October 14, 2005 3:55 PM PDT

Phishing fight may be paying off

The number of phishing sites on the Web hit a record high in August, but coordinators in the fight against the prevalent Web scams say they have made some progress.

A total of 5,259 phishing sites were spotted in August, up substantially from 4,564 in July, according to the Anti-Phishing Working Group. At the same time, the number of spam e-mail campaigns to lure people to phishing sites decreased for the second month in a row, from 14,135 to 13,776, the APWG said.

The data indicates success in the fight against phishing, according to the APWG. Criminals have to set up more phishing servers for a smaller number of actual phishing campaigns, Peter Cassidy, secretary general of the group, said Friday. "It now takes more resources to mount an attack and to keep the attack under way," he said.

The attacks typically use spam e-mail messages that lure victims to malicious Web sites, where they are duped into disclosing log-ins and usernames for Web sites and other sensitive information such as Social Security numbers. The messages are typically spoofed to look like they come from a bank or other trusted company.

Phishing opponents have increasingly been able to take down such sites quicker. The number of days a phishing site is online dropped to an average of 5.5 days, down from 5.9 days in July, the APWG said. The swifter action is thanks to experience, Cassidy said. "It is much less of a fire drill and more of a routine," he said.

But criminals are not giving up the fight. Phishing scams are becoming more sophisticated. Sites are now being hosted on multiple servers, and redirect schemes let the scammers change sites at will, Cassidy said.

"It will be a back-and-forth of techniques," he said. "Over time, once conventional phishing has been brought under control, they will be pressed into using more sophisticated and automated attack techniques. It is sort of a matter of be careful what you wish for."

An example of more advanced attacks includes the use of malicious software that is installed surreptitiously on computers. This software captures keystrokes or screenshots and sends those to the attacker. In August, 958 phishing Web sites were hosting malicious code, up from 948 in July and 526 in June, according to the APWG.

The United States still leads the world as the host to more phishing sites than any other country, according to the APWG. Financial services companies are the most common phishing target, with 84.5 percent of the scams targeting banks, credit unions or companies in that same industry.

10 comments

Join the conversation!
Add your comment
Bruce Schneier was right.
This problem will dissapear overnight if financial institutions were made 100% responsible for this loss and the identity theft cleanup cost.
Posted by Muddleme (99 comments )
Reply Link Flag
true
Yes, that is true. What is also true, if people get Mozilla Firefox, the problem would disappear also. Mozilla has atleast a couple extentions that detect phishing sites.
Posted by (75 comments )
Link Flag
Bruce Schneier was right.
This problem will dissapear overnight if financial institutions were made 100% responsible for this loss and the identity theft cleanup cost.
Posted by Muddleme (99 comments )
Reply Link Flag
true
Yes, that is true. What is also true, if people get Mozilla Firefox, the problem would disappear also. Mozilla has atleast a couple extentions that detect phishing sites.
Posted by (75 comments )
Link Flag
Interesting Phishing solution
Identity Cues offers major advantages over earlier anti-phishing offerings from usability, security, implementation, and maintenance standpoints. For example, there are no extra steps during the login process, and, even if people do not make a conscious effort to use the anti-phishing/anti-pharming system, the system can still be effective at protecting them. Users don't have to download/install any software, carry any security devices, register for any services, or memorize any extra secrets.
<a class="jive-link-external" href="http://www.greenarmor.com" target="_newWindow">http://www.greenarmor.com</a>
Posted by Shira Steinberg (2 comments )
Reply Link Flag
Interesting Phishing solution
Identity Cues offers major advantages over earlier anti-phishing offerings from usability, security, implementation, and maintenance standpoints. For example, there are no extra steps during the login process, and, even if people do not make a conscious effort to use the anti-phishing/anti-pharming system, the system can still be effective at protecting them. Users don't have to download/install any software, carry any security devices, register for any services, or memorize any extra secrets.
<a class="jive-link-external" href="http://www.greenarmor.com" target="_newWindow">http://www.greenarmor.com</a>
Posted by Shira Steinberg (2 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.