March report. “This bank may have a track 2 issue, allowing the phishers to create counterfeit ATM cards.” The banking sector generally accounted for 90% of phishing attacks last month, with Internet service providers accounting for just under 6% and retailers seeing almost 3%. Reporting on malware, or pieces of software code phishers plant on users' computers to log passwords, PINs, and other such confidential data, the APWG says the number of unique applications of so-called keyloggers also peaked in March, at 197, up slightly from February. The population of Web sites hosting this malicious code soared to 2,157, up from 1,678 in February and more than 200 over the previous record, set in December. The APWG has also noted in its recent report an increase in so-called traffic redirectors, or code that programs victims' computers to automatically visit bogus sites, regardless of what address users type into their browsers. “This is particularly effective because the attackers can redirect any of the users' requests at any time and the end users have very little indication that this is happening as they could be typing in the address on their own (a 'best practice' of some time and standing) and not following an e-mail or instant-messaging lure,” the March report says.
