Automated phishing on the rise, experts say

Botnets and better tools are the reason for an increase in phishing scams according to the Anti-Phishing Working Group

Fraudsters are achieving higher levels of automation for phishing scams, using software tools and botnets to increase the reach of their work, research has found.

Security experts from the Anti-Phishing Working Group (APWG) have witnessed massive increases in the number of phishing Web sites, which they say suggests that scammers are improving their techniques.

"It was almost like the phishers had a holiday in August and September then came back harder in October," said Dave Brunswick, technical director of Tumbleweed and member of the APWG. "We had speculated this had levelled off, but this has showed us that it's not the case. We're still seeing a similar concentration on the banks being attacked."

Most of the Web sites targeted were outside of the US, the group said. It found that the number of sites being hosted on broadband computers had risen to more than 50 percent. Brunswick said the researchers had also found an increase in blended attacks.

"One concerning thing we've seen lately is some of the Trojans that are specifically attacking the banks. There is a blurring of edges between Trojans, viruses and phishing [scams]. I think we're seeing more sophistication in terms of what we predicted."

The group also found that 1,142 active phishing sites were reported in October, and that between July and October, the number of phishing sites grew by a monthly growth rate of 25 percent. Fraudsters hijacked 44 brands in that month and six of those comprised the top 80 percent of phishing campaigns. The group also found one Web site that functioned for 31 days, but it added that 6.4 days was the average time a site stayed active.

The APWG's members include representatives from law enforcement, banks, ISPs and a range of security companies. The group has more than 930 members worldwide from 590 companies.