The Anti-Phishing Working Group, a pan-industry association aimed at eliminating identity theft and fraud through phishing, pharming, and email spoofing, is reporting November 2005 marked a new high in email fraud attacks (PDF), with the organization identifying nearly 17,000 unique phishing attempts and over 4,600 unique phishing sites active during the month. The number of unique phishing attacks was nearly double those identified during November 2004 and marks an all-time high.
Phishing attacks are attempts to steal sensitive or personally identifying information like credit card numbers, passwords, account numbers, and more, usually through a combination of social engineering and technical trickery. A typical phishing scheme will employ a “spoofed” email which appears to be from a bank, reputable company, or other institution requesting users verify or update their account information. Of course, the message is fake, and either transmits any collected information to a site controlled by the scammers, or (in a so-called pharming attack) directs users to a Web site which looks like the real institution, but is operated by the scammers solely to collect sensitive information. Once collected, these details are used to obtain unauthorized access to accounts or services, or sold to criminals for that purpose. Scammers also use Trojan horse programs and spyware to obtain sensitive information directly by scanning a user’s files and/or monitoring their keyboard activity.
The Anti-Phishing Working Group found that the number of brand names exploited in phishing attacks increased from 64 to 93 during the last year, and now more regularly includes names like Google, Apple, PayPal, and eBay in addition to large financial institutions and credit card companies.
Contrary to some popular belief, the AFWG found during November 2005 that nearly one third of active phishing sites were hosted within the United States with South Korea and China accounting for 11.3 and 8.04 percent respectively. Phishing sites remained online for an average of five and a half days, although some remained online and running for the entire month.
The APWG also found 165 unique password-stealing applications were active during November 2005, and more than 1,000 sites knowingly (or unwittingly) hosted password-stealing trojan horses. Phishing methods are also becoming more sophisticated, including programs which rewrite a computers DNS server information to route specific requests through rogue DNS servers operated by the scammers.