Phishing detections drop as cyber criminals look to new brand hijacking opportunities

News by Dan Raywood

The amount of brands that are hijacked for phishing use reached a new record in the last quarter of 2009.

The amount of brands that are hijacked for phishing use reached a new record in the last quarter of 2009.

The number of hijacked brands reached a record 356 in October, up nearly 4.4 per cent from the previous record of 341 in August 2009. According to the Anti-Phishing Working Group (APWG) phishing activity trends report, the number of unique phishing reports submitted decreased by 29 per cent from Q3, while a previous high of 46,522 unique phishing websites was down by 18 per cent from Q3.

Financial services was the most targeted sector with 39 per cent of attacks focussing on brands in that area, while payment services accounted for 33 per cent of detections. Auction sites and other areas accounted for 13 per cent each.

APWG chairman Dave Jevans said: “Spear-phishing and whale-phishing, where targeted individuals inside of corporations, or of high net worth, appears to be increasing.

“Phishers and malware attackers are sending emails to individuals in a highly targeted fashion, attempting to gain access to corporate online banking systems, corporate VPN networks, and other online resources. These attacks do not contribute significantly to the overall number of unique phishing emails that are sent, as they are not using broad-based spam. Rather, the attackers customise their email messages to target individual users.”

Mel Morris, CEO at Prevx, said: “One cause for concern which doesn't appear to be highlighted in the APWG report is that people will often use common log-in and password credentials across a wide range of websites, including banks.

“In our experience criminals will use a variety of techniques to acquire information and credentials such as logins, date of birth, mother's maiden name, social security numbers and a home address. Like a simple jigsaw puzzle, once a few pieces of information have been gathered, the picture soon appears and criminals can easily fill in the gaps. In this way criminals can quickly harness a PC user's identity gaining access to online banking and ecommerce or completely taking over their identity, credit cards and bank accounts.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews