Corporations hounded by phishing campaigns

Individuals are not the only victims of phishing campaigns, as businesses find their brands under attack.
Written by Charlie Osborne, Contributing Writer

Corporate brands are being attacked more widely by phishing campaigns, according to a new report.

The Anti-Phishing Working Group (APWG) has released a new report which suggests that an increasing number of brands and their users have been targeted by phishers, with numbers surging nearly 20 percent between the second half of 2012 and the first half of 2013.

Within the report, Global Phishing Survey: Trends and Domain Name Use (.pdf), the researchers say that phishing campaigns -- where emails are sent to consumers which invoke a scenario to make an individual click on malicious links or submit sensitive information such as account and financial details -- are on the rise, and with it, 720 brands find themselves commonly a target for these scams.

According to the report, brands are attacked several times a week on average, with eighty brands attacked 100 or more times each during the 26-week period. Half of the targets were attacked one to three times during the time specified.

APWG analysts found that PayPal was again the world's most-targeted institution for phishing attacks, accounting for roughly 18 percent (13,498 attacks) of all campaigns, and Chinese shopping site Taobao.com second-most-attacked in the survey period with 9 percent (6,605) of attacks.

In a hunt for new victims, phishers have doubled the amount of malicious domain names used in scams since last year. Of these malicious registrations, the researchers say that Chinese cyberattackers account for 68 percent of new scams.

The report also found that inattentive or indifferent domain name registrars, registries, and subdomain resellers are inadvertently contributing to phishing campaigns by failing to monitor their services effectively.

"A large portion of phishing attacks used domain registration, hosting, and payment processing companies in different countries," said Greg Aaron, President of Illumintel Inc., co-author of the study.

"As a result, everyone ended up losing -- except the phishers. It's a reminder that timely, international cooperation in the private sector is needed in order to combat e-crime."


Image credit: CNET

This post was originally published on Smartplanet.com

Editorial standards