Digital Transactions Authoritative, insightful and timely information for payments professionals
December was an ominous month for banks, retailers, processors, and other service providers concerned about the safety of the Internet commerce channel. Although the reported number of phishing incidents declined in the last month of last year, that drop masked alarming increases in the number of malicious Web sites launching phishing attacks and spreading malware across the Web, according to the Anti-Phishing Working Group, which tracks phishing trends. The month also saw a sharp rise in the number of commercial brands hijacked by fraudsters to a record high. The APWG, a consortium of software companies, payment networks, and law-enforcement agencies, says in its latest report that the population of unique Web sites engaged in phishing fraud soared fully 55% to 7,197, from 4,630 in November. The previous high in this measure had been 5,259 in August, and the population of phishing sites had actually been on a steady decline until the huge leap in December. Worse, the number of sites spreading trojans, keyloggers, and other such code?which criminals plant on users' computers to swipe passwords, PINs, and other such critical data?nearly doubled in December, to 1,912. As recently as June, this number had been 526. The APWG also reports the number of unique malware applications the group detected mounted to an all-time high of 180, up from 165 in November. Perhaps of greatest concern is the finding that the number of brands spoofed by phishing fraudsters grew to 121, up from 93 in November. “December 2005 showed a disturbing trend of far more brands being spoofed than in any month on record,” the group's report says. “A large number of banks, credit unions, and credit card associations were attacked. We also received complaints of attacks against numerous ISPs, webmail providers, and even P2P networks.” Despite the run-up in Web sites hosting phishing schemes, the number of unique phishing e-mail campaigns dropped nearly 10% in December, to 15,244. In phishing frauds, criminals use e-mails faking well-known brands to gull consumers into visiting bogus Web sites, where they are asked to enter passwords and other sensitive information. In many cases these criminals use malicious code to steal the information they're after or to redirect consumers to the spoofed sites, even when the unsuspecting user thinks he is visiting a genuine site. Payment networks, banks, and online merchants decry the trend as undermining consumer trust in the Internet as a transaction channel.
