BARCELONA, Spain--(BUSINESS WIRE)--A new report released by the Anti-Phishing Working Group (APWG) at their conference here this week reveals that the number of domain names used for phishing reached an all-time high. Many of these were registered by Chinese phishers, who register the domains at registrars in the USA and China.
The Global Phishing Survey: Trends and Domain Name Use in 2H2014 authors also revealed that phishing attacks are being waged across an increasingly broad set of industries. This shows criminals attacking where consumers may least expect it. Targets included a manufacturer of industrial supplies that specializes in fasteners, telephone companies and insurance companies, the U.S. toll road collection system E-ZPass, as well as power utilities in Europe.
“In the meantime, the top phishing targets are being hit as heavily as ever,” said Greg Aaron, President of Illumintel Inc. and a co-author of the report. “The top 10 targets accounted for over three quarters of all phishing attacks waged worldwide. The hardest hit targets are sometimes fending off a hundred different phishing attacks each per day.”
The study found that in the second half of 2014, the median uptime of phishing attacks increased to 10 hours 6 minutes -- up from 8 hours and 42 minutes in 1H2014. This means that phishing attacks were not being shut down as efficiently in the critical first hours, when most victims fall prey.
“Phishers are registering more domains names than ever before,” said Rod Rasmussen, CTO of IID and a co-author of the report. “Phishing in the new top-level domains started slowly, and we expect to see phishing levels in them rise as time goes on. As usual we see problems concentrated at certain domain registries, domain registrars, and subdomain registries. This emphasizes the need for providers to be vigilant and clamp down on problems, rather than letting cybercriminals have easy access to the resources they need.”
Surveying the grim assessment of phishing’s expansion among growing numbers of industries, APWG Secretary General Peter Cassidy said, “Our analysts' findings bring home again the unsettling news that no brand is ever safe against cybercrime."
The full report is available at:
About the APWG
The APWG, founded in 2003 as the Anti-Phishing Working Group, is the global industry, law enforcement, and government coalition focused on unifying the global response to electronic crime. Membership is open to qualified financial institutions, online retailers, ISPs and Telcos, the law enforcement community, solutions providers, multi-lateral treaty organizations, research centers, trade associations and government agencies. There are more than 2,000 companies, government agencies and NGOs participating in the APWG worldwide. The APWG's www.apwg.org and education.apwg.org websites offer the public, industry and government agencies practical information about phishing and electronically mediated fraud as well as pointers to pragmatic technical solutions that provide immediate protection. The APWG is co-founder and co-manager of the Stop. Think. Connect. Messaging Convention, the global online safety public awareness collaborative www.stopthinkconnect.org and founder/curator of the eCrime Researchers Summit, the world’s only peer-reviewed conference dedicated specifically to electronic crime studies www.ecrimeresearch.org.