Anti-Phishing Working Group Reports Phishing Attacks Up 42% in January

MENLO PARK, Calif. & CAMBRIDGE, Mass.--(BUSINESS WIRE)--Feb. 24, 2005--

eCrime Infrastructure Emerging; Smaller Banks New Targets

“It could mean the counter-phishing systems that big banks have deployed are effective and the phishers are moving onto softer targets. It could mean the phishers have enough resources to target institutions in which the probabilities of getting a hit on a broad spam-based attack is relatively low.”

APWG Reports Emerging eCrime Infrastructure Boosting Phishing Attacks As The Phishers Targeting Smaller Financial Services Firms

The Anti-Phishing Working Group (APWG) today reported that phishers are commanding ever larger arrays of co-opted Internet infrastructure and using it to take aim apparently at smaller financial institutions.

"Overall, the survey and recent field reports tell us that phishers are using advanced crimeware to commandeer larger arrays of Internet technologies and at the same time using them to attack smaller institutions than have been targeted," said APWG Chairman David Jevans.

Jevans added, "It could mean the counter-phishing systems that big banks have deployed are effective and the phishers are moving onto softer targets. It could mean the phishers have enough resources to target institutions in which the probabilities of getting a hit on a broad spam-based attack is relatively low."

APWG members, analysts and researchers have been reporting over the past year that worms and viruses heretofore used for online intramural vandalism among cracker groups were being retrofitted by phishers to co-opt Internet servers to drive their felonious enterprises.

The fruit of those labors has never been so apparent as in the January APWG report. In January, there were 12,845 new, unique phishing email messages reported to the APWG, an increase of 42% over the unique reports for December. "The number of phishing web sites supporting these attacks rose even more dramatically. In January, there were 2,560 unique sites reported, a jump of 47% over December (1740) - more than double the number reported just three months ago in October (1186)," the APWG reported.

Dan Hubbard, senior director of security and technology research at Websense, Inc. said, "Hackers are continuing to evolve their phishing techniques and we believe money and an advancing internet crime infrastructure is a major driver to these attacks."

Non-port-80 hosted sites amount to almost 10 percent of all phish sites, according to the January statistics. (Port 80 is the most common communications channel for Internet applications; alternative ports are used by phishers to evade filters.) "The rise in non port 80 hosted sites and the number of sites which are hosting phishing attacks continues to lead us to believe that the number of machines that are compromised and are being used to host these attacks is growing," the APWG reported.

Over the past two months, more worrying to the financial sector, has been the proliferation of banking and financial services attack targets. In January, the number of reported hijacked brands rose to 64, including nine brands first reported this month, - eight of them financial institutions," the APWG reported. This comes after December's report in which eight of nine other newly phished brands that month were also held by financial institutions.

"The APWG has been monitoring phishing attacks since late 2003 and the identity of the prime targets varied little for over a year. Since the end of last year, however, it has been apparent that the phishers have been focusing on the financial sector and, within that, their attentions have been directed toward smaller institutions; even a state credit union was attacked, in the last month," said APWG Secretary General Peter Cassidy.

The report is available at: http://antiphishing.org/APWG_Phishing_Activity_Report-January2005.pdf