Phishing URLs Detected in April Shatter All Previous APWG Records

May 31, 2007; 09:01 AM
The Anti-Phishing Working Group (APWG) announced today that the number of phishing URLs deployed by electronic crime gangs detected by the APWG rose to 55643 in April, up 48 percent from the previous high in October 2006 and more than 166 percent higher than the number encountered in March.

APWG researchers encountered phishers placing thousands of phishing URLs under the same domain, automatically creating pseudo-randomly generated sub-domains (e.g. xxxx.fakedomain.com) or randomly generated directories (e.g. www.fakedomain.com/XXXXX) under a common domain.

Laura Mather, Ph.D., Senior Scientist at MarkMonitor said, "In April the phishers started using the tactic of putting a large numbers of phish URLs on the same domain, similar to what they were doing in late 2006. We have seen cases where the phisher will put thousands of URLs on the same domain. They do this to get around website blocking that Internet Explorer 7.0 and Firefox 2 have deployed to protect consumers from phish sites.”

APWG Chairman Dave Jevans lent his interpretation of these statistics, saying, “The anti-phishing industry has been successful in making great progress in the fight against phishing, with increased efficiency in takedowns, blacklists and authentication. However, the latest statistics confirm that the e-crime underground continues to innovate in their techniques and technologies."

Although the financial services sector accounted for nearly 93 percent of all phishing attacks, April was marked by a diversification of attack sectors by electronic crime gangs, including branded social networking outfits, VoIP companies and numerous large web-based email providers. In the contest between phishers and counter-phishers described in the April APWG report’s statistics, however, was some good news.

For the first time, the time live for phishing sites dipped below four days – to 3.8 days, reducing by more than 5 percent the duration in which consumers are exposed to phish sites that could deceive them into submitting their user credentials.

“When you are dealing with thousands of servers deployed in phishing attacks, reducing the overall time live for phish sites is very meaningful. Slowly, the windows of opportunity that define the phisher’s margin of profit are being closed by better technology and more efficient response protocols and systems,” said APWG Secretary General Peter Cassidy.

About the Anti-Phishing Working Group

The Anti-Phishing Working Group (APWG) is an industry association focused on eliminating the identity theft and fraud that result from the growing problem of phishing, email spoofing and crimeware. Membership is open to qualified financial institutions, online retailers, ISPs, the law enforcement community and solutions providers. There are more than 1,500 companies and government agencies participating in the APWG and more than 2,500 members. The APWG's web site (http://www.antiphishing.org) offers the public and industry information about phishing and email fraud, including identification and promotion of pragmatic technical solutions that provide immediate protection. APWG's corporate sponsors include: 41st Parameter, 8e6 Technologies, AT&T (T), Able NV, ActivCard (ACTI), Adobe (ADBE), AhnLab, Aladdin Knowledge Systems (ALDN), Anakam, Anonymizer, BBN Technologies, BlueStreak, Brandimensions, Bsecure Technologies, Cisco (CSCO), Clear Search, Cloudmark, Comodo, Corillian (CORI), Cydelity, Cyveillance, DigitalEnvoy, DigitalResolve, Earthlink (ELNK), eBay/PayPal (EBAY), Entrust (ENTU), Experian, eEye Digital Security, F-Secure, Grisoft, GeoTrust, GlobalSign, GoDaddy, ING Bank, Iconix, InternetIndentity, Internet Security Systems, IOvation, IS3, Kaspersky Labs, Lenos Software, LightSpeed Systems, MailFrontier, MailShell, MarkMonitor, McAfee (MFE), MasterCard, MessageLevel, Microsoft (MSFT), Mirapoint, MX Logic, NameProtect, National Australia Bank (ASX: NAB) Netcraft, NetStar, PassMark, Panda Software, Phoenix Technologies, Inc. (PTEC), Quova, RSA Security (RSAS), SAIC, SecureBrain, Secure Computing (SCUR), Sigaba, SOPHOS, SquareTrade, SurfControl, Symantec (SYMC), The 41st Parameter, Trek Blue, Trend Micro (TMIC), Tricerion, TriCipher, Tumbleweed Communications (TMWD), SurfControl (SRF.L), Vasco (VDSI), VeriSign (VRSN), Visa, Websense, Inc. (WBSN), WholeSecurity, Yahoo! (YHOO) and ZixCorp.