PayPal Surpassed By Taobao As Most Phished Brand is one of China's largest e-commerce sites

April 27, 2012

2 Min Read


Prague, Czech Republic. – April 26, 2012 – (BUSINESS WIRE) – A new phishing survey released by the Anti-Phishing Working Group (APWG) at their conference here today reveals that in the second half of 2011, China’s became the world’s most frequently phished brand target, exceeding the previously most-victimized brand, PayPal. is one of China's largest e-commerce sites, specializing in business-to-consumer and consumer-to-consumer transactions, similar to eBay and Amazon. For several years, PayPal had been the world’s most frequent phishing target, due to PayPal’s ubiquity and its popularity with consumers. In 2H2011 there were 18,508 phishing attacks against – 22 percent of all the phishing attacks recorded worldwide. There was also drop in attacks against PayPal.

“Attacks by Chinese phishers have exploded, as they take advantage of China’s stream of new Internet users,” said Greg Aaron of Afilias, one of the paper’s co-authors. “But the problem is not limited to China—these phishers use hosting and domain names based in the U.S. and Europe. It’s a reminder that e-crime often requires international solutions. Fortunately there is data-sharing and cooperation happening to combat the problem.”

Globally, for the first time, malicious use of subdomain registration services eclipsed the registration of regular domain names by phishers. There were 17,390 phishing attacks hosted on subdomain services in the second half of 2011, using 16,664 unique subdomains. This was a 38% increase from the 12,574 attacks we recorded in 1H2011.

“This is a clear example of phishers gravitating towards services they can readily abuse,” said Rod Rasmussen, CTO of Internet Identity and the study’s other co-author. “Use of subdomain services is a challenge because only the subdomain providers themselves can effectively mitigate these phish. While many of these services are responsive to complaints, few take proactive measures to keep criminals from abusing their services in the first place.”

Other highlights of the report include:

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights