Home & Office

Phishers focus on China e-commerce sites

update Banks made up majority of spoofed brands globally but over in China, e-commerce sites were hot property for phishers, finds new Symantec report.
Written by Vivian Yeo, Contributor

update Banks were the most spoofed sites in many countries, but in China, phishers zoomed in on e-commerce brands, according to a new report.

Symantec's latest State of Phishing Report revealed that all of the Chinese brands targeted during the month of May were from the e-commerce sector. This was consistent with the report for April, which also showed Chinese e-commerce sites being targeted for spoofing.

India and Malaysia also made it to Symantec's top 15 entries for targeted brands by country. In both countries, spoofed sites were all from the banking sector.

Sharp rise in phishing toolkits
The security vendor said there were a total of 28,800 phishing URLs in May, an increase of about 15 percent from the last two months. Phishing attacks using IP domains also increased 2 percent--1,237 phishing sites hosted in 77 countries were observed last month.

About 42 percent of phishing URLs were generated by automated toolkits that aided the creation of phishing sites. Such toolkits allow lay persons without the necessary technical know-how, to carry out phishing attacks.

Eric Hoh, Symantec's vice president of Asia South and head of global accounts for Asia-Pacific and Japan, told ZDNet Asia in an e-mail that toolkit activity often fluctuates with command and control server and botnet activity.

"The observed increase in phishing toolkit activity [in the latest report] in all likelihood indicates that some old botnets have been brought back online along with some new ones that are created," he explained. "Thus the trend indicates that the numbers are gradually reaching the pre-McColo shutdown levels as the fraudsters have found new homes to leverage the spam and phishing activities."

Forty-four percent of the phishing sites were hosted in the United States. Germany was in second place accounting for 5 percent, while China was No. 3 with a 4-percent share.

San Diego took the honor of being the top host of phishing sites, followed by two Taiwanese cities--Taipei and Taichung. Symantec noted that phishing sites with IP domains are continuing to originate from more and more new cities every month.

In the report, Symantec said the phishing sites connected with the attacks targeting Facebook in May, were mostly based out of China and Latvia. According to the vendor, the domains hosting the phishing sites comprised country codes as part of what appeared to be haphazardly-generated names.

Editorial standards