Digital Transactions Authoritative, insightful and timely information for payments professionals
In the battle against the online fraud known as phishing, March brought a mix of good news and bad, with dramatic drops in malicious software offset by a steep rise in targeted brands, according to the latest report from an organization that tracks the fraud. Separately, the U.S. Commerce Department reported on Wednesday that seasonally adjusted e-commerce sales totaled $31.5 billion in the first quarter, up 18.4% from the year-ago period. E-commerce now accounts for 3.2% of all retailing, the report says. According to the report released this week by the Anti-Phishing Working Group, a consortium of software companies, payments networks, and law-enforcement agencies, the sheer number of unique phishing attacks crept up 5% in March from February, to 24,853. But even this result pales in comparison to the record high posted in January, when attacks nearly reached 30,000. At the same time, the population of sites hosting malicious code used to sniff out passwords, which had reached a record 3,121 in February, fell by more than half, to 1,486, the lowest number seen in more than a year. The number of unique applications of this code also fell, to 260 from 289 in February and 345 in March. According to the APWG, the number of hosting sites rose to 20,871, but still remains well below the levels seen last fall. While this trend seems encouraging, the group cautions that it's due to a “tactical change” by a group of fraudsters who late last year began using multiple URLs tied to the same domain name in an effort to thwart anti-phishing filters. Indeed, the APWG points out that the number of brands targeted by phishing fraudsters soared in March, to 166, the second-highest monthly total the group has recorded. “APWG researchers continue to record elevated numbers of brands subject to phishing attacks, indicating the lower number of phishing URLs does not mean that the phishing problem is diminishing” the group says in its report. Phishing–a crime in which online consumers are duped into giving up PINs, passwords, account numbers, and other information at bogus Web sites tricked out to look like those of real banks and e-commerce companies–is watched closely because it is seen as a serious threat to consumers' confidence in the online channel.
