Automated phishing on the rise

Fraudsters are achieving higher levels of automation for phishing scams, using software tools and botnets to increase the reach of their work, according to the Anti-Phishing Working Group.

Security experts from the APWG have witnessed massive increases in the number of phishing Web sites, which they say suggests scammers are improving their techniques.

"It was almost like the phishers had a holiday in August and September then came back harder in October," said Dave Brunswick, technical director of Tumbleweed and a member of the APWG. "We had speculated this had levelled off, but this has showed us that it's not the case. We're still seeing a similar concentration on the banks being attacked."

Most of the Web sites targeted were outside of the United States, the group said. The APWG found that the number of sites being hosted on broadband computers had risen to more than 50 percent. Brunswick said researchers also found an increase in blended attacks.

"One concerning thing we've seen lately is some of the Trojans that are specifically attacking the banks," he said. "There is a blurring of edges between Trojans, viruses and phishing (scams). I think we're seeing more sophistication in terms of what we predicted."

The group also found that 1,142 active phishing sites were reported in October, and that between July and October, the number of phishing sites grew by a monthly rate of 25 percent. Fraudsters hijacked 44 brands in that month, and six of those comprised the top 80 percent of phishing campaigns. The group also found one Web site that functioned for 31 days, but it added that 6.4 days was the average time a site stayed active.

APWG members include representatives from law enforcement, banks, ISPs and a range of security companies. The group has more than 930 members worldwide from 590 companies.

Dan Illett is a reporter for ZDNet UK.