Digital Transactions Authoritative, insightful and timely information for payments professionals
Phishing fraudsters were exceptionally busy in June, with a near-record number of unique online attacks hitting consumers' PCs during the month, according to the latest report from the Anti-Phishing Working Group, which tracks the fraud. The group recorded 28,888 unique phishing reports, up 23% from May and just shy of the all-time high of 29,930, reached in January. Other indicators headed in a positive direction. The population of Web sites hosting phishing attacks dropped for the second month in a row, to 31,709, after hitting a record 55,643 in April. The June number, however, is roughly triple the number of sites recorded by the APWG in June 2006. The APWG sees technology foiling at least some new phishing tactics, such as the use of multiple URLs attached to a single domain. Fraudsters have lately exploited this technique to get around filters that block certain URLs known to be fraudulent. The tactic has also resulted in a barrage of URLs used in phishing attacks. “Since April, we have seen a continued decrease in the average number of URLs used to target each brand,” Laura Mather, managing director of operational policy at the APWG, says in the report. “The number of URLs per brand is still high compared to this time last year, though, indicating that technologies like browser blocking and blocking phishing e-mails at the inbox continue to be successful.” Some 146 brands were used by phishing fraudsters in June, down slightly from May. In phishing campaigns, fraudsters use e-mails purporting to come from well-known consumer brands, usually those of banks or e-commerce merchants, to gull unsuspecting consumers into visiting bogus Web sites and giving up sensitive information. Recent months, for example, have seen a rash of phishing attacks purporting to be e-mail greeting cards and inviting recipients to click on links to receive the “greeting.” The month was a quiet one for keyloggers and other such malware, which fraudsters use in phishing attacks to steal PINs, passwords, and other confidential information. The number of unique keylogger applications rose only slightly, to 222, while the population of sites hosting malware fell to 2,660 from 3,353.
