Phishing continues to rise

The phenomenon of phishing attacks, which were the security story of 2004, continues to flourish unchecked while other threats have been stealing the headlines.

According to the Anti-Phishing Working Group (APWG) there are still month-on-month increases in the number of unique attacks. February saw a 2 per cent increase on January with 13,141 unique emails in mass circulation.

Although these figures are down on the boom period of growth in phishing scams which came in mid-2004 the fact the total number shows little sign of decreasing is certainly cause for concern.

Like other threats, part of the problem is the tendency for the scams to evolve faster than awareness and solutions.

Mark Murtagh, technical director EMEA at Websense, told silicon.com: "We saw a real evolution and explosion in phishing in the second half of last year and now there has been a real shift in the way people are targeted."

The APWG reported the number of live phishing websites during February was 2,625. Since last July this has risen at an average of 28 per cent per month.

In their wake these sites ambushed 64 different brands over the course of the month – most commonly high-transaction sites such as eBay, PayPal and major banks. Only six brands accounted for the top 80 per cent of phishing campaigns.

"While the major brands still account for 80 per cent of the phishing attacks it is the other 20 per cent which are the most interesting. We are seeing a shift towards smaller ecommerce companies and regional banks. We're also seeing a real evolution in the way users are targeted."

Murtagh said less action on the part of the recipient and more covert infection are becoming common. Most worrying is the DNS poisoning of an infected PC which enables 'pharming'. Users who have been infected will be caught the next time they try to visit the real target website.

Users may actually type www.eBay.com into their address bar but if they are infected then they may well be directed to a website that looks like eBay, acts like eBay and even says it is eBay. But it isn't eBay.

The most common country hosting phishing websites is the US and the average length of time the sites remain online is just 5.7 days, though the longest was 30 days.