Record Number of Phishing Sites Seen in July

Cybercriminals created a record number of phishing websites in July and also hijacked a record number of brands to help them do their work, a consortium that monitors online fraud said Monday.

The number of phishing sites—fraudulent websites that try to fool people into handing over sensitive personal information—rose to 14,191 in July, an 18 percent increase over May, the previous all-time high, said the Anti-Phishing Working Group (APWG).

The fraudulent sites mimicked a record 154 brands, up 20 percent over June and 12 percent over the previous high, also recorded in May, APWG said.

The latest figures show that online criminals are diversifying to target smaller financial institutions, ISPs and even government agencies, the group said. However, the financial services industry is still targeted the most, with more than nine out of 10 phishing sites aimed at that sector.

The technical sophistication of phishing attacks is also increasing. APWG said that 1,850 phishing sites attempted to download a Trojan horse, a program that conceals itself in another, harmless-looking file but can be used to harvest personal information or download other malicious programs to an infected computer.

APWG also said that one security vendor, Websense, detected special toolkits for sale on Russian websites to construct this kind of attack when a user visits a webpage. They can be fairly cheap, too; prices range from US$20 to $300, APWG said.

Also on the rise are “traffic redirector” Trojans, which force users to certain websites without their consent, APWG said.

Overall, the United States hosts nearly 30 percent of all phishing sites, followed by South Korea at 13 percent and China at 12 percent, APWG figures showed.

-Jeremy Kirk, IDG News Service (London Bureau)

Related Links:

• First Phishing, Now Vishing (CIO)
• How to Foil a Phish
• What is Phishing? (CMO)

Keep checking in at our CSO Security Feed for updated news coverage.