By Jim Daly
n
Phishers are casting their lines at more brands in hopes of luring Internet users into divulging data that they can use fraudulently, according to a new study from the Anti-Phishing Working Group (APWG). According to the study, which covers the first half of 2013, criminals targeted 720 brands, up almost 18% from 611 in 2012’s second half.
n
PayPal Inc., a perennial phisher favorite, was the world’s biggest phishing target, having sustained 13,498 attacks, or 18% of the total of 72,758 attacks worldwide the APWG estimates to have occurred during the year’s first six months. Next was the big Chinese online marketplace Taobao.com, which sustained 6,605 attacks, or 9% of the total. By industry, financial companies sustained 60% of the attacks—40.4% by banks and 19.6% by money-transfer companies. The top 80 targets sustained 100 or more attacks during the period.
n
The basic modus operandi of phishers is to send mass emails in the name of a financial institution or other company to consumers, asking them to divulge account information such as user names and passwords and often directing them to spoofed versions of the company’s Web site. Many such fake sites have improved in appearance over the years. Other emails are aimed at company employees in hopes that a worker, thinking it is legitimate, will give up account-access credentials or other sensitive information.
n
The increase in targeted brands indicates that phishers are looking for more opportunities, according to the Cambridge, Mass.-based APWG. Phishers also are spending more time on their attacks, which hit historical lows in early 2013. The average uptime of an attack in 2013’s first half was 44 hours and 39 minutes compared with 26 hours and 13 minutes in last year’s second half. The median uptime in 2013’s first six months was 12 hours and 52 minutes, more than twice the historical low median of five hours and 45 minutes a year earlier.
n
Some key phishing statistics have declined this year, but they are no reason to rest easy, according to Rod Rasmussen, co-author of the study and president and chief technology officer of Tacoma, Wash.-based Internet Identity, which monitors data-security threats on the Web. The nearly 73,000 attacks were way off from 123,476 in 2012’s second half, mainly because of fewer attacks on so-called shared virtual servers that compromise multiple domains, or Internet identification labels, all at once because they’re operated from one server. Correspondingly, the number of phishing attacks on unique domain names fell to 53,685 in the first half from 89,748, mostly because of reduced virtual-server hacking.
n
But these mass attacks remain plentiful enough to potentially do lots of harm. Some 115 break-ins resulted in 19,455 phishing attacks in the first half, or 27% of the total. The APWG believes most shared virtual-server hacking originates with one Eastern European gang whose members are well-schooled in computers. “It’s not trivial to do, you have to have pretty good knowledge of how servers work,” says Rasmussen.
n
Virtual-server hacking is one downside of the growth of the highly competitive domain-hosting industry, which directs Web traffic over multiple levels and is often thinly staffed and not on the lookout for phishers, according to Rasmussen. “It’s very frustrating for [Web] site owners,” he says. “You have almost no accountability as far as abuse measures go.”
n
The report also says phishing is exploding in China. Of the more than 53,000 targeted domains in the first half, the APWG says some 12,173 were actually registered by phishers with malicious intent, more than double the 5,835 such registrations in 2012’s second half. “The increase is due to a sudden uptick in domain registrations by Chinese phishers,” the report says. While Chinese phishers do look for online prey abroad, they typically target Taobao.com, the Industrial and Commercial Bank of China (ICBC), and certain other Chinese Web sites.