Phishing Activity Trends Report October, 2004

Similar documents
Phishing Activity Trends Report January, 2005

Phishing Activity Trends Report November, 2004

Phishing Activity Trends Report March, 2005

Phishing Activity Trends Report August, 2006

Phishing Activity Trends Report August, 2005

Phishing Activity Trends

Phishing Activity Trends

Anti-Phishing Working Group

Phishing Activity Trends

Phishing Activity Trends

Phishing Activity Trends Report. 3 rd Quarter Committed to Wiping Out Internet Scams and Fraud

Phishing Activity Trends Report. 4 th Quarter Committed to Wiping Out Internet Scams and Fraud

Phishing Activity Trends Report. 4 th Quarter Unifying the. Global Response To Cybercrime. October December 2012

The Rise of Phishing. Dave Brunswick Tumbleweed Communications Anti-Phishing Working Group

Korea Phishing Activity Trends Report

Phishing Activity Trends Report. 3 rd Quarter Unifying the. Global Response To Cybercrime. July September 2012

Security & Phishing

Phishing Read Behind The Lines

4 th Quarter Phishing Activity Trends Report. Unifying the Global Response To Cybercrime. Activity October December 2017.

August 2009 Report #22

Bank of america report phishing

CE Advanced Network Security Phishing I

RSA FRAUDACTION ANTI-PHISHING SERVICE: BENEFITS OF A COMPREHENSIVE MITIGATION STRATEGY

Internet Security Threat Report Volume XIII. Patrick Martin Senior Product Manager Symantec Security Response October, 2008

October 2009 Report #24

The Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015

Caribbean Cyber Security: Not Only Government s Responsibility

2014 INTERNET COMMERCE CASE STUDY. The Battle Against Phishing and Fraudulent s. 100 S. Ellsworth Ave 4th Floor San Mateo, CA

Professional Training Course - Cybercrime Investigation Body of Knowledge -

The Credential Phishing Handbook. Why It Still Works and 4 Steps to Prevent It

New Zealand National Cyber Security Centre Incident Summary

The State of Spam A Monthly Report June Generated by Symantec Messaging and Web Security

ITU Regional Cybersecurity Forum for Asia-Pacific

FAQ. Usually appear to be sent from official address

Evolution of Spear Phishing. White Paper

Spam Evolution Report: October 2009

December 2009 Report #26

Webroot Phishing Threat Trends

Spring Brandjacking Index

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

Anti-Phishing Working Group

Issues in Using DNS Whois Data for Phishing Site Take Down

June 2009 Report #30

Custom Plugin A Solution to Phishing and Pharming Attacks

GLOBAL MOBILE PAYMENT METHODS: FIRST HALF 2016

Question 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1:

Second International Barometer of Security in SMBs

2015 VORMETRIC INSIDER THREAT REPORT

Panda Security 2010 Page 1

EMPLOYEE SKILLS TRAINING PLATFORM. On-access skills training and measurement for all employees

Promoting Global Cybersecurity

Identity Theft, Phishing and Pharming: Accountability & Responsibilities. OWASP AppSec DC October The OWASP Foundation

3.5 SECURITY. How can you reduce the risk of getting a virus?

ELECTRONIC BANKING & ONLINE AUTHENTICATION

The State of Spam A Monthly Report August Generated by Symantec Messaging and Web Security

JPCERT/CC Incident Handling Report [October 1, 2015 December 31, 2015]

Webomania Solutions Pvt. Ltd. 2017

Botnets: major players in the shadows. Author Sébastien GOUTAL Chief Science Officer

Why you MUST protect your customer data

Governance Ideas Exchange

Thanks for attending this session on April 6 th, 2016 If you have any question, please contact Jim at

The Challenge of Spam An Internet Society Public Policy Briefing

Assessing the Gap: Measure the Impact of Phishing on an Organization

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

Comptia RC CompTIA Security+ Recertification Exam. For More Information Visit link below: Version = Product

Chain 365 Cyber Threat Intelligence Enterprise & Cyber Security. August 2017

Cyber Insurance: What is your bank doing to manage risk? presented by

NOT PROTECTIVELY MARKED PHISHING. July 2016

Prolexic Attack Report Q4 2011

Symantec Intelligence Quarterly: Best Practices and Methodologies October - December, 2009

Global Security Consulting Services, compliancy and risk asessment services

A Forensic Accountant in Cyber Security

Best Practices Guide to Electronic Banking

JPCERT/CC Incident Handling Report [January 1, March 31, 2018]

DMARC Continuing to enable trust between brand owners and receivers

McAfee Labs Threat Report

Updates on Sharing Threat Data, Security Awareness and Policy Efforts to Fight Cybercrime

Is the world ready for mobile payments?

REPORT. proofpoint.com

A STUDY OF TWO-FACTOR AUTHENTICATION AGAINST ON-LINE IDENTITY THEFT

Protecting Against Online Fraud. F5 EMEA Webinar August 2014

An overview of the CERT/CC and CSIRT Community

November 2009 Report #35

Site Data Protection (SDP) Program Update

How technology changed fraud investigations. Jean-François Legault Senior Manager Analytic & Forensic Technology June 13, 2011

CompTIA Security Research Study Trends and Observations on Organizational Security. Carol Balkcom, Product Manager, Security+

DoD Spear-Phishing Awareness Training. Joint Task Force - Global Network Operations

Preparing for a Breach October 14, 2016

How Enterprise Tackles Phishing. Nelson Yuen Technology Manager, Cybersecurity Microsoft Hong Kong

July 2009 Report #31

Automated Context and Incident Response

Conducted by Vanson Bourne Research

The Highly Insidious Extreme Phishing Attacks

CSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague

Will you be PCI DSS Compliant by September 2010?

Evolution of a Phish That Got Through the Net[work]

FSOR. Cyber security in the financial sector VISION 2020 FINANCIAL SECTOR FORUM FOR OPERATIONAL RESILIENCE

SECURITY & PRIVACY DOCUMENTATION

SYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet

2018 GLOBAL CHANNEL PARTNER SURVEY THYCOTIC CHANNEL PARTNER SURVEY REPORT

Transcription:

Phishing Activity Trends Report October, 2004 Phishing is a form of online identity theft that uses spoofed emails designed to lure recipients to fraudulent websites which attempt to trick them into divulging personal financial data such as credit card numbers, account usernames and passwords, social security numbers, etc. By hijacking the trusted brands of well-known banks, online retailers and credit card companies, data suggests that phishers are able to convince up to 5% of recipients to respond to them. As a result of these scams, an increasing number of consumers are suffering credit card fraud, identity theft, and financial loss. The Phishing Activity Trends Report analyzes phishing attacks reported to the (APWG) via the organization s website at http://www.antiphishing.org or email submission to reportphishing@antiphishing.org. The APWG phishing attack repository is the Internet s most comprehensive archive of email fraud and phishing activity. Highlights Number of active phishing sites reported in October: 1142 Average monthly growth rate in phishing sites July through October: 25% Number of brands hijacked by phishing campaigns in October: 44 Number of brands comprising the top 80% of phishing campaigns in October: 6 Country hosting the most phishing websites in October: United States Contain some form of target name in URL 20.1 % No hostname just IP address 63 % Percentage of sites not using port 80 12.2 % Average time online for site 6.4 days Longest time online for site 31 days The Phishing Attack Trends Report is published monthly by the, an industry association focused on eliminating the identity theft and fraud that result from the growing problem of phishing and email spoofing. For further information, please contact Ronnie Manning at rmanning@websense.com or 858.320.9274. Analysis and data for the Phishing Attack Trends Report has been donated by the following companies:

APWG Analysis Update With this report for October 2004, we are introducing a new methodology which provides a measurement of phishing activity based on the number of fraudulent baiting websites extracted from phishing email messages, in lieu of counting the email messages themselves as presented in previous reports. Analysis of the email messages shows that a single baiting site may appear as the link in several hundred email messages with different formats and visual designs, potentially hijacking as many as six separate brands. The APWG considers this a single coordinated attack and a more accurate measurement of criminal phishing activity. In order to illustrate trends, this report analyzes activity from July 1 through October 31, 2004 using this new methodology. In an additional departure from previous reports, the individual brands being hijacked are also not specifically identified. Instead, the brands are summarized by industry and more focus is placed on the baiting websites themselves. Email Phishing Attack Trends In October, there were 6,597 new, unique phishing email messages reported to the APWG. This was over three times the number of unique reports received in August (2,158) and represents an average monthly growth rate of 36% since July (2,625). An analysis of the reported email messages reveals a similar trend in the number of unique baiting sites disguised within the messages. In October, there were 1,142 unique sites reported, corresponding to an increase of more than two times over September (543) and a month-to-month growth rate of 25% since July (584). A wide variety of disguising techniques used by baiting sites are currently in use, above and beyond recentl attacks on browser vulnerabilities which have since been closed, including embedded images with nested MAPs, embedded forms with CSS-styled buttons disguised as links, and exploitation of marketing partner redirect features in the websites of the hijacked brands themselves. What Brands Are Being Hijacked By Email Phishing Attacks? Number of Reported Brands While nearly every measure of reported phishing activity is on the rise, one metric has remained virtually constant over the past several months: the number of reported hijacked brands. While the number of hijacked brands has ranged from 42 in July to 46 in August, there is a wide variation in the specific brands targeted in each specific month. Over the four month period, a total of 74 different brands have been targeted, and a total of 117 brands have been reportedly been hijacked since the APWG began examingphishing trends and reporting their findings in November of 2003.

Brand Concentration The figures below illustrate the concentration of phishing activity as reported against hijacked brands. The number of reported brands comprising the top 80% of all phishing activity is on the rise slightly, ranging from four in July, to six in October. While there is still a fairly high concentration of activity involving a few well-known brands, the specific high-profile brands shift from month to month and consumers should not decrease their level of awareness based on the firms with which they specifically conduct business online. Most-Targeted Industry Sectors The most targeted industry sector for phishing attacks continues to be Financial Services, from the perspective of total number of unique baiting sites as well as number of companies targeted. This sector averaged 73% of all hijacked brands in October. The ISP sector now has a solid hold on second place with 14% in October, and the Retail and Miscellaneous sectors accounting for the remaining brands.

Web Phishing Attack Trends Countries Hosting Phishing Sites The United States is once again the leader in the number of hosted phishing sites, however, it appears to be on the decline with 29% of the total the number of sites hosted in the US decreasing during October. China, Korea, and Russia are next on the list with 16%, 9%, and 8% respectively of the total sites hosted. As reported above, the number of sites that are being hosted on what appear to be compromised broadband PC s has risen to more than 50%. Phishing Sites Hosting Countries Australia Other N/A USA Canada.U.K Brazil Germany Japan Russia Korea.China/Taiwan/H K Large Increases in October Starting on the afternoon of October 5, 2004, we started seeing a massive increase in the amount of phishing sites. Evidence indicated that the phishing exploits were not targeting one particular brand, but several targeted simultaneously. The one common theme of these phishing sites is that nearly all are being hosted on IP addresses and mostly outside of the US. It appears as though some sort of toolkit is available and/or a set of tools that are being used to produce similar exploits. The sudden large spike may, however, indicatethat some automation may be involved. We also received some feedback from a post on the incidents mailing list from individuals who have witnessed large volumes of spam increases since October 5th. We are also seeing multiple brands being spoofed from the same machine over a few days. For example a site will be an Ebay spoof one day, and then Paypal, then Citbank, etc..the content of the attacks is quite varied. There are several versions of content that move from site to site. The sites below have little commonality on the webserver. It appears that the "SHS" web server is popular for victimizingmachines with Trojan horse attacks, however, there appears to be a full range of Apache versions and IIS.

Phishing Research Contributors Tumbleweed Message Protection Lab The mission of the Tumbleweed Message Protection Lab is to analyze current and emerging enterprise email threats, and design new email protection technologies. Lead investigator: John Thielens, johnt(at)tumbleweed.com Websense Security Labs Websense Security Labs mission is to discover, investigate, and report on advanced Internet threats to protect employee computing environments. Lead investigator: Dan Hubbard, dhubbard(at)websense.com About the The (APWG) is an industry association focused on eliminating the identity theft and fraud that result from the growing problem of phishing and email spoofing. The organization provides a forum to discuss phishing issues, define the scope of the phishing problem in terms of hard and soft costs, and share information and best practices for eliminating the problem. Where appropriate, the APWG will also look to share this information with law enforcement. Membership is open to qualified financial institutions, online retailers, ISPs, the law enforcement community, and solutions providers. There are currently over 500 member organizations participating in the APWG. Note that because phishing attacks and email fraud are sensitive subjects for many organizations that do business online, the APWG has a policy of maintaining the confidentiality of member organizations. The Web site of the is http://www.antiphishing.org. It serves as a public and industry resource for information about the problem of phishing and email fraud, including identification and promotion of pragmatic technical solutions that can provide immediate protection and benefits against phishing attacks. The analysis, forensics, and archival of phishing attacks to the Web site are currently powered by Tumbleweed Communications' Message Protection Lab. The APWG was founded by Tumbleweed Communications and a number of member banks, financial services institutions, and e-commerce providers. It held its first meeting in November 2003 in San Francisco and was incorporated in June, 2004 as a non-profit association operated by its executives and steering committee.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback