Page 6 - Feb 2014
P. 6
RESEARCH, ANALYSIS & TRENDS
Phishing attacks up, as fraudsters seek
targets of highest return
The APWG updated its database of phishing signatures
recently as well, allowing them to better examine in-
coming email reports from consumers. However, this
revision didn’t notably affect the number of confirmed
phishing sites found, but validate a higher number of
incoming reports than in previous quarters.
During the same period, there was an 8% decline in the
number of brands pursued by phishers, as the number
of brands targeted fell from an all-time high of 441 in
April 2013 to 379 in September 2013.
The Anti-Phishing Working Group (APWG) has been
active for more than a decade now to unify the global
response to electronic crime and the group just pub-
lished its new Q3 2013 Phishing Activity Trends Report
last week. In general, the APWG measures the evolu-
tion, proliferation, and propagation of crimeware by
drawing from the research of their member companies.
‘Phishing’, by the way, is a criminal mechanism employ-
ing both social engineering and technical fraud to steal
consumers’ personal identity data and financial account
credentials. Interestingly, the number of phishing cam- The most targeted industry sectors have been payment
paigns increased by more than 20% in the third quarter and financial services, while gaming has experienced
of 2013, with crimeware attacks evolving and proliferat- the most drastic change, dropping from 5.66% in Q1 to
ing, according to several established APWG metrics. 0.84% in Q3 2013.
The increase is largely attributable to rising numbers of
attacks against money-transfer and retail/e-commerce
websites. In fact, the number of phishing sites actually The United States continued to be the top country host-
jumped almost 30% from 38,110 in June 2013 to 49,480 ing phishing sites during the Q3 of 2013, which is most
the following month, and stayed at the highest rate probably due to the fact that a large percentage of the
through the third quarter. world’s websites and domain names are hosted there.
But let’s take a look at crimeware now, which APWG
defines as “code designed with the intent of collecting
information on the end user in order to steal the user’s
credentials. Unlike most generic keyloggers, phishing-
based keyloggers have tracking components, which
attempt to monitor specific actions – and specific or-
ganizations, such as financial institutions, retailers, and
e-commerce merchants –in order to target specific in-
formation. The most common types of information are
access to financial-based websites, e-commerce and
web-based mail sites.
Malware creation hit a new record high in Q3 2013, as
APWG member PandaLabs revealed. According to
6 Asian eMarketing February 2014 - Security & Privacy Protection
