Report: Phish Jump

The number of phishing sites grew dramatically from September to October, as phishers got savvier

As if you didn't already know that phishing is growing, the Anti-Phishing Working Group's latest numbers hammer it home even harder, showing a 50 percent increase in phishing sites from September to October.

The APWG's latest report shows 37,444 unique phishing sites were detected in October, versus 24,565 in September. The APWG attributed much of this jump to phishing campaigns using URLs with multiple subdomains in an attempt to evade spam filters and antiphishing filters in browsers, which use blacklists of known phishing sites.

"A lot of this is due to the tactics they are using to thwart some of the toolbars out there," says Dan Hubbard, research fellow with the APWG and vice president of security research for Websense, who adds that the majority of phishing attacks are originating from one large group, known as the Rockphish Group. "They come out with unique URLs -- a URL for every single person who clicks on, and that makes the numbers fairly large."

Hubbard says phishers are getting more sophisticated and organized, sharing data on where to host, and where to register their sites.

The jump in the number of phishing sites shocked some researchers. "Either the APWG has gotten phenomenally better at detecting phishing sites before they're taken down, or the phishing groups have gotten much more efficient at compromising Websites," says Tod Beardsley, lead counter-fraud engineer at TippingPoint.

PhishTank recently released its November phishing numbers with some 18,130 suspected phishing scams. And a new McAfee European cybercrime trends report says 17,000 incidents of phishing are reported each month, and 90 percent of people don't know a well-formed phish when they see one.

Another significant increase cited in the APWG report was in the number of brands attacked -- October saw 176 attacks, up 14 percent from the previous high of 154 in July. "This steady growth has been going on for awhile," says Hubbard. "Some of the techniques have gotten better, so it's easier to do this and go after massive amounts of brands," he says. "They often use the same servers to host multiple banks' [phishing sites]."

Hubbard says phishers are using automated processes to infect Web servers, some of which are infected multiple times, he says. "They find vulnerabilities in commonly known hosting facilities like blogs and personal pages, and write automated scripts to create accounts and to upload their malcode."

TippingPoint's Beardsley says the jump in phishing sites shows how blacklisting alone just doesn't cut it anymore. "Anti-phishing blacklists, which now ship by default with Internet Explorer 7 and Firefox 2.0, simply don't update fast enough to catch 'known' phishing sites in time to stem the victim stream," he says. "So while the browser folks should absolutely keep up on their blacklists, I don't think it's realistic for anyone to rely on them entirely as a protection mechanism, and these numbers prove that out."

Beardsley says users should always be on guard and aware of the potential for fake email, and Website operators should do a better job at locking down their Web apps so they don't become "hosting platforms for phishing groups."

— Kelly Jackson Higgins, Senior Editor, Dark Reading

Read more about:


About the Author(s)

Kelly Jackson Higgins, Editor-in-Chief, Dark Reading

Kelly Jackson Higgins is the Editor-in-Chief of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties. Jackson Higgins was recently selected as one of the Top 10 Cybersecurity Journalists in the US, and named as one of Folio's 2019 Top Women in Media. She began her career as a sports writer in the Washington, DC metropolitan area, and earned her BA at William & Mary. Follow her on Twitter @kjhiggins.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights