Thursday , November 21, 2024

Phishing Perks up in March As Fraudsters Target More Brands

After a slowdown in February, the number of Web sites engaged in phishing frauds increased at a faster clip in March, reaching 2,870, according to data released by the Anti-Phishing Working Group, an organization of software firms, payment companies, and law-enforcement agencies that tracks the online fraud. The 6.9% increase in active phishing sites in March was more than double the rate of growth recorded in February (3.2%). At the same time, the number of phishing e-mail messages reported to the APWG grew only 2% in March, to 13,353, though this number is up five-fold from the number reported in July. The number of brands compromised by phishing fraudsters also continues to grow, with credit unions and community banks now being victimized along with major banking names. The group reports that a total of 78 separate brands were hijacked in March, including 12 that were reported for the first time. This is up from 68 hijacked brands in February, and brings to 161 the number of brands compromised by phishing since the APWG began monitoring the fraud in November 2003. Financial institutions continue to preoccupy phishers, accounting for 81% of hijacked brands in March, up slightly from 79% in February. Retailers were less vulnerable last month, accounting for only 1% of brands, down from 6% in February. The U.S. continues to host more phishing sites than any other country, with more than 34% of sites, followed distantly by China, with 12%. All in all, 66 countries hosted phishing sites in March. The average site stays online for 5.8 days, according to the APWG data, with the longest time online coming in at 31 days. In a phishing fraud, criminals send e-mails to consumers hoping to trick them into visiting fake Web sites and entering sensitive data, such as passwords, PINs, and the like. The e-mails are made to appear to come from trusted institutions, and the bogus sites typically ape the slogans and graphics of those institutions. In another variant, malicious code is downloaded to victims' computers when those victims go to the bogus sites. The malware installs a keylogger that picks up PINs and other data as they're entered on legitimate sites and sends them back to the fraudsters.

Check Also

A Senate Panel Sends a Signal: Time to Cut a Deal on Swipe Fees

Members of the Senate Judiciary Committee told representatives of Visa Inc., Mastercard Inc., and the …

Digital Transactions