Phishers catch on to the Net's 'long tail'

Online scammers are no longer targeting just the best-known brands, according to a new report.
Written by Matthew Broersma, Contributor

The number of brands exploited by online con artists grew to a record 154 in July, according to a report from the Anti-Phishing Working Group.

The study, released on Monday, showed that the number of brands under attack from phishing was up 20 percent from June and 12 percent from the previous record in May. The APWG findings indicate that scammers are no longer content to exploit only the best-known brands.

The top 80 percent of scams were concentrated on 15 brands, according to the report. However, the number of brands targeted by the remaining 20 percent is a sign that the so-called "long tail" effect is beginning to apply to the world of cybercrime.

"In a year, the number of brands has more than doubled, illustrating that online criminals are simply not settling for the large, popular organizations and financial institutions," Dan Hubbard, vice president of security research at Websense, said in a statement. "The increase in the complexity of attacks goes hand-in-hand with the massive growth in phishing Web sites and the targeted, broad selection of brands that has followed."

Websense, one of the APWG's more than 1,500 corporate members, carried out the research. Only 71 brands were targeted a year ago, according to the APWG.

A phishing scam typically uses a spammed e-mail message that includes a link to a Web site that looks like one belonging to a trusted provider--a bank, for instance. The fraudsters try to trick people who visit that site into handing over sensitive information such as passwords and account details.

Even as phishers widen their nets, they are getting ever more focused on targeting financial services, which grew to 93.5 percent of all targets in July, according to the APWG report.

The report showed a drop in the number of unique reported phishing campaigns from 28,571 to 23,670, but the number of reported phishing sites rose steeply to 14,191, 18 percent higher than the previous peak.

The U.S. topped the list of countries hosting phishing sites, with 29.9 percent, followed by the Republic of Korea with 13.3 percent, China with 12 percent, France with 5.9 percent and Australia with 4.6 percent.

Attacks are getting more sophisticated, the group found, noting that a malicious site is now capable of placing a Trojan horse onto a system without user interaction. The Trojan involved, Web Attacker, is a Russian do-it-yourself toolkit sold for anywhere from US$20 to US$300.

The survey found a large increase in traffic redirectors, and DNS redirectors in particular. These modify a system's DNS settings to direct some or all DNS lookups to a fraudulent DNS server capable of directing users to fraudulent sites when particular addresses are entered.

Security and operating system vendors have begun taking the phishing threat seriously, and a number of antifraud tools are available. These include antiphishing toolbars from Netcraft and Microsoft; Microsoft's technology will be built into Internet Explorer 7 and Windows Vista.

Editorial standards